Cyberattacks Impact LastPass, Multiple Software Vendors, and Global Organizations in June 2026

A cyberattack targeting Klue impacted LastPass and multiple software vendors during the week of June 22, 2026. Malicious updates were distributed for the WordPress plugin ShapedPlugin Pro, though no specific compromise details or CVE identifiers were provided. A Russian-linked operation named FortiBleed exploited vulnerabilities in 430,000 FortiGate firewalls, though the exact flaw was not specified. An authorization flaw exposed unauthorized access to 2026 FIFA World Cup streaming feeds. Additionally, a data breach affected 224,000 members of France’s Police Nationale sports federation, with no further technical or impact details disclosed.