P293TECH TEXT NEWS
:
[SECURITY]

TOSHIBA, MUJI SITES HIT BY FAKE LOGIN PROMPTS

INDUSTRY DESK1 MIN READ
SUN, JUN 7, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Toshiba and Muji have alerted users to suspicious sign-in screens appearing on their websites designed to steal login credentials. The fake prompts exploit a compromised polyfill library.

Both companies discovered unauthorized login forms being injected into their sites, likely through a compromised JavaScript polyfill dependency. Visitors were presented with legitimate-looking authentication screens that captured usernames and passwords. Polyfills are code libraries that provide functionality for older browsers. When compromised at the source level, they can inject malicious content across thousands of websites simultaneously, making them attractive targets for attackers. Toshiba and Muji have since issued warnings advising users to reset passwords if they entered credentials while seeing these prompts. The companies are working to identify and remove the malicious code. This incident highlights the risks of third-party dependencies in web development. A single compromised library can expose multiple major retailers and their customers to credential theft. Security experts recommend auditing all external scripts and implementing Content Security Policy headers to limit injection attacks.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

P292POPULAR SPEAKER VULNERABLE TO WIRELESS HACKING ATTACKS

The Sound Blaster Katana V2X speaker can be compromised over the air to infect other connected devices, according to security researchers. The manufacturer has declined to classify the issue as a vulnerability.

JUST NOWAI Desk
P284RUBRIK CEO WARNS AI AGENTS POSE 100X SECURITY RISK

Rubrik CEO Bipul Sinha highlighted how AI is reshaping cybersecurity while cautioning that AI agents introduce significantly greater threats than traditional attack vectors.

2H AGOAI Desk
P281CISA WARNS OF ACTIVE SOLARWINDS SERV-U EXPLOIT

The Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are actively exploiting a high-severity flaw in SolarWinds Serv-U to crash servers. The vulnerability was recently patched, but exploitation is already underway.

2H AGOSecurity Desk
P280CHINESE APT DEPLOYS NEW MALWARE TO MAINTAIN NETWORK ACCESS

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor alongside two previously undocumented malware variants named Plenet and AgentPSD.

2H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.

◄ BACK TO NEWS