Overview
- Cisco
- Cisco Unified Communications Manager
Description
Statistics
- 17 Posts
- 4 Interactions
Fediverse
Cisco Unified CM SME flaw CVE-2026-20230 now exploited in attacks https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/
Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks
Source URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/
Researchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel's process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.
Mythos Discovers 'Squidbleed,' a Memory Leak That's Gone Undetected Since Clinton Era
Source URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/
A 29-year-old vulnerability dubbed "Squidbleed" (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic's Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.
FortiBleed-kyberhyökkäyskampanjan vaikutukset näkyvät myös Suomessa
Source URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa
The global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.
Source URL: https://isc.sans.edu/diary/rss/33094
Despite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.
New macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer
Source URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/
A novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows
Source URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows
Dubbed "Cordyceps," a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration
Source URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/
Palo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization's active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.
LastPass Confirms Data Breach in Klue Supply Chain Attack
Source URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
LastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.
Tata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online
Source URL: https://therecord.media/tata-electronics-confirms-cyberattack
Indian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group "World Leaks," who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.
Payouts King Ransomware Initial Access Broker Deploys New Edgecution Malware
Source URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution
Zscaler ThreatLabz isolated a stealthy delivery mechanism dubbed "Edgecution," deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.
AI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns
Source URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/
An international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.
14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI
Source URL: https://www.nippon.com/en/news/yjj2026062301023/
Japanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.
Active Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk
Source URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/
Threat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco's Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.
Bluesky
Overview
- libssh2
- libssh2
Description
Statistics
- 4 Posts
- 55 Interactions
Fediverse
Don't see these that often, malicious server, no auth, no interaction, RCE in ssh.
CVE-2026-55200 — libssh2 pre-auth heap OOB write, server supplied length runs past heap allocation
Because the trigger sits in the transport layer ahead of full server authentication, network-position attacks (DNS hijack, ARP/BGP, a malicious forward proxy) can deliver the packet even where the client pins host keys, assuming the early-KEX reachability holds.
https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc
Bluesky
Overview
Description
Statistics
- 3 Posts
- 5 Interactions
Fediverse
[CVE-2026-50160] Hoppscotch: Unauthenticated JWT Secret Overwrite
https://seclists.org/oss-sec/2026/q2/1007
"The POST /v1/onboarding/config endpoint allows an unauthenticated attacker to inject arbitrary InfraConfig keys including JWT_SECRET and SESSION_SECRET"
Bluesky
Overview
Description
Statistics
- 3 Posts
Fediverse
CRITICAL UniFi OS vulnerabilities (CVE-2026-34908/09/10) allow remote, unauthenticated attackers to bypass auth and execute commands (pre-5.0.8). Exploited in the wild. Patch ASAP: https://radar.offseq.com/threat/critical-ubiquiti-vulnerabilities-in-attackers-cro-da638630474e46d7 #OffSeq #infosec #Ubiquiti #vulnerability
Bluesky
Overview
- Samsung Mobile
- Samsung Mobile Devices
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
La vulnerabilità UAF del kernel KNOX di Samsung espone milioni di dispositivi Galaxy.
La vulnerabilità KNOX di Samsung (CVE-2026-20971) è una UAF del kernel in PROCA/FIVE che può consentire la corruzione [della memoria] tramite una race condition; Samsung l'ha corretta nel gennaio 2026.
https://infosec.exchange/@securityaffairs/116801915008086780
Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks
Source URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/
Researchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel's process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.
Mythos Discovers 'Squidbleed,' a Memory Leak That's Gone Undetected Since Clinton Era
Source URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/
A 29-year-old vulnerability dubbed "Squidbleed" (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic's Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.
FortiBleed-kyberhyökkäyskampanjan vaikutukset näkyvät myös Suomessa
Source URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa
The global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.
Source URL: https://isc.sans.edu/diary/rss/33094
Despite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.
New macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer
Source URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/
A novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows
Source URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows
Dubbed "Cordyceps," a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration
Source URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/
Palo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization's active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.
LastPass Confirms Data Breach in Klue Supply Chain Attack
Source URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
LastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.
Tata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online
Source URL: https://therecord.media/tata-electronics-confirms-cyberattack
Indian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group "World Leaks," who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.
Payouts King Ransomware Initial Access Broker Deploys New Edgecution Malware
Source URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution
Zscaler ThreatLabz isolated a stealthy delivery mechanism dubbed "Edgecution," deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.
AI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns
Source URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/
An international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.
14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI
Source URL: https://www.nippon.com/en/news/yjj2026062301023/
Japanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.
Active Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk
Source URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/
Threat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco's Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.
Overview
Description
Statistics
- 2 Posts
- 3 Interactions
Bluesky
Overview
Description
Statistics
- 3 Posts
- 1 Interaction
Fediverse
A decades-old memory leak vulnerability in Squid Proxy, dubbed Squidbleed (CVE-2026-47729), allows attackers to capture sensitive cleartext HTTP data from shared network environments. Security researchers identified this flaw using AI, and users can secure their systems by applying the official patch or disabling FTP support.
https://www.securityweek.com/decades-old-squid-proxy-flaw-squidbleed-can-expose-user-data/
Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks
Source URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/
Researchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel's process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.
Mythos Discovers 'Squidbleed,' a Memory Leak That's Gone Undetected Since Clinton Era
Source URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/
A 29-year-old vulnerability dubbed "Squidbleed" (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic's Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.
FortiBleed-kyberhyökkäyskampanjan vaikutukset näkyvät myös Suomessa
Source URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa
The global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.
Source URL: https://isc.sans.edu/diary/rss/33094
Despite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.
New macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer
Source URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/
A novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows
Source URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows
Dubbed "Cordyceps," a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration
Source URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/
Palo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization's active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.
LastPass Confirms Data Breach in Klue Supply Chain Attack
Source URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
LastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.
Tata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online
Source URL: https://therecord.media/tata-electronics-confirms-cyberattack
Indian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group "World Leaks," who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.
Payouts King Ransomware Initial Access Broker Deploys New Edgecution Malware
Source URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution
Zscaler ThreatLabz isolated a stealthy delivery mechanism dubbed "Edgecution," deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.
AI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns
Source URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/
An international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.
14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI
Source URL: https://www.nippon.com/en/news/yjj2026062301023/
Japanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.
Active Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk
Source URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/
Threat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco's Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.
Overview
- caddyserver
- caddy
Description
Statistics
- 2 Posts
- 3 Interactions
Fediverse
Overview
- home-assistant
- core
Description
Statistics
- 1 Post
- 9 Interactions
Fediverse
CVE-2026-54317 - Authentication Bypass in Home Assistant. Konnected integration exposes an unauthenticated HTTP endpoint allowing unauthorized write requests. CVSS 7.6. Update to 2026.6.0 immediately. #CVE #HomeAssistant #infosec
Overview
Description
Statistics
- 1 Post
- 16 Interactions
Fediverse
CVE-2026-8932 is the oldest #curl vulnerability reported so far. 25.25 years old. Shipped in releases since curl version 7.7, released on March 22 2001
Still rather benign and it probably hurt about three users, at most.