Cybersecurity Newsfeed - 09/06/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 09/06/26
🛡️ Vulnerabilities
CISA Adds Two Known Exploited Vulnerabilities to Catalog: The Cybersecurity and Infrastructure Security Agency added two security flaws to its Known Exploited Vulnerabilities Catalog due to active exploitation. The first, CVE-2026-42271, is a critical command injection vulnerability in BerriAI LiteLLM. The second, CVE-2026-50751, is an improper authentication flaw affecting Check Point Security Gateways. More info
Check Point VPN Flaw Exploited Globally Since Early May: Attackers have been actively exploiting a zero-day vulnerability (CVE-2026-50751) in Check Point VPN security gateways. The flaw allows remote threat actors to bypass authentication controls and gain unauthorized access to internal corporate networks to extract Active Directory data. More info
Critical 7-Zip Vulnerability Exposes Users to Remote Execution: A critical vulnerability has been identified within the 7-Zip open-source archive utility. The security flaw stems from an improper memory handling error during the parsing of specifically crafted archive files, allowing a buffer overflow that can execute arbitrary code. More info
Old WinRAR Flaw Fuels Attacks Targeting Ukrainian Entities: Threat actors are continuously leveraging an older, known vulnerability in the WinRAR archiving utility to target public and private organizations across Ukraine via weaponized ZIP or RAR files in spear-phishing campaigns. More info
Gogs Patches Critical Zero-Day Enabling Remote Code Execution: Open-source Git service Gogs released emergency patches to address a critical zero-day vulnerability that allows unauthenticated remote code execution, which could lead to extensive intellectual property theft and supply chain compromises. More info
Critical UniFi OS Bug Grants Root Access Without Authentication: A critical vulnerability in UniFi OS allows unauthenticated threat actors to obtain full administrative root access to affected network controllers by sending specifically structured network requests, allowing them to manipulate configurations or intercept traffic. More info
🎯 Adversaries
WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO: WhatsApp announced it blocked a targeted spyware campaign leveraging the Pegasus platform. WhatsApp is now petitioning a US federal court to recognize this activity as a direct violation of an existing permanent injunction issued against NSO Group. More info
NFCShare Android Malware Spreads via Fake Banking Updates: A newly discovered Android malware strain named NFCShare is propagating through fraudulent banking application updates hosted on GitHub. Once installed, it targets financial data and intercepts near-field communication signals to capture credentials. More info
Silent Ransom Group Targets US Law Firms in Extortion Attacks: Financially motivated threat cluster UNC3753 (associated with the Silent Ransom group) is executing data-theft extortion campaigns against US law, professional, and financial services firms using invoice-themed phishing combined with IT support vishing calls. More info
New Shai Hulud Attack Trojanizes Science-Focused PyPI Packages: Security researchers uncovered a malicious campaign dubbed Shai Hulud that uploaded nineteen trojanized packages to the Python Package Index repository, specifically targeting developers in scientific and data-science fields. More info
Op FlutterBridge Fake Google Ads Spread macOS Backdoor: A malicious campaign named Operation FlutterBridge is utilizing fraudulent Google Advertisements to distribute a sophisticated backdoor targeting macOS environments inside corporate settings. More info
Hackers Clone Ghidra and dnSpy Sites to Spread Malware: Threat actors are deploying cloned websites mimicking legitimate reverse-engineering tools Ghidra and dnSpy to infect cybersecurity researchers and developers with information-stealing binaries. More info
Pirated PC Games Delivering Password-Stealing Malware: A widespread malware campaign is utilizing pirated PC game downloads on popular torrent networks to distribute information-stealing payloads that harvest browser credentials, session cookies, and cryptocurrency private keys. More info
VerdantBamboo Deploys BSD Variant of Advanced Malware: Advanced persistent threat actor VerdantBamboo has expanded its toolkit by deploying a specialized variant of its custom malware compiled specifically for BSD operating systems, targeting assets like corporate firewalls and core routing switches. More info
UNC3753 Combines Vishing and Physical Social Engineering: The threat group UNC3753 is utilizing an aggressive multi-stage social engineering framework involving voice phishing (vishing) and physical facility infiltration to plant malicious USB hardware directly into endpoint devices. More info
📈 Trends
- Microsoft Teams Phishing Campaigns Bypass Traditional Email Filters: Threat actors are aggressively shifting toward Microsoft Teams as a primary vector for highly targeted phishing operations, bypassing standard secure email gateways by using compromised external tenant accounts. More info
💥 Breaches & Leaks
- SoFi Confirms Third-Party Data Breach at Hong Kong Subsidiary: Fintech firm SoFi confirmed a data breach affecting its Hong Kong subsidiary, SoFi Securities Limited, stemming from unauthorized access to a third-party vendor’s database detected on April 30, 2026. More info
📚 Others
New Apple Feature Automatically Changes Compromised Passwords: Apple introduced a native security feature within its ecosystem that automatically changes user passwords on supported websites when they are detected in known credential leaks or data breaches. More info
VS Code Adds 2-Hour Extension Auto-Update Gate to Counter Malware: Microsoft updated Visual Studio Code with a mandatory two-hour delay gate on automatic extension updates to disrupt rapid marketplace supply-chain attacks and allow scanners time to catch anomalies. More info