Cybersecurity Newsfeed - 19/06/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 19/06/26
🛡️ Vulnerabilities
NGINX Open Source Remote Code Execution (CVE-2026-42530): F5 issued emergency out-of-band updates addressing a critical use-after-free condition inside the HTTP/3 QUIC module (
ngx_http_v3_module). Unauthenticated remote attackers can send a crafted QPACK encoder stream request to execute arbitrary code or crash the service. More infoSplunk Enterprise Missing Authentication (CVE-2026-20253): CISA added a critical missing authentication flaw in Splunk Enterprise to its Known Exploited Vulnerabilities (KEV) catalog. The defect allows unauthenticated remote attackers to manipulate internal PostgreSQL sidecar service endpoints, leading to arbitrary file operations and full remote code execution. More info
Cisco Identity Services Engine Privilege Escalation (CVE-2026-20181): Cisco patched a critical command execution flaw caused by insufficient input validation in its ISE and ISE Passive Identity Connector. Authenticated administrators can exploit this to send malicious HTTP requests, escalating privileges to full root authority. More info
Apple Beats Studio Buds Eavesdropping Flaw: Apple resolved a significant Bluetooth logic vulnerability enabling proximate attackers to spoof previously paired source devices. This authentication weakness allows unauthorized connections that can force microphone streaming and covert audio manipulation. More info
🎯 Adversaries
Gentlemen Ransomware deploys EDR Killers: Run by threat group Storm-2697, this Go-based RaaS platform has integrated specialized Bring Your Own Vulnerable Driver (BYOVD) tactics using drivers like
ThrottleBlood.sys. It disables event logs, security agents, and backups before executing hybrid XChaCha20 and Curve25519 encryption across Windows, Linux, and ESXi. More infoOperation Endgame Dismantles Evil Corp Infrastructure: Coordinated international law enforcement agencies seized 106 servers and cleaned roughly 15,000 infected websites linked to the SocGholish (FakeUpdates) botnet. The malware traditionally serves as an initial access vector sold to ransomware affiliates. More info
Operation Escaneo Targets Latin America: Attributed to the Spanish-nexus group MexicanMafia, this campaign targets critical infrastructure and government bodies in Mexico and Ecuador using a proprietary reconnaissance engine called Kimera and edge-device exploits to maintain deep, long-dwell network access. More info
Tor-Based Clipper Exploits USB Worm Propagation: Microsoft Threat Intelligence tracked a stealthy clipper variant spreading via malicious shortcut files on removable USB storage. The malware hides real documents, uses Windows Script Host to launch a bundled Tor client, and intercepts system clipboards to hijack crypto transaction paths. More info
USB Worm Weaponizes Windows Shortcuts for Botnet Expansion: Emerging crypto clipper campaigns deploy dual-component payloads consisting of an obfuscated worm executable and a JavaScript stealer. Running clipboards are checked every 500 milliseconds to exfiltrate seed phrases and replace target addresses. More info
Rokarolla Banking Trojan Broadens Scope: The emerging Rokarolla banking trojan expanded its credential harvesting framework to monitor over 200 financial, corporate, and cryptocurrency applications by hooking directly into running browser processes via malicious search ads. More info
💥 Breaches & Leaks
Nintendo Employee Data Stolen via Subsidiary Breach: Nintendo of North America confirmed internal employee satisfaction data was exposed after the ShadowByte$ group breached TinyPulse, a feedback platform owned by WebMD Health Services. The attackers have issued a two-million-dollar extortion demand. More info
Salesforce Data-Harvesting Exploits Third-Party Integration: Automated attacks targeted corporate Salesforce deployments by exploiting a legacy testing credential on market intelligence platform Klue. Attackers hijacked active OAuth refresh tokens to execute rapid REST API queries and exfiltrate customer databases. More info
Icarus Campaign Tied to Klue Backend Intrusions: Further investigation reveals the Klue API breach is part of a wider extortion framework tracked as Icarus. Multiple corporate victims, including security firm Huntress, received extortion notices threatening the public release of data stolen via intercepted trust tokens. More info
ShapedPlugin Build Pipeline Poisoned (CVE-2026-10735): A supply chain compromise impacted ShapedPlugin’s Easy Digital Downloads update infrastructure, injecting multi-stage backdoors into premium packages. The malware harvests admin passwords and 2FA TOTP seeds by intercepting authentication logic. More info
📈 Trends & Scams
2026 World Cup Public Anticipation Exploited: Kaspersky researchers warned of a massive spike in social engineering operations using fake ticket lotteries, merchandise storefronts, and urgent messaging to harvest financial data ahead of the tournament. More info
Retro Gaming Enthusiasts Targeted on GitHub: Trojanized open-source repositories posing as emulation utilities and classic game modifications are delivering information stealers designed to disable antivirus solutions and harvest local credentials, session cookies, and crypto wallets. More info
Claude AI Shared Chat Features Abused for Malvertising: Threat actors are using Anthropic’s Claude platform to generate legitimate-seeming documentation and sharing the public links via malicious search ads. The trusted domain bypasses web reputation filters to direct targets to malware staging servers. More info
“Agentjacking” Prompt Injections Hijack AI Code Assistants: A new methodology targets autonomous development tools by embedding malicious prompt-engineered strings inside standard repository bug reports. When scanned by AI agents, the text overrides core instructions to execute arbitrary shell commands or exfiltrate variables. More info
🔬 Others
- Leaked Documents Reveal “ChatGPT for Science” Testing: An internal leak confirmed OpenAI is running a restricted beta for an academic-focused subscription tier. The model integrates specialized compliance frameworks alongside workflows tailored for handling massive data sets, molecular modeling, and math formulas. More info