Cybersecurity Newsfeed - 24/06/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 24/06/26
🛡️ Vulnerabilities
Eight-Year-Old Samsung KNOX Kernel Flaw (CVE-2026-20971): Researchers discovered a high-severity use-after-free vulnerability impacting millions of Galaxy devices (S9 to S25). Caused by a race condition between the PROCA and FIVE subsystems, local apps could exploit it to gain elevated kernel control. A patch was issued in January 2026. More info
Cisco Unified CM SSRF Actively Exploited (CVE-2026-20230): Cisco warned of active exploitation targeting improper input validation in Unified Communications Manager. Remote, unauthenticated attackers can use crafted HTTP requests to write malicious files and escalate privileges to root when the WebDialer service is active. More info
“Cordyceps” CI/CD Structural Vulnerability: Security firm Novee disclosed a widespread flaw class affecting GitHub Actions across thousands of major repositories, including Microsoft, Google, Apache, and Cloudflare. The issue allows command injection and repository hijacking via simple pull requests or comments. More info
“SquidBleed” Memory Leak Plagues Squid Proxies: A critical uninitialized memory leak vulnerability tracing back to the late 1990s was discovered in Squid caching proxy servers. Attackers can trigger a buffer over-read using malformed chunked transfer-encoding requests to expose active web session data. More info
🎯 Adversaries
macOS “ClickFix” Tactics Evolve: A new campaign relies on fake browser updates or Google Meet error overlays to trick macOS users into executing terminal commands. The attack silently mounts a DMG file, bypassing Gatekeeper to install information stealers targeting crypto wallets and credentials. More info
PowerShell Scripts Hijack Telegram Accounts: Kaspersky highlighted a multi-stage campaign targeting local Telegram state files via obfuscated PowerShell scripts embedded in cracked software downloads. The malware exfiltrates session tokens to bypass 2FA and mirror victim accounts. More info
Typosquatting Attack Mimics “postcss” on npm: Threat actors deployed a lookalike package targeting developers with a malicious pre-install script. Once pulled, the payload scans environment variables and hardcoded cloud infrastructure keys to execute supply chain compromises. More info
“CryptoBandits” Target Hardware and Tor Proxies: Delivering its payload via infected USB drives, this malware targets crypto investors by monitoring system clipboards to swap out destination wallet addresses. It also installs localized Tor proxies to discreetly exfiltrate private recovery seeds. More info
📈 Trends
Rise of Enterprise “Shadow AI” Exposure: An N-able report detailed a sharp increase in corporate data exfiltration risks stemming from employees using unauthorized third-party AI tools and extensions. Security teams are urged to implement deep packet inspection to monitor unregulated AI traffic. More info
GitHub Hardens “actions/checkout” Defaults: In response to persistent supply chain risks, GitHub updated its official checkout tool to automatically block unauthorized token access in pull requests originating from forked repositories. More info
Proactive Behavioral Fuzzing Combats Zero-Days: Security researchers demonstrated how advanced behavioral fuzzing models can map out expected exploitation pathways and validate EDR telemetry before public exploit payloads even exist. More info
Phishing Exploits Native M365 Collaboration Features: Attackers are increasingly abusing document comments and mention notifications inside Microsoft 365. Because the notification alerts come directly from legitimate Microsoft servers, they bypass traditional secure email gateways. More info
💥 Breaches & Leaks
Tata Electronics Affected by Cyberattack: Following a data leak by extortion group World Leaks (suspected rebrand of Hunters International), Tata Electronics confirmed an infrastructure compromise. Over 200,000 files allegedly tied to Apple and Tesla manufacturing specs were leaked on the dark web. More info
London Hydro Discloses Data Breach: Canadian electricity provider London Hydro reported a perimeter breach that exposed customer names, billing accounts, and historical electricity consumption data. Operational technology systems governing the grid remained isolated. More info
“jaredfromsubway” MEV Bot Drained of $15M: The notorious Ethereum network trading bot was compromised via a complex smart contract exploit. Attackers manipulated decentralized exchange liquidity pools to force bad trades, emptying the bot’s multi-million dollar reserves. More info
⚖️ Legal & Law Enforcement
Scattered Spider Members Plead Guilty to TfL Attack: Multiple operators associated with the syndicate pleaded guilty in federal court for their role in the ransomware campaign against Transport for London, which severely disrupted payment and portal services. More info
Algerian National Indicted for Cybercrime Marketplaces: US federal authorities indicted an individual accused of managing the administrative setup and financial escrow systems for top-tier illicit marketplaces trading in malware and stolen PII. More info
📚 Others
- Hack The Box Expands Incident Response Labs: The enterprise readiness platform introduced collaborative live-fire team labs focused on cloud infrastructure compromises, active directory exploitation, and real-time skill analytics for security leaders. More info