top of page
ALL POSTS
ServiceNow Security Incident Exposes Customer Data and Unauthorized Access
Key Findings ServiceNow applied a security update on June 5, 2026 to address an unauthenticated access vulnerability affecting hosted customer instances The flaw allowed unauthorized users to gain elevated access to ServiceNow instances and query customer data Evidence shows successful data access occurred for a subset of customers between June 2-4, 2026 The vulnerability stems from an API endpoint configuration that did not require authentication Community reports allege Ser
Jun 103 min read
CISA Updates Active Exploit Catalog: Cisco, Arista, and Chromium Vulnerabilities Added
Key Findings CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring immediate remediation across federal and enterprise networks Cisco Catalyst SD-WAN Manager flaw (CVE-2026-20245) allows authenticated attackers to execute commands as root through improper input encoding Google Chromium V8 memory vulnerability (CVE-2026-11645) enables remote code execution via malicious HTML pages with a critical 8.8 CVSS score Arista EOS
Jun 102 min read
Cloud Security Report Reveals Tool Fragmentation Deepening Complexity Challenges
Key Findings 69% of organizations identify tool sprawl and visibility gaps as the primary constraint on cloud security effectiveness 66% of security teams lack confidence in their ability to detect and respond to cloud threats in real time, up from 64% the previous year 88% of organizations operate across hybrid or multi-cloud environments, fragmenting security signals across disconnected systems Cloud security spending now represents 34% of IT security budgets on average, wi
Jun 102 min read
Microsoft Patch Tuesday: 206 Vulnerabilities Patched Including Zero-Days and Critical RCE Exploits
Key Findings Microsoft released 206 security patches in June 2026, a record number including 39 Critical and 167 Important severity flaws Three vulnerabilities were publicly disclosed at the time of release, including two BitLocker bypasses and an HTTP.sys denial-of-service flaw Patch set includes 56 remote code execution vulnerabilities, 63 privilege escalation flaws, and multiple critical kernel issues Three highest severity flaws all carry a CVSS score of 9.8 and enable un
Jun 103 min read
Veeam Backup & Replication RCE Vulnerability Allows Domain Users to Execute Remote Code on Servers
Key Findings Critical remote code execution vulnerability (CVE-2026-44963, CVSS 9.4) in Veeam Backup & Replication allows authenticated domain users to execute arbitrary code on backup servers Affects all Veeam Backup & Replication version 12.x builds up to 12.3.2.4465 Patched in version 12.3.2.4854; version 13.x unaffected due to architectural changes Discovered by watchTowr researcher Sina Kheirkhah No known in-the-wild exploitation at this time, but attacks likely to follo
Jun 102 min read
Microsoft Patch Tuesday June 2026: 206 Vulnerabilities and Security Updates
Key Findings Microsoft released 206 vulnerabilities in June 2026 Patch Tuesday, the largest monthly batch on record 32 vulnerabilities marked as critical, with 28 being remote code execution flaws 4 critical vulnerabilities flagged as more likely to be exploited in active attacks 23 critical vulnerabilities assessed as less likely to be exploited but still pose significant risk 3 vulnerabilities were publicly known but not yet exploited at time of release Affected products sp
Jun 94 min read
Miasma Worm Supply Chain Attack Compromises 73 Microsoft GitHub Repositories
Key Findings A self-replicating worm called Miasma compromised 73 Microsoft GitHub repositories across Azure infrastructure and core .NET, Go, Java, JavaScript, and Python frameworks GitHub staff disabled affected repositories after attackers injected malicious workflows that harvested OIDC tokens and developer credentials The attack exploited AI coding tools as an automatic execution mechanism, triggering malware when developers cloned infected repos and opened them in IDEs
Jun 93 min read
Chrome V8 Zero-Day CVE-2026-11645 Being Exploited in the Wild - Apply Patch Immediately
Key Findings Google released security updates addressing 74 vulnerabilities, including CVE-2026-11645, a high-severity zero-day actively exploited in the wild CVE-2026-11645 is an out-of-bounds memory access flaw in V8 with a CVSS score of 8.8 that allows remote code execution via crafted HTML pages This is the fifth actively exploited Chrome zero-day in 2026, following CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281 CISA added CVE-2026-42271, a command injecti
Jun 93 min read
Critical One-Character Linux Kernel Vulnerability Enables Local Root Access with Public Exploits Available
Key Findings A single inverted character in Linux kernel nf_tables code allows unprivileged local users to escalate to root via use-after-free vulnerability CVE-2026-23111 Upstream patch released February 5, 2026; working exploits published April 16 and June 8, 2026 Requires existing local foothold plus nf_tables and unprivileged user namespaces, both enabled by default on most systems CVSS rating 7.8 (high); no remote vector or known active exploitation Demonstrated on Debia
Jun 93 min read
Deep Integration: Apple Intelligence Anchors the iOS 27 and macOS 27 Default Application Suites
Key Findings Apple integrated Google's Gemini models directly into Siri's core framework, marking a significant shift in the company's AI strategy Apple Intelligence is now embedded across all native applications in iOS 27 and macOS 27, functioning as system-level infrastructure rather than isolated features Safari gained autonomous web monitoring, intelligent tab organization, and AI-assisted custom extension creation Shortcuts and Home applications now support natural langu
Jun 93 min read
Meta Files Contempt of Court Complaint Against NSO Group for Defying Spyware Injunction
Key Findings Meta detected NSO Group conducting spear phishing campaigns targeting WhatsApp users despite a permanent court injunction issued last year The company filed a federal contempt-of-court complaint, alleging NSO violated the injunction by creating test accounts and luring users to malicious external websites Three malicious domains have been identified: ikhwancast.com, ghazacast.com, and fr24cast.com NSO Group remains on the U.S. Commerce Department's Entity List an
Jun 82 min read
Operation FlutterBridge: macOS Backdoor Campaign Leverages Fake Google Ads and Targeted Distribution
Key Findings Operation FlutterBridge is a sophisticated malvertising campaign targeting macOS users since late 2025, evolving from basic adware into a dangerous backdoor called FlutterShell Threat actors use fake shell companies to purchase verified Google and YouTube ads, bypassing security filters through artificial aging and legitimate developer credentials The malware masquerades as productivity tools including Podcasts Lounge, PDF-Brain, and PDF-Ninja, with three distinc
Jun 83 min read
Meta's Account Recovery Tool Vulnerability Exposes 20,000+ Instagram Users to Unauthorized Password Resets
Key Findings Meta's AI-powered Instagram account recovery tool, known as High Touch Support (HTS), contained a critical flaw that exposed over 20,000 accounts to unauthorized password resets The vulnerability existed for approximately seven weeks, from April 17 to early June 2026, before Meta discovered it on May 31 The flaw allowed attackers to request password reset links for any Instagram account and have them sent to email addresses they controlled, bypassing identity ver
Jun 84 min read
UNC3753 Escalates Campaign Against US Legal Firms: Vishing, Remote Access Tools, and Physical Intrusions
Key Findings UNC3753 (Luna Moth, Chatty Spider, Silent Ransom Group) conducted extortion campaign targeting US legal, financial, and professional services firms from January to May 2026 Attack chain relies entirely on social engineering and voice phishing with no malware or ransomware involved Threat actors escalated tactics to include physical office intrusions where operatives pose as IT technicians and insert USB drives to steal data Stolen data typically includes tax reco
Jun 83 min read
Multiple Critical Vulnerabilities Discovered: VoLTE Flaw and iOS App Security Breach
Key Findings Critical VoLTE flaw in Verizon's core voice network exposes all cellular traffic without encryption SIP signaling between devices and network completely lacks required IPsec ESP protection per 3GPP standards On-path attackers can manipulate voice calls, spoof numbers, hijack calls, and misroute emergency services Verizon has ceased coordinated vulnerability disclosure efforts and provided no evidence of active mitigation Apache Cordova InAppBrowser plugin vulnera
Jun 82 min read
PyPI Supply Chain Attack Exploits Malware Startup Hooks at Scale
Key Findings Coordinated PyPI supply chain attack compromised multiple popular open-source packages through maintainer account takeover Malware uses Python startup hooks (.pth files) to execute automatically during installation without requiring explicit package imports 448 affected artifacts identified spanning both npm and PyPI registries Threat actors dubbed the Hades cluster, part of broader Shai-Hulud and Miasma malware lineage Socket malware detection systems identified
Jun 73 min read
Critical Miasma Worm Campaign Targets Microsoft and Red Hat in Expanding Supply Chain Attack Wave
Key Findings Miasma worm infected 73 Microsoft GitHub repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations, forcing GitHub to disable access Attack represents re-compromise of previously infected "durabletask" PyPI package, suggesting threat actors maintained persistent access for over a month Miasma operates as self-replicating malware variant of Mini Shai-Hulud worm, exploiting the trust model of package registries rather than technical vulne
Jun 64 min read
FreeRADIUS and Chrome Security Updates Address Critical Buffer Overflow and Multiple Vulnerabilities
Key Findings FreeRADIUS released emergency patches to fix critical unauthenticated buffer overflow vulnerabilities affecting multiple authentication protocols Malicious actors can crash vulnerable servers without any authentication by sending specially crafted UDP packets Chrome 149 stable release addresses 429 security vulnerabilities including critical memory corruption bugs in graphics and GPU handling Developers are intentionally limiting technical disclosure details to p
Jun 53 min read
PCPJack: How Attackers Hijacked 230 Cloud Servers for Covert Email Relay
Key Findings Threat actor PCPJack compromised 230 cloud servers across AWS, Google Cloud, and Microsoft Azure and converted them into covert SMTP relay proxies Complete toolkit, source code, and live command-and-control configuration were accidentally exposed in an unauthenticated directory on a C2 server The operation used Sliver C2 framework combined with Chisel tunneling to create a self-healing, monitored email relay network that synced verified proxies every five minutes
Jun 53 min read
International Law Enforcement Smashes Major Cybercrime Operations
Key Findings French-led international operation dismantled a major counterfeit document production facility in Alicante, Spain Police seized approximately 800 forged European documents, professional production equipment, and a transport vehicle The facility supplied fake credentials to migrant smuggling networks across Europe, enabling border evasion and illegal residence claims Coordinated enforcement action disrupted critical infrastructure used by organized crime groups Eu
Jun 52 min read
bottom of page
