🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
20 JunHackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API KeysThreat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthe…THEHACKERNEWS.COM
20 JunCVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP responseInformation published.MSRC.MICROSOFT.COM
20 JunCVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruptionInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 5[−]
20 Jun5 People You Meet In Cybersecurity - David Shipley Interviews Amy LeeIn this special Cybersecurity Today weekend interview, host David Shipley speaks with Amy Yee about leadership, resilience, and the human side of cybersecurity. Amy shares her remarkable journey from electrical engineering and venture capital to becoming the inaugural Chief Digit…CYBERSECURITYTODAY.LIBSYN.COM
20 JunUnpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot ChainSecurity researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it…THEHACKERNEWS.COM
20 JunJCPenney - 368,418 breached accountsIn June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later published publicly. The expo…HAVEIBEENPWNED.COM
20 JunPeeling back Banana RAT.This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud." Researchers from Trend Micro's MDR team uncovered the full operation behind Banana…THECYBERWIRE.COM
20 JunAnthropic suspends Fable over US national security concerns.ShinyHunters leaks data allegedly stolen from Madison Square Garden. Law enforcement cleans up 15,000 malware-infected websites.THECYBERWIRE.COM
📢 SECURITY ADVISORIES 1[−]
20 JunFrench President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on RegulationFrench President Emmanuel Macron urged the world’s wealthy democracies to work together on regulating advanced AI systems. The post French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation appeared first on SecurityWeek .SECURITYWEEK.COM
🔥 INCIDENT REPORTING 4[−]
20 JunThe Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security ProcessesThe Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-termin…THEHACKERNEWS.COM
20 JunYou Don’t Need Perfect SecurityThis clip compares cybersecurity deterrence to choosing between two identical Ferraris — except one has a rabid pit bull in the back seat. The point is simple: attackers often look for the easiest target, not necessarily a perfect target. The conversation also references the clas…YOUTUBE.COM
20 JunMicrosoft links Mastra AI supply chain attack to North Korean hackersMicrosoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...]BLEEPINGCOMPUTER.COM
20 JunNew Prinz Eugen ransomware prioritizes recent files for encryptionA new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 1[−]
20 JunThreat Brief: Mitigating Large-Scale Credential AttacksWe provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
📡 INFOSEC NEWS 2[−]
20 JunHackers Claim to Leak Stolen Madison Square Garden DataPlus: Gay bars in San Francisco using face scanners, France quits Palantir, Apple plans to change its private email and more.WIRED.COM
20 JunSignal’s Meredith Whittaker wants you to remember that AI chatbots ‘are not your friends’"These are not your friends. These are not conscious beings. These are not sentient interlocutors.”TECHCRUNCH.COM