![Cybersecurity News | Daily Recap [17 Jun 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [17 Jun 2026]")
Daily Recap, patching and vulnerability updates dominated today as CISA ordered U.S. federal agencies to address an actively exploited critical Joomla plugin issue, while browser and enterprise-targeted fixes rolled out for Google Chrome, Firefox, Fortinet FortiSandbox, Rockwell Automation ICS, and LiteSpeed/Joomla. On the campaign side, new Rokarolla Android malware stole PINs, SMS codes, and crypto funds, ClickFix and GhostTree expanded evasion techniques, and ShinyHunters’ extortion claims were confirmed by Kodak. #CISA #Joomla #FortinetFortiSandbox #RockwellAutomation #LiteSpeed #Rokarolla #ClickFix #GhostTree #JetBrains #SteamWorkshop #WallPaperEngine #Kodak #ShinyHunters #iRhythm
Vulnerabilities & Patching
- CISA ordered U.S. federal agencies to patch a critical Joomla plugin flaw by Friday after active exploitation was confirmed – Joomla Patch
- Google Chrome and Firefox received updates for critical and high-severity flaws, while attackers are also targeting recently patched Fortinet FortiSandbox, Rockwell Automation ICS, and LiteSpeed/Joomla issues – Browser Patches, FortiSandbox, Rockwell Fixes, Joomla Attacks
- Microsoft is working on a Defender fix for the RoguePlanet zero-day, highlighting continued urgency around actively exploited enterprise bugs – RoguePlanet Patch
- A Google Vertex AI SDK flaw let attackers hijack model uploads via bucket squatting, showing how cloud and AI supply-chain mistakes can expose sensitive workloads – Vertex AI Flaw
Malware & Campaigns
- New Rokarolla Android malware is stealing PINs, SMS codes, and crypto wallet funds, with one report saying it targets 217 banking and crypto apps – Rokarolla, App Targets
- ClickFix campaigns are expanding malware delivery using new loaders and fake update lures, while the GhostTree attack hid payloads via recursive Windows junctions – ClickFix, GhostTree
- Malicious JetBrains Marketplace plugins are stealing AI API keys from developers, adding another software-supply-chain path to credential theft – JetBrains Plugins
- Steam Workshop was abused to spread malware through Wallpaper Engine, showing how gaming platforms are increasingly used for malicious distribution – Steam Malware
Breach & Extortion
- Kodak confirmed a data breach claimed by the ShinyHunters extortion gang, reinforcing the group’s ongoing pressure campaign against major brands – Kodak Breach
- iRhythm also confirmed data was stolen in a hack, adding another healthcare-related incident to the day’s breach reports – iRhythm Hack
Policy, AI & Identity
- India temporarily blocked Telegram over exam-cheating concerns, while the UK is moving toward requiring ID or a face scan for new social media accounts – India Blocks Telegram, UK ID Rule
- Lawmakers are questioning the Trump administration’s Anthropic order, while another analysis argues the growing need for constant AI patching creates a security burden and supports clearer AI ingredient lists – Anthropic Order, AI Patching, AI Ingredients
Funding & Company Moves
- 1Password acquired Apono in a reported $250M–$300M deal, strengthening its identity and access security stack – Apono Deal
- Tenet Security emerged from stealth with $6 million in seed funding, and Magnitude launched with $10 million after its stealth exit – Tenet Funding, Magnitude Funding