Cybersecurity News | Daily Recap [23 Jun 2026]

Daily Recap, LastPass confirmed its breach was tied to the Klue supply-chain compromise, while ShapedPlugin WordPress Pro plugins were backdoored in a separate supply-chain attack; London Hydro and Xsolis also disclosed large-scale data exposures. Across other headlines, the FortiBleed campaign used a custom FortiGate sniffer to steal firewall credentials, Squidbleed was shown to leak cleartext HTTP requests via Squid Proxy, and WhatsApp campaigns delivered ManageEngine RMM alongside OXLOADER and CastleStealer. #LastPass #Klue #ShapedPlugin #LondonHydro #Xsolis #FortiBleed #FortiGate #FortiGateSniffer #Russian #Squidbleed #SquidProxy #SamsungKNOX #Galaxy #WhatsApp #ManageEngineRMM #VBScript #OXLOADER #CastleStealer #JaredFromSubway #SearchYourTarget #DifyTap #Dify #AutoGenStudio #FFmpeg #PixelSmash #SAVE #postquantum #Windows1126H2 #DeepInstinct

LastPass confirmed a breach tied to a Klue supply-chain compromise, while ShapedPlugin WordPress Pro plugins were backdoored in a separate supply-chain attack – LastPass Breach, Plugin Backdoor
London Hydro disclosed a data breach and Xsolis reported exposure affecting 1.4 million individuals – Hydro Breach, Xsolis Breach
A suspected cyberattack caused false emergency alerts across parts of Brazil, highlighting the impact of attacks on public warning systems – False Alerts

The ongoing FortiBleed campaign is using a custom FortiGate sniffer to steal credentials from firewalls, with investigators linking it to a Russian initial access broker – FortiBleed, Access Broker, FortiGate Sniffer
Security researchers detailed the decades-old Squidbleed flaw in Squid Proxy, which can leak cleartext HTTP requests and user data – Squidbleed, Proxy Bug
Samsung KNOX was found to contain an 8-year-old flaw that exposed millions of Galaxy devices to kernel-level attacks – KNOX Flaw

A WhatsApp phishing campaign used fake business documents and VBScript to install ManageEngine RMM on PCs, while another campaign used malicious Google Ads to push OXLOADER and CastleStealer – WhatsApp Malware, Fake Docs, OXLOADER
JaredFromSubway MEV bot was hacked in a $15 million crypto theft, and another crypto heist was fueled by a fake reputation-boosting campaign – MEV Theft, Crypto Heist
A report on the “Search Your Target” market showed how stolen credentials are being bought and used for targeted intrusion operations – Stolen Creds

Microsoft fixed an AutoGen Studio flaw that enabled code execution, while FFmpeg patched the PixelSmash decoder bug in a widely used video component – AutoGen Fix, FFmpeg Fix
Researchers warned that DifyTap flaws in Dify could expose AI chats across tenants, underscoring continued risks in multi-tenant AI platforms – DifyTap
OpenAI shifted cybersecurity efforts toward fixing flaws faster, expanding Daybreak with GPT-5.5-Cyber to help defenders patch vulnerabilities – OpenAI Shift, GPT-5.5-Cyber
The long-standing “exploit doesn’t exist” issue highlighted how defenders can still validate impact even without a public exploit – Exploit Proof

A court ruled the SAVE database illegal and ordered it dismantled, while the Trump administration pushed agencies to accelerate post-quantum migration and support industry readiness – SAVE Ruling, PQ Order
Microsoft said Windows 11 26H2 is coming soon and explained the upgrade process, signaling the next major OS rollout – Windows 26H2
Industry coverage also spotlighted leadership strategy in a CISO conversation with Carl Froggett about combining CISO and CIO roles at Deep Instinct – CISO Talk

SHARE THIS STORY