Cybersecurity News | Daily Recap [24 Jun 2026]

Daily Recap, U.S. authorities seized Huione-related infrastructure tied to cyber scam laundering, while a Scattered Spider member pleaded guilty to hacking Transport for London and courts ordered takedowns of the Amadey and Stealc cybercrime ecosystems. The day also covered active exploitation of Cisco Unified CM (CVE-2026-20230), FortiGate credential harvesting linked to FortiBleed, and emerging AI/attack risks including a fake brand-landingpage agent skill reaching 26,000 agents.
#Huione #ScatteredSpider #TransportForLondon #Amadey #Stealc #CiscoUnifiedCM #CVE-2026-20230 #Ubiquiti #FortiGate #FortiBleed #Mistic #KongTuke #ClickFix #brand-landingpage #Anthropic #Mythos #U.S. #TataElectronics #Xolis #DraftKings

U.S. authorities seized Huione infrastructure tied to cyber scam laundering and a related account, while an Algerian man was charged over two cybercrime marketplaces and a Scattered Spider member pleaded guilty in the Transport for London hack. – Huione Seizure, Huione Raid, Marketplaces, TfL Plea
A court-ordered takedown targeted two cybercrime tools at once, hitting the Amadey and Stealc ecosystems in a single action. – Tool Takedown

Attackers are actively exploiting Cisco Unified CM flaws, including CVE-2026-20230, as defenders race to contain the campaign. – Cisco Exploits, CVE-2026-20230
Critical Ubiquiti vulnerabilities are drawing attacker interest, raising the risk of exposure for deployed devices. – Ubiquiti Flaws
FortiGate firewalls were targeted in a 110 million-credential harvesting operation linked to the FortiBleed campaign. – FortiBleed

The stealthy Mistic backdoor was linked to the ransomware access broker KongTuke, highlighting the reuse of initial-access infrastructure. – Mistic Backdoor
A new macOS ClickFix attack silently mounts DMGs to deliver an infostealer payload. – macOS ClickFix

A fake AI agent skill named brand-landingpage bypassed scans and reportedly reached 26,000 agents, exposing gaps in review tools from Cisco and NVIDIA. – Fake Skill
Anthropic’s Mythos model reportedly found vulnerabilities in classified U.S. government systems, underscoring both promise and risk in AI-assisted security testing. – Mythos Find
Dragos unveiled new AI capabilities for OT security, aiming to improve detection and response in industrial environments. – Dragos AI
Dify exposure flaws threaten a platform powering over 1 million apps, adding fresh concern around AI app security. – Dify Flaws
Security leaders warned that agentic AI can make wrong-context decisions at machine speed, complicating exposure validation. – Agentic AI, Exposure Validation

Tata Electronics confirmed a cyberattack after hackers leaked data, while healthtech firm Xolis disclosed a breach affecting 1.4 million people. – Tata Leak, Xolis Breach
DraftKings hacking fallout continued as a third defendant was sentenced to 18 months in prison. – DraftKings Sentence

A 2030 federal deadline was set for migrating to post-quantum cryptography, signaling a major U.S. modernization push. – PQC Deadline
Experts said open-source software security remains a hard problem for governments to solve at scale. – Open Source Risk
Windows 11 KB5095093 added a new point-in-time restore feature to improve recovery options. – Windows Update

SHARE THIS STORY