Why patch directives only go so far

CISA issued an emergency directive for CVE-2026-50751, a CVSS 9.3 authentication bypass in Check Point Remote Access VPN that was actively exploited weeks before disclosure. Qilin ransomware affiliates used the flaw to breach dozens of organizations by abusing IKEv1-enabled VPN gateways for authenticated access, exfiltration, and command-and-control. #CVE-2026-50751 #CheckPoint #CISA #Qilin #IKEv1

Read More
Cybersecurity News | Daily Recap [24 Jun 2026]

Daily Recap, U.S. authorities seized Huione-related infrastructure tied to cyber scam laundering, while a Scattered Spider member pleaded guilty to hacking Transport for London and courts ordered takedowns of the Amadey and Stealc cybercrime ecosystems. The day also covered active exploitation of Cisco Unified CM (CVE-2026-20230), FortiGate credential harvesting linked to FortiBleed, and emerging AI/attack risks including a fake brand-landingpage agent skill reaching 26,000 agents.
#Huione #ScatteredSpider #TransportForLondon #Amadey #Stealc #CiscoUnifiedCM #CVE-2026-20230 #Ubiquiti #FortiGate #FortiBleed #Mistic #KongTuke #ClickFix #brand-landingpage #Anthropic #Mythos #U.S. #TataElectronics #Xolis #DraftKings

Read More
DraftKings hacker ‘Snoopy’ sentenced to 18 months in prison

Nathan Austad, known as “Snoopy,” was sentenced to 18 months in prison for helping hack DraftKings accounts in the November 2022 attack. He and his co-conspirators compromised tens of thousands of accounts, stole $600,000, and used stolen access to add payment methods and profit from the scheme. #DraftKings #NathanAustad #Snoopy #JosephGarrison #KamerinStokes

Read More
Malicious hackers exploit Cisco zero-day for highest access level at communications service provider

Mandiant said an attacker used a previously unknown Cisco zero-day vulnerability to compromise a communications service provider and gain root-level access inside its network. The campaign targeted Cisco Catalyst SD-WAN Manager and related edge devices, with evidence of stealthy activity, unauthorized peering connections, password manipulation, and a rogue account named β€œtroot.” #Cisco #Mandiant #CiscoCatalystSDWANManager #CVE-2026-20245 #CVE-2026-20127 #CVE-2026-20182

Read More
Securing the service desk: Why social engineering attacks keep succeeding

Service desk social engineering is a highly effective attack path because it exploits human trust to reset credentials, bypass MFA, and gain legitimate access to corporate systems. Recent incidents involving Scattered Spider, Silent Ransom Group, Marks & Spencer, Co-op, Harrods, and Carnival Corporation show how attackers impersonate employees or IT support to move quickly from help desk access to data theft or ransomware. #ScatteredSpider #SilentRansomGroup #MarksandSpencer #Coop #Harrods #CarnivalCorporation

Read More
Malicious Edge extension abuses Native Messaging as bridge to malware

A malicious Microsoft Edge extension called Edgecution was used in a ransomware-related attack to escape the browser sandbox and deploy a Python-based backdoor. The campaign relied on fake Microsoft support pages, Chrome Native Messaging, and a disguised Edge Monitoring Agent to run commands and maintain persistence. #Edgecution #PayoutsKings #MicrosoftEdge #MicrosoftTeams #OutlookUpdatesManagementConsole

Read More
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access

Mandiant revealed that CVE-2026-20245 in Cisco Catalyst SD-WAN was used in zero-day attacks to escalate privileges and create a rogue root account named β€œtroot” on targeted devices. The intrusion involved unauthorized SD-WAN peering, stolen or bypassed access, malicious CSV uploads, and extensive cleanup to hide evidence of compromise. #Cisco #CatalystSDWAN #Mandiant #CVE202620245 #troot

Read More
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

A coordinated international law enforcement operation with support from Bitdefender, Bitsight, ESET, and Microsoft dismantled infrastructure used by Amadey and StealC, disrupting the malware supply chain behind credential theft, fraud, and ransomware attacks. The takedown recovered millions of stolen credentials, restricted over $47 million in criminal crypto assets, and shut down…

Read More
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

CISA warned that CVE-2025-67038 in Lantronix EDS5000 Series devices is being actively exploited, and FCEB agencies must apply the fix by June 26, 2026. The advisory also highlighted active exploitation of UniFi OS flaws chained as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, which can lead to root-level code execution and broader network compromise….

Read More
When Information Becomes the Attack Surface – Understanding AI Agent Traps

AI agents can be manipulated by malicious content hidden in webpages, files, emails, and tools, causing them to trust false instructions, poison memory, or take unintended actions. Google DeepMind and security researchers describe six trap categories and emphasize that strong source verification, restricted permissions, and human approval are essential to keep…

Read More
Amadey, StealC malware operations disrupted in Operation Endgame action

Microsoft, Europol, and international partners disrupted infrastructure used by the Amadey, StealC, and SocGholish (FakeUpdates) malware operations under Operation Endgame. The action took down hundreds of servers and domains, seized stolen credentials and crypto-linked assets, and targeted the tools cybercriminals use to gain access and deploy ransomware. #Amadey #StealC #SocGholish #FakeUpdates #Microsoft #Europol #OperationEndgame

Read More
CISA warns of max severity Ubiquiti flaws exploited in attacks

CISA is warning that hackers are actively exploiting critical flaws in Ubiquiti UniFi OS and Lantronix EDS5000 serial-to-ethernet servers, prompting urgent patching under BOD 26-04. The issues include remote code execution, access control bypass, and path traversal bugs that can lead to full system compromise and sensitive data exposure. #Ubiquiti #UniFiOS #Lantronix #EDS5000 #CVE-2026-34908 #CVE-2026-34909 #CVE-2026-34910 #CVE-2025-67038

Read More