Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, BlueHammer and SimpleHelp weaknesses continue to be exploited, with CISA noting BlueHammer has entered ransomware-gang playbooks, while Oracle PeopleSoft issues have also driven data theft and malware activity tied to ShinyHunters. Meanwhile, Blackfield ransomware demanded $2 million from Nidec Corporation, Aflac Japan disclosed a breach impacting 4.38 million people, and Mustang Panda used Zoho WorkDrive as a command channel against Indian government targets. #BlueHammer #SimpleHelp #OracleEBS #PeopleSoft #CISA #Blackfield #Nidec #AflacJapan #ShinyHunters #NAIC #MustangPanda #ZohoWorkDrive #Signal #WhatsApp

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, OpenAI and Anthropic are limiting access to new AI models during a cybersecurity review, while OpenAI also introduced GPT-5.6 Sol as its most advanced cybersecurity-focused AI and Straiker raised $64 million to expand its AI security platform for enterprise workloads. DirtyClone is highlighted for a Linux kernel issue that can enable root access, Microsoft removed 119 Edge extensions that hid malware in images and fonts, and a breach exposed up to 14.2 million email logins across six ISPs—along with U.S. bounties tied to Russian state hackers and updated post-quantum cryptography readiness demands for CISOs. #OpenAI #Anthropic #GPT-5.6 Sol #Straiker #DirtyClone #Microsoft #Edge #Russian #post-quantum #CISO #DirtyCloneLinux #6 ISPs

Read More
Threat Research | Weekly Recap [28 Jun 2026]

Cybersecurity Threat Research ‘Weekly’ Recap. This week’s coverage spans supply-chain and DevOps attacks, credential-harvesting phishing, and exploitation of widely used software to steal tokens, deploy backdoors, or monetize access. It also highlights nation-state and fraud ecosystems, alongside Windows and macOS tradecraft that focus on evasion, persistence, and stealthy command-and-control.

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, AI-native security, agentic workflows, and AI-abusing malware were front and center, including Nebulock’s $25 million raise for contextual AI security, the expanding MCP spec bringing new enterprise risks, and a new macOS malware strain that plants fake errors to throw off AI analysis. Other key stories covered Robinhood speeding up access approvals, Poland’s SIM-swapping gang bust tied to millions in crypto theft, and Microsoft extending free Windows 10 ESU support to October 2027.
#Nebulock #MCP #macOS #Robinhood #Philip Martin #Uber #Akrites #Poland #SIMSwapping #Bluekit #Cellebrite #FCC #CISA #Windows10ESU #Chrome #Shop #PirloTV #TataElectronics #Snyk

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, AI-native security, agentic workflows, and AI-abusing malware were prominent as Nebulock raised $25 million, the MCP spec expanded enterprise use while introducing new risks, and a new macOS malware strain hid fake errors to confuse AI analysis tools. Separately, Robinhood improved access-approval speed for high-velocity development while Polish authorities disrupted a SIM-swapping crypto-theft gang and attackers leveraged Bluekit, browser-in-the-middle phishing, and callback scams to target credentials. #Nebulock #MCP #macOSMalware #Robinhood #PhilipMartin #Uber #Akrites #PolandSIMSwapping #Bluekit #SIMSwapping #Cellebrite #FCC #Windows10ESU #ChromeAddOn #ShopOrderTrackingApp #PirloTV #TataElectronics #Snyk

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, CISA said the critical Lantronix EDS5000 flaw is actively exploited, while another Lantronix serial-to-IP converter issue is already being used after OT threat warnings; Cal Water also found no evidence of OT activity despite claims of disrupting the water supply. This recap also covered Chrome 149 patching 18 severe flaws, Cisco SD-WAN zero-day attacks granting root access via an exploit chain, Operation Endgame disrupting Amadey and StealC, and a malicious Edge extension abusing Native Messaging to bridge to malware.
#Lantronix #LantronixEDS5000 #CISA #OT #CalWater #Chrome149 #CiscoSDWAN #Mandiant #OperationEndgame #Amadey #StealC #DraftKings #Snoopy #Edge #NativeMessaging

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, U.S. authorities seized Huione-related infrastructure tied to cyber scam laundering, while a Scattered Spider member pleaded guilty to hacking Transport for London and courts ordered takedowns of the Amadey and Stealc cybercrime ecosystems. The day also covered active exploitation of Cisco Unified CM (CVE-2026-20230), FortiGate credential harvesting linked to FortiBleed, and emerging AI/attack risks including a fake brand-landingpage agent skill reaching 26,000 agents.
#Huione #ScatteredSpider #TransportForLondon #Amadey #Stealc #CiscoUnifiedCM #CVE-2026-20230 #Ubiquiti #FortiGate #FortiBleed #Mistic #KongTuke #ClickFix #brand-landingpage #Anthropic #Mythos #U.S. #TataElectronics #Xolis #DraftKings

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, LastPass confirmed its breach was tied to the Klue supply-chain compromise, while ShapedPlugin WordPress Pro plugins were backdoored in a separate supply-chain attack; London Hydro and Xsolis also disclosed large-scale data exposures. Across other headlines, the FortiBleed campaign used a custom FortiGate sniffer to steal firewall credentials, Squidbleed was shown to leak cleartext HTTP requests via Squid Proxy, and WhatsApp campaigns delivered ManageEngine RMM alongside OXLOADER and CastleStealer. #LastPass #Klue #ShapedPlugin #LondonHydro #Xsolis #FortiBleed #FortiGate #FortiGateSniffer #Russian #Squidbleed #SquidProxy #SamsungKNOX #Galaxy #WhatsApp #ManageEngineRMM #VBScript #OXLOADER #CastleStealer #JaredFromSubway #SearchYourTarget #DifyTap #Dify #AutoGenStudio #FFmpeg #PixelSmash #SAVE #postquantum #Windows1126H2 #DeepInstinct

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, Five Eyes warns that advanced AI hacking models could reach the cyber scene within months, while INTERPOL reports rising phishing and AI-powered scams across Asia-Pacific. In addition, North Korean activity is linked to the Mastra NPM supply-chain attack, attackers are targeting the Gravity SMTP WordPress plugin, and the AryStinger botnet continues infecting D-Link routers.
#FiveEyes #INTERPOL #Mastra #NPM #NorthKorean #GravitySMTP #WordPress #AryStinger #DBlink #DLink #TexasParksAndWildlife #Ukraine #EU

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, Police and international partners disrupted a malware network tied to Russia’s Evil Corp, while Operation Endgame took down SocGholish servers and cleaned 14,971 compromised WordPress sites. Security teams also warned that The Gentlemen ransomware uses the GentleKiller EDR-killer framework to target 400 security processes before encryption. #EvilCorp #OperationEndgame #SocGholish #WordPress #TheGentlemen #GentleKiller #Texas #FortiBleed #Fortinet #Klue #Icarus #GravitySMTP #usbliter8 #SecureROM #AppleA12 #AppleA13 #AutoJack #Beats #Continuum

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, Security teams are being urged to treat every AI agent as a distinct identity and to keep pace with fast-moving threat patterns, including AI-generated deepfakes scrutiny and related harassment charges involving AI-made nude images. On the vulnerability and incident front, CISA warned of an actively exploited Splunk Enterprise flaw, enforcement disrupted the SocGholish botnet by cleaning nearly 15,000 WordPress sites tied to Evil Corp, and Fortinet users were advised to secure devices after the FortiBleed leak.
#AI #AI agent #No FAKES Act #Deepfakes #Splunk Enterprise #CISA #NGINX #REDCap #Recycle Bin #SocGholish #Evil Corp #WordPress #Gentlemen #CryptoBandits #NastyC2 #Claude #NIM #FortiBleed #Fortinet #WideField Security #Splunk #Nintendo #WebMD #Microsoft 365 #MFA #M365 Backup

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, Klue linked an OAuth breach to Icarus-associated Salesforce data theft activity, while Kodak confirmed a breach after ShinyHunters claims, and FortiBleed reports exposed up to 75,000 Fortinet firewall/VPN devices with leaked credentials. Apple patched a Beats Studio Buds eavesdropping flaw, F5 delivered out-of-band fixes for critical NGINX issues, and Microsoft confirmed a RoguePlanet Defender zero-day is being patched as attackers rapidly exploit recently disclosed Fortinet flaws. #Klue #Icarus #Salesforce #Kodak #ShinyHunters #FortiBleed #Fortinet #BeatsStudioBuds #F5 #NGINX #RoguePlanetDefender #Microsoft #MFA #CISA #Telegram #EU #Ukraine

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, patching and vulnerability updates dominated today as CISA ordered U.S. federal agencies to address an actively exploited critical Joomla plugin issue, while browser and enterprise-targeted fixes rolled out for Google Chrome, Firefox, Fortinet FortiSandbox, Rockwell Automation ICS, and LiteSpeed/Joomla. On the campaign side, new Rokarolla Android malware stole PINs, SMS codes, and crypto funds, ClickFix and GhostTree expanded evasion techniques, and ShinyHunters’ extortion claims were confirmed by Kodak. #CISA #Joomla #FortinetFortiSandbox #RockwellAutomation #LiteSpeed #Rokarolla #ClickFix #GhostTree #JetBrains #SteamWorkshop #WallPaperEngine #Kodak #ShinyHunters #iRhythm

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, US regulators reported record $3.5 billion in 2025 losses from imposter scams as the FTC warned about rising victim costs, while the UK plans to ban social media access for children under 16 and other governments moved to strengthen fraud and reporting controls. CISA and vendors also warned about active exploitation of cPanel, Cisco SD-WAN/vManage, and Fortinet FortiSandbox flaws, alongside major intrusion and espionage updates including DragonForce using Microsoft Teams relays and NarwhalRAT delivery via fake Microsoft alerts. #ImposterScams #FTC #UK #cPanel #CiscoSDWAN #CiscoVmanage #FortinetFortiSandbox #DragonForce #BackdoorTurn #MicrosoftTeams #Astral #iRhythm #ShinyHunters #CalWater #Google #NarwhalRAT #LiteLLM #Copilot #SprySOCKS #OptinMonster #TrustCloud #NewCore

Read More
Cybersecurity News | Daily Recap [30 Jun 2026]

Daily Recap, Fraud and phishing activity included the FBI disrupting an AI-powered phishing service using 1 million URLs and reporting crypto scams that relied on couriers, while MENA users faced Sniper Dz lures through fake Facebook offers and browser alerts. Across cloud and breach headlines, attackers turned Microsoft 365 Copilot into a 1-click data-theft mechanism, exploited a PAN-OS GlobalProtect VPN flaw, and hit platforms including REDCap, Infinite Campus, and Novo Nordisk, with ransomware cases and supply-chain intrusions also continuing. #FBI #Microsoft365Copilot #GlobalProtect #REDCap #InfiniteCampus #NovoNordisk #Ozempic #Conti #SniperDz #Misere #ShaiHulud #MiniShaiHulud #Miasma #Hades #UNKDeadDrop #GoFlateLoader

Read More