Critical Flaws Exploited: Red Hat Supply Chain Hit, PAN-OS & Netlogon Under Siege, Android Zero-Day Patched
Summary
This edition covers a series of critical cybersecurity events from early June 2026. A sophisticated supply chain attack named 'Miasma' compromised 32 Red Hat NPM packages with a credential-stealing worm. Concurrently, threat actors are actively exploiting critical vulnerabilities in Palo Alto Networks' GlobalProtect VPN (CVE-2026-0257) and Windows Netlogon (CVE-2026-41089), leading to urgent patch advisories. Google addressed an actively exploited Android zero-day, while major data breaches at Carnival and Charter Communications exposed the data of millions. This period highlights the severe and immediate threats facing supply chains, network infrastructure, and cloud services.
Today New Articles
Android Zero-Day Under Attack: Google Issues Urgent Patch for Privilege Escalation Flaw
Google's June 2026 Android security update addresses 124 vulnerabilities, including a high-severity zero-day flaw (CVE-2025-48595) that is confirmed to be under limited, targeted exploitation. The vulnerability, an elevation of privilege issue in the Android F...
SideCopy APT Targets Afghanistan's Finance Ministry in 'XENOFISCAL' Espionage Campaign
The Pakistan-aligned threat group SideCopy, part of the Transparent Tribe (APT36) umbrella, is conducting a targeted cyber-espionage campaign dubbed 'Operation XENOFISCAL' against Afghanistan's Ministry of Finance. The campaign uses spear-phishing emails with...
Sophos Uncovers AI-Powered Malware Lab Built to Evade EDR Solutions
Security researchers at Sophos have discovered a sophisticated malware development framework that uses AI agents, including Claude Opus, to automate the creation and testing of evasive malware. The threat actor, linked to an active ransomware group, built a vi...
Gartner Warns of Four Critical Threats Where Attackers Have the Upper Hand
At its Security & Risk Management Summit, research firm Gartner identified four critical and unpredictable threat areas where attackers hold a significant advantage: AI application compromise, identity impersonation via deepfakes, prompt injection, and softwar...
EU Cyber Resilience Act: 24-Hour Breach Reporting Mandate Begins Sept 2026
The European Union's landmark Cyber Resilience Act (CRA) will begin enforcing its stringent reporting obligations on September 11, 2026. Manufacturers of all products with digital elements sold in the EU will be required to report actively exploited vulnerabil...
Samsung Rolls Out June 2026 Security Patch, Fixing 45 Vulnerabilities
Samsung has released the details for its June 2026 Security Maintenance Release (SMR) for Galaxy devices. The update includes patches for 45 vulnerabilities, combining fixes from Google's Android Security Bulletin with 11 Samsung-specific fixes (SVEs). The upd...
Hackers Abuse ChatGPT and Claude 'Share' Features to Host Malware
Threat actors are exploiting legitimate features in popular AI chatbots like OpenAI's ChatGPT and Anthropic's Claude to host and deliver malware. Researchers have observed campaigns where attackers abuse the 'shared conversations' feature to create unique URLs...
Critical Ghost CMS Flaw (CVE-2026-26980) Exploited to Inject Malware on 700+ Sites
A critical SQL injection vulnerability in the Ghost content management system, CVE-2026-26980, is being actively exploited in the wild. At least two distinct threat groups are targeting unpatched websites, with over 700 sites already compromised. The vulnerabi...
New 'FlutterShell' Backdoor Targets macOS Users via Widespread Google Ads Campaign
Palo Alto Networks' Unit 42 has identified a large-scale malvertising campaign named 'Operation FlutterBridge' targeting macOS users. This campaign, an evolution of the earlier JSCoreRunner attacks, distributes a new backdoor called FlutterShell. Built with th...
Article Updates
Carnival Data Breach Exposed Nearly 6 Million After Social Engineering Attack
Update:The notorious extortion group ShinyHunters has officially claimed responsibility for the Carnival data breach. They allege to have stolen 8.7 million records, specifically targeting the Mariner Society loyalty program of Holland America, a Carnival brand. This...
CISA Warns of Active Exploitation of Palo Alto GlobalProtect Auth Bypass Flaw (CVE-2026-0257)
Update:The severity of CVE-2026-0257, affecting Palo Alto GlobalProtect, has been officially escalated from medium to critical due to ongoing active exploitation. This update includes new technical details, specifically mapping the observed exploitation to MITRE ATT&...
CRITICAL: Unauthenticated RCE Flaw in Windows Netlogon (CVE-2026-41089) Actively Exploited
Update:This update provides new technical details, including specific MITRE ATT&CK techniques (T1210, T1068, T1021.002, T1482) associated with the active exploitation of CVE-2026-41089. A more comprehensive impact assessment highlights the catastrophic potential for...
ShinyHunters Leaks Data of 4.9M Charter Customers After Vishing Attack
Update:This update provides a more detailed technical analysis of the Charter Communications breach, including specific MITRE ATT&CK IDs (T1654, T1078.004, T1530, T1041) for the vishing, cloud account compromise, and data exfiltration phases. It also offers refined d...