Critical 'CosmicSting' Flaw Endangers E-commerce, 'SquidLoader' Malware Targets China, and Snowflake Breach Fallout Continues

Publication Date: June 21, 2026

Summary

This cybersecurity brief for June 21, 2024, covers several major developing threats. A critical vulnerability dubbed 'CosmicSting' (CVE-2024-34102) with a 9.8 CVSS score leaves an estimated 75% of Adobe Commerce and Magento sites exposed to remote code execution. Meanwhile, a new evasive malware, 'SquidLoader,' is targeting Chinese organizations to deliver Cobalt Strike. The fallout from the massive Snowflake data theft campaign continues, with attackers now issuing ransom demands of up to $5 million to victims. Additionally, CISA has mandated patching for an actively exploited Linux kernel flaw, and the U.S. government is preparing to roll out mandatory cybersecurity rules for hospitals.

Today New Articles

Unpatched "CosmicSting" Flaw Leaves 75% of Magento & Adobe Commerce Sites Open to RCE

A critical XML External Entity (XXE) vulnerability, dubbed 'CosmicSting' and tracked as CVE-2024-34102, is affecting Adobe Commerce and Magento platforms. With a CVSS score of 9.8, the flaw allows unauthenticated attackers to read sensitive server files. When...

New 'SquidLoader' Malware Uses Advanced Evasion to Target Chinese Orgs with Cobalt Strike

A sophisticated and highly evasive malware loader, dubbed 'SquidLoader,' has been identified in phishing campaigns targeting organizations primarily in China since late April 2024. The malware is delivered via executable files disguised as Microsoft Word docum...

Rust-Based 'Fickle Stealer' Malware Bypasses UAC to Steal Crypto Wallets and Browser Data

A new information stealer written in the Rust programming language, named 'Fickle Stealer,' has been discovered in the wild. The malware is highly versatile, using multiple distribution methods and a PowerShell script to bypass Windows User Account Control (UA...

U.S. Hospitals to Face New Mandatory Cybersecurity Rules from HHS

The U.S. Department of Health and Human Services (HHS) is poised to release new, mandatory minimum cybersecurity standards for hospitals in the coming weeks. This move aims to strengthen the healthcare sector's defenses against escalating cyberattacks. The new...

CISA Orders Federal Agencies to Patch Actively Exploited Linux Kernel Flaw (CVE-2024-1086)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity privilege escalation vulnerability in the Linux kernel, tracked as CVE-2024-1086, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score...

Cilium and eBPF Highlighted for Advanced Cloud-Native Networking, Observability, and Security

Recent articles have highlighted Cilium, a powerful open-source project that is transforming cloud-native networking and security. By leveraging a revolutionary Linux kernel technology called eBPF (Extended Berkeley Packet Filter), Cilium provides high-perform...

Article Updates

Snowflake Cloud Platform Breach Hits 165 Customers, Including Ticketmaster and Santander

Update:The Snowflake customer breach has escalated with threat actor UNC5537 (tracked by Mandiant) now issuing extortion demands ranging from $300,000 to $5 million to prevent the public sale of stolen data. The campaign, which exploited weak or stolen credentials vi...