Daily Digest

Critical 'CosmicSting' Flaw Endangers E-commerce, 'SquidLoader' Malware Targets China, and Snowflake Breach Fallout Continues

Critical 'CosmicSting' Flaw Endangers E-commerce, 'SquidLoader' Malware Targets China, and Snowflake Breach Fallout Continues

June 21, 2026
7 articles (6 new, 1 updated)
21 min read

Summary

This cybersecurity brief for June 21, 2024, covers several major developing threats. A critical vulnerability dubbed 'CosmicSting' (CVE-2024-34102) with a 9.8 CVSS score leaves an estimated 75% of Adobe Commerce and Magento sites exposed to remote code execution. Meanwhile, a new evasive malware, 'SquidLoader,' is targeting Chinese organizations to deliver Cobalt Strike. The fallout from the massive Snowflake data theft campaign continues, with attackers now issuing ransom demands of up to $5 million to victims. Additionally, CISA has mandated patching for an actively exploited Linux kernel flaw, and the U.S. government is preparing to roll out mandatory cybersecurity rules for hospitals.

Filter by Category

New Articles (6)

Unpatched "CosmicSting" Flaw Leaves 75% of Magento & Adobe Commerce Sites Open to RCE

CRITICAL

Critical CosmicSting Vulnerability (CVE-2024-34102) Exposes Thousands of Unpatched E-commerce Stores

A critical XML External Entity (XXE) vulnerability, dubbed 'CosmicSting' and tracked as CVE-2024-34102, is affecting Adobe Commerce and Magento platforms. With a CVSS score of 9.8, the flaw allows unauthenticated attackers to read sensitive server files. When chained with a second vulnerability (CVE-2024-2961) in the GNU C Library, it can be escalated to full remote code execution (RCE). Security firm Sansec reported that as of June 20, 2024, approximately 75% of vulnerable e-commerce sites remained unpatched, placing them at severe risk of data theft, payment skimmer injection, and complete server compromise. The ease of automating the attack raises concerns about potential mass exploitation campaigns against the unpatched sites.

June 21, 2026
5 min read
XXERCEMagentoAdobe CommerceE-commerce +2 more
Unpatched "CosmicSting" Flaw Leaves 75% of Magento & Adobe Commerce Sites Open to RCE

New 'SquidLoader' Malware Uses Advanced Evasion to Target Chinese Orgs with Cobalt Strike

HIGH

Highly Evasive 'SquidLoader' Malware Campaign Delivers Cobalt Strike to Chinese Organizations

A sophisticated and highly evasive malware loader, dubbed 'SquidLoader,' has been identified in phishing campaigns targeting organizations primarily in China since late April 2024. The malware is delivered via executable files disguised as Microsoft Word documents. SquidLoader employs a suite of advanced anti-analysis and defense evasion techniques, including code encryption, control flow obfuscation, and direct syscalls, to avoid detection. Its primary function is to download and execute second-stage payloads from a remote server, with the post-exploitation framework Cobalt Strike being the most frequently observed payload. While the focus is on China, victims have also been found in the U.S., U.K., and Japan, suggesting a broader operational scope.

June 21, 2026
5 min read
SquidLoaderMalwareCobalt StrikePhishingAPT +1 more
New 'SquidLoader' Malware Uses Advanced Evasion to Target Chinese Orgs with Cobalt Strike

Rust-Based 'Fickle Stealer' Malware Bypasses UAC to Steal Crypto Wallets and Browser Data

HIGH

New 'Fickle Stealer' Malware Written in Rust Employs UAC Bypass to Exfiltrate Sensitive Data

A new information stealer written in the Rust programming language, named 'Fickle Stealer,' has been discovered in the wild. The malware is highly versatile, using multiple distribution methods and a PowerShell script to bypass Windows User Account Control (UAC). Its primary goal is to steal a wide array of sensitive information, including credentials from cryptocurrency wallets, web browsers like Chrome and Firefox, and various applications such as Discord, Steam, and Telegram. Stolen data is exfiltrated to a Telegram bot controlled by the attackers, highlighting the use of legitimate services for command-and-control infrastructure.

June 21, 2026
5 min read
Fickle StealerInfoStealerRustMalwarePowerShell +2 more
Rust-Based 'Fickle Stealer' Malware Bypasses UAC to Steal Crypto Wallets and Browser Data

U.S. Hospitals to Face New Mandatory Cybersecurity Rules from HHS

INFORMATIONAL

HHS Prepares to Launch Mandatory Minimum Cybersecurity Standards for U.S. Hospitals

The U.S. Department of Health and Human Services (HHS) is poised to release new, mandatory minimum cybersecurity standards for hospitals in the coming weeks. This move aims to strengthen the healthcare sector's defenses against escalating cyberattacks. The new regulations will be based on the 'Cybersecurity Performance Goals' (CPGs) published by HHS in January 2024, shifting them from voluntary guidance to enforceable requirements. The initial phase will focus on 'essential' CPGs, such as MFA and incident response planning, with potential financial penalties for non-compliance proposed for future years.

June 21, 2026
5 min read
HHSHealthcareCybersecurityComplianceRegulation +2 more
U.S. Hospitals to Face New Mandatory Cybersecurity Rules from HHS

CISA Orders Federal Agencies to Patch Actively Exploited Linux Kernel Flaw (CVE-2024-1086)

CRITICAL

CISA Adds Actively Exploited Linux Privilege Escalation Flaw (CVE-2024-1086) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity privilege escalation vulnerability in the Linux kernel, tracked as CVE-2024-1086, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score of 7.8, is a use-after-free weakness in the netfilter component that can be exploited by a local attacker to gain root privileges. Due to evidence of active exploitation, CISA set a deadline of June 20, 2024, for Federal Civilian Executive Branch agencies to apply the necessary patches, and strongly urges all organizations to prioritize remediation.

June 21, 2026
5 min read
CVE-2024-1086LinuxKernelPrivilege EscalationCISA +2 more
CISA Orders Federal Agencies to Patch Actively Exploited Linux Kernel Flaw (CVE-2024-1086)

Cilium and eBPF Highlighted for Advanced Cloud-Native Networking, Observability, and Security

INFORMATIONAL

Open-Source Project Cilium Leverages eBPF for High-Performance Cloud-Native Security

Recent articles have highlighted Cilium, a powerful open-source project that is transforming cloud-native networking and security. By leveraging a revolutionary Linux kernel technology called eBPF (Extended Berkeley Packet Filter), Cilium provides high-performance networking, deep observability, and advanced security policy enforcement without modifying application code or kernel source. It offers an identity-based security model capable of enforcing policies from Layer 3 to Layer 7, making it an increasingly popular choice for securing modern, dynamic environments like Kubernetes.

June 21, 2026
4 min read
CiliumeBPFKubernetesCloud NativeSecurity +3 more
Cilium and eBPF Highlighted for Advanced Cloud-Native Networking, Observability, and Security

Updated Articles (1)

Snowflake Cloud Platform Breach Hits 165 Customers, Including Ticketmaster and Santander

CRITICAL

Massive Snowflake Data Breach Impacts 165 Organizations After Attackers Bypass MFA with Stolen Credentials

Update:

The Snowflake customer breach has escalated with threat actor UNC5537 (tracked by Mandiant) now issuing extortion demands ranging from $300,000 to $5 million to prevent the public sale of stolen data. The campaign, which exploited weak or stolen credentials via a custom tool named 'Frostbite,' has added QuoteWizard (a LendingTree subsidiary) to its list of confirmed victims. This reinforces that the breaches stemmed from credential stuffing attacks, not a vulnerability in Snowflake's platform, highlighting the critical need for strong MFA and identity management.

June 7, 2026
Updated: June 21, 2026
7 min read
Snowflakedata breachcloud securityTicketmasterSantander +2 more
Snowflake Cloud Platform Breach Hits 165 Customers, Including Ticketmaster and Santander

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.