Security Affairs
- Get link
- X
- Other Apps
"New FBI alert: Russian intelligence uses Signal recovery keys to access messages."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 27 June 2026, 2246 UTC.
Content and Source provided by email subscription from https://feedly.com.
https://feedly.com/i/subscription/content/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybesecurityjournal.net).
30
Today
FBI warns Russian spies now target Signal Backup Recovery Keys, enabling access to message history and long-term account takeover. The FBI and CISA updated their March 2026 warning about Russian intelligence phishing campaigns, and the new advisory adds a detail that wasn’t in the original: the operators have shifted their primary objective from stealing verification codes to stealing Signal Back
Microsoft warns of a phishing campaign targeting the hospitality sector with fake guest emails that install TonRAT using resilient persistence. Microsoft Threat Intelligence published a detailed analysis on an ongoing hacking campaign against hospitality organizations that has been running since April 2026. The targets are specific: device names observed across compromised environments include st
Privilege Escalation (Enterprise TA0004)
by Pierluigi Paganini / 12h
DirtyClone: a Linux kernel privilege escalation that silently rewrites executables in memory, leaving no disk trace. Patch now. JFrog Security Research published a working exploit walkthrough on June 25 for CVE-2026-43503 (CVSS score of 8.8), a Linux kernel privilege escalation they call DirtyClone. It’s the fourth vulnerability in the DirtyFrag family, all sharing the same root failure: file-bac
Yesterday
Chinese-speaking APT CL-STA-1062 targeted Southeast Asian government and energy networks open-source tools, and a new TinyRCT backdoor. Palo Alto Networks Unit 42 researchers published a detailed report on a Chinese-speaking threat actor, tracked as CL-STA-1062, that has been running persistent operations across East Asia since at least March 2022 and shifted focus to Southeast Asian government e
Russian authorities used Cellebrite tools to unlock an activist’s iPhone and analyze private data despite canceled support, raising abuse concerns. On May 31, 2021, Russian security services pulled opposition activist Andrey Pivovarov off a flight at St. Petersburg airport and confiscated his iPhone 12 and MacBook. He never consented to a search and never gave up his passwords. Three weeks later,
3 TTPs
by Pierluigi Paganini / 1d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities (KEV) catalog . The two flaws added to the catalog are: CVE-2026-12569 (CVSS score of 9.3)
Jun 25, 2026
Polymarket confirmed hackers stole funds from some users after attackers injected malicious code through a compromised third-party vendor. Polymarket confirmed that a security breach at a third-party vendor allowed attackers to inject malicious code into its website, leading to the theft of funds from an undisclosed number of users. The company said it has contained the incident and is contacting
macOS.Gaslight: DPRK Rust implant for Mac with a prompt injection payload designed to fool AI-based malware analysts. SentinelLabs researchers spotted a Rust-based macOS implant, dubbed macOS.Gaslight, that surfaced in early June after an Apple XProtect update pointed to a VirusTotal sample uploaded on May 22. The binary was undetected by static engines at the time of writing. They named it macOS
Tata Electronics confirmed a data breach after hackers claimed to steal 630GB of data, including alleged Apple supplier and Tesla documents. Tata Electronics, a major supplier to Apple and Tesla, has confirmed a cybersecurity breach weeks after stolen data was advertised on a hacker forum. Tata Electronics confirmed a cyberattack affected parts of its IT infrastructure but said the incident did n
by Pierluigi Paganini / 2d
Curl fixed 18 vulnerabilities, including a 25-year-old bug, with issues spanning auth bypass, memory safety, and host validation in libcurl. Curl maintainers addressed eighteen vulnerabilities with a single update, and one of them goes back 25 years. That’s not a typo, it really sat there since the early 2000s. curl is a widely used open-source tool and library for transferring data over networks
Mistic is a stealthy backdoor used by KongTuke-linked actors to keep long-term access in ransomware-targeted networks. Mistic is the kind of backdoor that tells you the operator wants time, not noise. Symantec security researchers say it has shown up in financially motivated attacks against insurance, education, IT, and professional services firms, and they link it to KongTuke, also known as Wood
IoC > 1 file path
by Pierluigi Paganini / 2d
•11 TTPs
Hackers exploited Cisco Catalyst SD-WAN flaw CVE-2026-20245 as a zero-day months before disclosure, enabling privileged command execution. Google-owned Mandiant reported that an unknown threat actor exploited Cisco Catalyst SD-WAN vulnerability CVE-2026-20245 (CVSS base score of 7.8) as a zero-day at least two months before it was publicly disclosed. The flaw allows an authenticated attacker with
Jun 24, 2026
Third DraftKings hacker gets 18 months in prison for a 2022 credential-stuffing attack that compromised 1,600 accounts and stole $600,000. Nathan Austad, the third person sentenced over the 2022 DraftKings credential-stuffing attack , received 18 months in prison. The group used usernames and passwords stolen from other breaches to access about 1,600 accounts and steal roughly $600,000. Austad al
Operation Endgame disrupted malware services like StealC and Amadey that enable ransomware, fraud, and attacks on critical infrastructure. Between June 15 and 19, 2026, Europol coordinated a two-week law enforcement operation involving agencies from Canada, Denmark, Germany, the Netherlands, the UK, and the US, alongside private firms like Microsoft, Bitdefender, IBM X-Force, Proofpoint, Infoblox
by Pierluigi Paganini / 3d
Frontier AI could drive a 10x surge in vulnerabilities. CTEM helps organizations continuously identify, prioritize, and reduce real cyber risk. Your vulnerability management program was not designed for what is coming next. More than 40,000 CVEs were reported in 2025, breaking yet another record. Today, security experts anticipate that frontier AI-powered systems could drive a 10x surge in disclo
2 TTPs
by Pierluigi Paganini / 3d
Attackers exploit Cisco Unified CM flaw (CVE-2026-20230) allowing unauth HTTP requests to trigger SSRF, write files, and gain root access Cisco Unified Communications Manager has a serious vulnerability, tracked as CVE-2026-20230 (CVSS score of 8.6), that attackers are already exploiting. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentica
3 TTPs
by Pierluigi Paganini / 3d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities (KEV) catalog . The two flaws added to the catalog are: CVE-2025-67038 Lantronix ED
FortiBleed exposed valid credentials for 73,000+ Fortinet firewalls, revealing a large-scale access-brokering operation targeting organizations worldwide. In mid-June 2026, researcher Volodymyr
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.