Security Round-Up

CONTENTS

DataBreaches.net ( 5 )
CVEMon Intruder ( 10 )
Graham Cluley ( 2 )
Hacker News ( 13 )
Schneier on Security ( 2 )

---

DataBreaches.net

06/21 TOC Brazils Civil Defense suffers a cyberattack on its official alert netw…

This is the kind of cyberattack that can put lives at risk and makes me want to wring some necks if I wasn’t so old and feeble. Demócrata reports: Brazil’s Civil Defense has reported this Saturday that its official alert system has been the target of a cyberattack, an incident that is already being investigated…

Source

06/21 TOC Two Data Breaches Didnt Sink Novo Nordisks Stock. Why Not?

June was a challenging month for Novo Nordisk regarding cybersecurity and intellectual property protection. The pharma giant allegedly had some of its data — including intellectual property — stolen by two independent groups of threat actors. Unaware of each other, each group claimed to have acquired a large amount of valuable information. One demanded $25…

Source

06/21 TOC Klue OAuth breach victim list grows as Icarus hackers claim attack

Lawrence Abrams reports: Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack. The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce…

Source

06/20 TOC Global Schools Group Obtained Two Court Injunctions That Didnt Seem to…

Following a major data security incident involving sensitive student and parent information, Global Schools Group sought court injunctions prohibiting the publication of data acquired by FulcrumSec. They obtained the injunctions, but once again, injunctions do not affect threat actors — or at least, not in the way the plaintiffs hoped.  Yesterday, DataBreaches reported that Global…

Source

06/19 TOC Bombay High Court Blocks FulcrumSec Data Leak (3)

Another day, another injunction. When DataBreaches read the news headline, our first thought was that this was an injunction sought by Global Schools Group. Our first impression was correct, but it took a reminder from FulcrumSec to realize that it was GSG-connected.  Ananya Iyer  reports: The Bombay High Court issued an interim order restraining the…

Source

---

CVEMon Intruder

06/22 TOC CVE-2026-20045

Currently trending CVE – Hype Score: 12 – A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex …

06/22 TOC CVE-2026-7524

Currently trending CVE – Hype Score: 10 – IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

06/22 TOC CVE-2026-7687

Currently trending CVE – Hype Score: 10 – A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can …

06/22 TOC CVE-2026-7700

Currently trending CVE – Hype Score: 10 – A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be …

06/22 TOC CVE-2026-12779

Currently trending CVE – Hype Score: 9 – A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local …

06/22 TOC CVE-2026-12778

Currently trending CVE – Hype Score: 9 – A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit …

06/22 TOC CVE-2026-12217

Currently trending CVE – Hype Score: 9 – A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The …

06/22 TOC CVE-2026-12784

Currently trending CVE – Hype Score: 9

06/22 TOC CVE-2026-12786

Currently trending CVE – Hype Score: 9

06/22 TOC CVE-2026-12782

Currently trending CVE – Hype Score: 9

---

Graham Cluley

06/19 TOC Apples Hide My Email tweak leaves privacy fans fuming

Apple has long marketed itself as the privacy-first tech giant. So why is it making a change to Hide My Email that will make it easier for websites to block anonymous sign-ups – and harder for you to stay private online? Read more in my article on the Hot for Security blog.

06/19 TOC Imposter scams cost Americans $3.5 billion in 2025 and its getting wo…

Someone is pretending to be your bank, your government, or your local planning office. And according to the FTC, they’re making billions doing it. Read more in my article on the Fortra blog.

---

Hacker News

06/22 TOC Canadas Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infe…

Canada’s spy service got a judge’s permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence Service has used its threat reduction warrant powers this way. The warrant let CSIS alter,

06/22 TOC AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissanc…

A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin’s XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The distinction matters. AryStinger exists for the stage of an attack that comes before the break-in. Infected

06/22 TOC INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across As…

A new report from INTERPOL has revealed a “dramatic increase” in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, phishing has emerged as the most widespread and

06/19 TOC Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boo…

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use. This is not a remote attack. It requires

06/19 TOC The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Secur…

The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is centered around a framework that’s known as GentleKiller. “They also incorporate third-party or

06/19 TOC AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execut…

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on the same machine and spawn a process on the host. No credentials, no sign-in screen, and no further user interaction once

06/19 TOC CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devi…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at

06/19 TOC From Assistive to Agentic: The AI Shift That’s Redefining Threat Manag…

Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes, generating (overlapping) alerts and data. And yet, breach dwell times remain stubbornly long (~43 days), response windows keep closing before teams can act, and analysts burn out triaging noise instead

06/19 TOC Forget Data Leakage: Shadow AI’s Real Threat Is Access Control

The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time. It doesn’t fit the problem anymore. Shadow AI has shifted from a data leakage concern to an access control problem. The threat isn’t

06/19 TOC Salesforce Disables Klue App Integration After OAuth Token Abuse Expos…

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice, the American cloud-based software company noted in an alert published this week. “Salesforce took

06/19 TOC Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via …

Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device without user consent.

---

Schneier on Security

06/19 TOC Friday Squid Blogging: Victims of Unregulated Squid Fishing

Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets.

Another news article.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

06/19 TOC Anthropics Fable and the State of AI

On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone.

The government’s actions won’t help. The problem isn’t any one particular model; it’s the general trend of increasing AI capabilities. And any real solution requires the sort of collective action that just isn’t possible right now…