https://vulnerability.circl.lu/sightings/feed 2026-06-25T08:59:54.058688+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/79db8069-1426-45ab-a385-b0f7f3477cf7/export 2026-06-25T08:59:54.073712+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "79db8069-1426-45ab-a385-b0f7f3477cf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mozebhypd22b", "content": "If your network routes web traffic through a Squid proxy, credentials may be leaking. A new flaw, Squidbleed (CVE-2026-47729), lets attackers read other users' cleartext HTTP requests, including auth headers and session tokens. The bug sat in Squid's default code since 1997. A patch is out.", "creation_timestamp": "2026-06-24T07:09:37.388711Z"} 2026-06-24T07:09:37.388711+00:00 https://vulnerability.circl.lu/sighting/b4073377-fad5-4e6a-9526-df1102dbfa61/export 2026-06-25T08:59:54.073613+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "b4073377-fad5-4e6a-9526-df1102dbfa61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://threatintel.cc/2026/06/24/morning-cyber-summary.html", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks\n\nSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/\nResearchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel’s process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.\n\nMythos Discovers ‘Squidbleed,’ a Memory Leak That’s Gone Undetected Since Clinton Era\n\nSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/\nA 29-year-old vulnerability dubbed “Squidbleed” (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic’s Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.\n\nFortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s Suomessa\n\nSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa\nThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.\n\nCVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.\n\nSource URL: https://isc.sans.edu/diary/rss/33094\nDespite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.\n\nNew macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer\n\nSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/\nA novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.\n\n‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows\n\nSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows\nDubbed “Cordyceps,” a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.\n\nThe Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration\n\nSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/\nPalo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization’s active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.\n\nLastPass Confirms Data Breach in Klue Supply Chain Attack\n\nSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/\nLastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.\n\nTata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online\n\nSource URL: https://therecord.media/tata-electronics-confirms-cyberattack\nIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group “World Leaks,” who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.\n\nPayouts King Ransomware Initial Access Broker Deploys New Edgecution Malware\n\nSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution\nZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed “Edgecution,” deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.\n\nAI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns\n\nSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/\nAn international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.\n\n14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI\n\nSource URL: https://www.nippon.com/en/news/yjj2026062301023/\nJapanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.\n\nActive Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk\n\nSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/\nThreat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco’s Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-24T09:50:42.000000Z"} 2026-06-24T09:50:42+00:00 https://vulnerability.circl.lu/sighting/6da0e740-241a-4491-a33a-87a1c75c6aa9/export 2026-06-25T08:59:54.073513+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "6da0e740-241a-4491-a33a-87a1c75c6aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116804930613951549", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel AttacksSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/Researchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel's process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.Mythos Discovers 'Squidbleed,' a Memory Leak That's Gone Undetected Since Clinton EraSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/A 29-year-old vulnerability dubbed \"Squidbleed\" (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic's Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.FortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s SuomessaSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessaThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.Source URL: https://isc.sans.edu/diary/rss/33094Despite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.New macOS ClickFix Attack Silently Mounts DMGs to Push InfostealerSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/A novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer WorkflowsSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflowsDubbed \"Cordyceps,\" a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data ExfiltrationSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/Palo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization's active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.LastPass Confirms Data Breach in Klue Supply Chain AttackSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/LastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.Tata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear OnlineSource URL: https://therecord.media/tata-electronics-confirms-cyberattackIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group \"World Leaks,\" who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.Payouts King Ransomware Initial Access Broker Deploys New Edgecution MalwareSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecutionZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed \"Edgecution,\" deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.AI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance WarnsSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/An international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDISource URL: https://www.nippon.com/en/news/yjj2026062301023/Japanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.Active Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level RiskSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/Threat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco's Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-24T11:49:58.294754Z"} 2026-06-24T11:49:58.294754+00:00 https://vulnerability.circl.lu/sighting/5bd27951-3642-4611-8b1c-1690c79e4dcc/export 2026-06-25T08:59:54.073449+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "5bd27951-3642-4611-8b1c-1690c79e4dcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/modat-io.bsky.social/post/3mp22t4l6222l", "content": "\u26a0\ufe0f Squidbleed (CVE-2026-47729, CVSS 6.5): a flaw in Squid's FTP parser that can leak another user's cleartext HTTP request, including credentials, to someone already using the same proxy. Upgrade and verify the patch, or disable FTP. Query: technology=\"Squid Proxy\"", "creation_timestamp": "2026-06-24T13:53:18.234130Z"} 2026-06-24T13:53:18.234130+00:00 https://vulnerability.circl.lu/sighting/96a6de23-b226-4d2c-b95e-11359b1415ec/export 2026-06-25T08:59:54.073380+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "96a6de23-b226-4d2c-b95e-11359b1415ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://threatintel.cc/2026/06/23/decadesold-squid-proxy-flaw-squidbleed.html", "content": "Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data - SecurityWeek\n\nA decades-old memory leak vulnerability in Squid Proxy, dubbed Squidbleed (CVE-2026-47729), allows attackers to capture sensitive cleartext HTTP data from shared network environments. Security researchers identified this flaw using AI, and users can secure their systems by applying the official patch or disabling FTP support.", "creation_timestamp": "2026-06-24T16:00:54.554965Z"} 2026-06-24T16:00:54.554965+00:00 https://vulnerability.circl.lu/sighting/e2be4760-a141-4153-8acc-3b025a99ce8b/export 2026-06-25T08:59:54.073316+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "e2be4760-a141-4153-8acc-3b025a99ce8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mp2gmdwfrf2b", "content": "Re: Squid CVE-2026-47729 and CVE-2026-50012", "creation_timestamp": "2026-06-24T17:24:08.635664Z"} 2026-06-24T17:24:08.635664+00:00 https://vulnerability.circl.lu/sighting/46ef2073-c099-483b-ae16-7e6242058093/export 2026-06-25T08:59:54.073251+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "46ef2073-c099-483b-ae16-7e6242058093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mp2kns75ze2g", "content": "Squidbleed (CVE-2026-47729) #appsec", "creation_timestamp": "2026-06-24T18:36:32.362275Z"} 2026-06-24T18:36:32.362275+00:00 https://vulnerability.circl.lu/sighting/cd121df1-ee34-40a1-b927-8618cfca3811/export 2026-06-25T08:59:54.073182+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "cd121df1-ee34-40a1-b927-8618cfca3811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mp2kzpe7xx2t", "content": "Re: Squid CVE-2026-47729 and CVE-2026-50012", "creation_timestamp": "2026-06-24T18:43:11.836279Z"} 2026-06-24T18:43:11.836279+00:00 https://vulnerability.circl.lu/sighting/a19f82c3-8461-497b-adb8-7eb35e379c61/export 2026-06-25T08:59:54.073052+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "a19f82c3-8461-497b-adb8-7eb35e379c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://threatintel.cc/2026/06/24/morning-cyber-summary.html", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks\n\nSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/\nResearchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel’s process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.\n\nMythos Discovers ‘Squidbleed,’ a Memory Leak That’s Gone Undetected Since Clinton Era\n\nSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/\nA 29-year-old vulnerability dubbed “Squidbleed” (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic’s Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.\n\nFortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s Suomessa\n\nSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa\nThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.\n\nCVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.\n\nSource URL: https://isc.sans.edu/diary/rss/33094\nDespite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.\n\nNew macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer\n\nSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/\nA novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.\n\n‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows\n\nSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows\nDubbed “Cordyceps,” a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.\n\nThe Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration\n\nSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/\nPalo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization’s active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.\n\nLastPass Confirms Data Breach in Klue Supply Chain Attack\n\nSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/\nLastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.\n\nTata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online\n\nSource URL: https://therecord.media/tata-electronics-confirms-cyberattack\nIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group “World Leaks,” who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.\n\nPayouts King Ransomware Initial Access Broker Deploys New Edgecution Malware\n\nSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution\nZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed “Edgecution,” deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.\n\nAI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns\n\nSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/\nAn international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.\n\n14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI\n\nSource URL: https://www.nippon.com/en/news/yjj2026062301023/\nJapanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.\n\nActive Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk\n\nSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/\nThreat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco’s Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-25T01:00:41.027623Z"} 2026-06-25T01:00:41.027623+00:00 https://vulnerability.circl.lu/sighting/d7579f14-4a73-4e2b-ac19-bee92a7e4a2c/export 2026-06-25T08:59:54.071367+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "d7579f14-4a73-4e2b-ac19-bee92a7e4a2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mp3f5lq7nf2t", "content": "Top 3 CVE for last 7 days:\nCVE-2026-55200: 44 interactions\nCVE-2026-47729: 18 interactions\nCVE-2026-50656: 17 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-55200: 35 interactions\nCVE-2026-20230: 8 interactions\nCVE-2026-20245: 7 interactions\n", "creation_timestamp": "2026-06-25T02:30:39.376264Z"} 2026-06-25T02:30:39.376264+00:00