2026-05-25: Supply chain attacks hit developer ecosystems with 34 malicious packages stealing credentials

2026-06-08: SolarWinds Serv-U exploit is live in the wild with CISA adding CVE-2026-28318 to the KEV catalog

SHOW NOTES - 2026-06-08 STORIES COVERED * Date: * Today: * SolarWinds Serv-U Vulnerability Exploited in the Wild (CVE-2026-28318) [https://www.securityweek.com/solarwinds-patches-exploited-serv-u-vulnerability/] [Critical Alerts] * UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign [https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html] [Critical Alerts] * Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse [https://www.securityweek.com/meta-says-20000-instagram-accounts-hacked-via-ai-tool-abuse/] [Business & Infrastructure Threats] * UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency [https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal] [Business & Infrastructure Threats] * C0XMO Botnet Spreads via DD-WRT Router Flaw, Kills Rival Malware [https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/] [Business & Infrastructure Threats] * RubyGems Adds Dependency Cooldowns to Counter Supply Chain Attacks [https://news.risky.biz/risky-bulletin-rubygems-adds-dependency-cooldowns-to-counter-supply-chain-attacks/] [General Security News] * VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks [https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html] [General Security News] * OpenAI Rolling Out ChatGPT Account Security Controls [https://www.securityweek.com/openai-rolling-out-chatgpt-account-security-controls/] [General Security News] CVES REFERENCED CVE-2021-27137, CVE-2026-28318 INDICATORS OF COMPROMISE Domains: privnote[.]com, -itdesk[.]com, -it[.]com, -helpdesk[.]com. Read the full brief [https://carolinacleartech.com/brief/2026-06-08/]

2026-06-07: WordPress site takeovers are spreading via a critical Everest Forms Pro exploit that creates rogue

SHOW NOTES - 2026-06-07 STORIES COVERED * 2026-06-07 * Today: * Cisco SD-WAN Zero-Day Under Active Attack [https://www.theregister.com/personal-tech/2026/06/07/uk-exam-watchdog-frets-over-smart-specs-turning-gcses-into-google-searches/5251365] [Critical Alerts] * Critical Everest Forms Pro Flaw Exploited to Take Over WordPress Sites (CVE-2026-3300) [https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/] [Critical Alerts] * Exposed Fuel Tank Gauges Under Attack in the US [https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us] [Critical Alerts] * Adaptive AI Worms Loom as Next Enterprise Threat [https://www.darkreading.com/cyber-risk/adaptive-agentic-ai-worms-enterprise-cyber-threat] [Business & Infrastructure Threats] * ChatGPT Lockdown Mode Limits Data Exfiltration Tools [https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html] [Business & Infrastructure Threats] * CVE-2026-3300: Everest Forms Pro Unauthenticated RCE [https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/] [Vulnerability Disclosures] * CVE-2026-50219: libexpat Use-After-Free Vulnerability [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50219] [Vulnerability Disclosures] * CVE-2026-8643: pip Path Traversal in Script Installation [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8643] [Vulnerability Disclosures] * CVE-2026-7774: Python tarfile Path Traversal Bypass [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7774] [Vulnerability Disclosures] * CVE-2026-11332: Ansible-core Argument Injection in ansible-galaxy [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11332] [Vulnerability Disclosures] * CVE-2026-3276: Python DoS via Quadratic Complexity in unicodedata.normalize() [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3276] [Vulnerability Disclosures] * CVE-2026-43958: RRDtool Stack Buffer Overflow [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43958] [Vulnerability Disclosures] * CVE-2026-10722: cilium eBPF Integer Overflow [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10722] [Vulnerability Disclosures] * CVE-2026-37460: FRRouting BGP DoS Vulnerability [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-37460] [Vulnerability Disclosures] * CVE-2026-42504: Go mime Package Quadratic Complexity DoS [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42504] [Vulnerability Disclosures] * CVE-2026-42507: Go net/textproto Unescaped Input in Errors [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42507] [Vulnerability Disclosures] * CVE-2026-27145: Go Inefficient Hostname Parsing in crypto/x509 [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27145] [Vulnerability Disclosures] * CVE-2026-8829: Perl HTML::Entities Use-After-Free [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8829] [Vulnerability Disclosures] * CVE-2026-5419: GnuTLS Timing Side-Channel in PKCS#7 Padding [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5419] [Vulnerability Disclosures] * Opal Security Raises $23 Million for AI-Native Identity Governance [https://www.securityweek.com/opal-security-raises-23-million-for-ai-native-identity-governance/] [General Security News] CVES REFERENCED CVE-2026-10722, CVE-2026-11332, CVE-2026-27145, CVE-2026-3276, CVE-2026-3300, CVE-2026-37460, CVE-2026-42504, CVE-2026-42507, CVE-2026-43958, CVE-2026-50219, CVE-2026-5419, CVE-2026-7774, CVE-2026-8643, CVE-2026-8829 INDICATORS OF COMPROMISE IP Addresses: 202.56.2.126, 209.146.60.26 Read the full brief [https://carolinacleartech.com/brief/2026-06-07/]

2026-06-06: SolarWinds Serv-U and Cisco SD-WAN vulnerabilities are being exploited in the wild with no patch

SHOW NOTES - 2026-06-06 STORIES COVERED * Today: * SolarWinds Serv-U CVE-2026-28318 Denial-of-Service Vulnerability (CISA KEV) [https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/] [Critical Alerts] * Cisco Catalyst SD-WAN Manager CVE-2026-20245 Actively Exploited (No Patch Available) [https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html] [Critical Alerts] * Palo Alto PAN-OS CVE-2026-0257 GlobalProtect Authentication Bypass [https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/] [Critical Alerts] * UNC3753 (Luna Moth, Chatty Spider) Vishing Campaign Targets US Law Firms [https://cloud.google.com/blog/topics/threat-intelligence/targeted-campaign-us-law-firms/] [Ransomware & Extortion] * Over 900 US Automatic Tank Gauge Systems Exposed to Attacks [https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/] [Business & Infrastructure Threats] * IronWorm and Miasma Worm Hit npm Supply Chain [https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html] [Business & Infrastructure Threats] * Smart TV Apps Turn Devices Into Web-Scraping Proxies for AI [https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html] [Business & Infrastructure Threats] * Microsoft Claude Code GitHub Action Exposes CI/CD Secrets [https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case/] [Business & Infrastructure Threats] * Chinese APT UNC5221 Deploys New Malware (Plenet, AgentPSD) for Persistent Access [https://www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/] [Windows / AD Security] * OP-512 Threat Cluster Targets Microsoft IIS Servers with Custom Web Shell Framework [https://thehackernews.com/2026/06/new-threat-cluster-op-512-targets.html] [Windows / AD Security] * Polyfill Service Reactivation Causes Login Prompts on Major Websites [https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/] [General Security News] * 2026 Verizon DBIR Highlights Browser-Based Attacks and Shadow AI [https://www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/] [General Security News] * Vulnerability Disclosure Dispute Between Microsoft and Nightmare Eclipse Researcher [https://cyberscoop.com/microsoft-coordinated-vulnerability-disclosure-debacle/] [General Security News] * AI Agent Discovers 21 Zero-Days in FFmpeg [https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html] [Vulnerability Disclosures] * Chrome 149 Patches Record 429 Vulnerabilities [https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html] [Vulnerability Disclosures] * Sound Blaster Katana V2X Speaker Remote Code Execution via Bluetooth [https://arstechnica.com/security/2026/06/highly-reviewed-speaker-can-be-hacked-over-the-air-to-infect-connected-devices/] [Vulnerability Disclosures] CVES REFERENCED CVE-2021-35211, CVE-2022-20775, CVE-2024-28995, CVE-2026-0257, CVE-2026-10881, CVE-2026-20122, CVE-2026-20127, CVE-2026-20128, CVE-2026-20133, CVE-2026-20182, CVE-2026-20245, CVE-2026-28318, CVE-2026-39210, CVE-2026-39218 INDICATORS OF COMPROMISE Domains: lhlsjcb[.]com., polyfill[.]io IP Addresses: 23.128.228.6, 104.207.144.154, 146.19.216.119, 146.19.216.120, 146.19.216.125, 179.43.172.213, 185.195.232.139, 198.12.106.60, 202.144.192.47 Read the full brief [https://carolinacleartech.com/brief/2026-06-06/]

2026-06-05: Cisco discloses seventh SD-WAN zero-day this year, now actively exploited for root escalation with

SHOW NOTES - 2026-06-05 STORIES COVERED * June 5, 2026 * Today: * Cisco SD-WAN Zero-Day Actively Exploited (CVE-2026-20245) [https://www.bleepingcomputer.com/news/security/new-cisco-sd-wan-flaw-exploited-in-zero-day-attacks-to-gain-root/] [Critical Alerts] * Cisco Unified CM Critical SSRF with Public PoC (CVE-2026-20230) [https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-unified-cm-flaw-with-poc-exploit-code/] [Critical Alerts] * Windows 11 Zero-Day (CVE-2026-0257) [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-23-7/] [Critical Alerts] * AI Agents as Insider Threat [https://cyberscoop.com/ai-agent-insider-threat-cybersecurity-dtex/] [Business & Infrastructure Threats] * Claude Code GitHub Action Repository Takeover [https://thehackernews.com/2026/06/claude-code-github-action-flaw-let-one.html] [Business & Infrastructure Threats] * Microsoft Agentic AI Failure Modes v2.0 [https://www.microsoft.com/en-us/security/blog/2026/06/04/updating-taxonomy-failure-modes-agentic-ai-systems-year-red-teaming-taught-us/] [Business & Infrastructure Threats] * UN World Food Programme Gaza Breach (600,000 Households) [https://www.bleepingcomputer.com/news/security/un-world-food-programme-breach-affects-600-000-gaza-households/] [Business & Infrastructure Threats] * DentaQuest Breach (2.6 Million Accounts) [https://www.bleepingcomputer.com/news/security/dentaquest-data-breach-exposed-info-of-26-million-accounts/] [Business & Infrastructure Threats] * China-Linked TA4922 Expands to Europe [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-23-7/] [Ransomware & Extortion] * IronWorm npm Supply Chain Attack (36 Packages) [https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/] [Ransomware & Extortion] * Russian Mobile Spyware Operation [https://thehackernews.com/2026/06/threatsday-bulletin-ai-agents-gone.html] [Ransomware & Extortion] * Microsoft M365 Copilot RCE (CVE-2026-45497) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45497] [Windows / AD Security] * Windows Driver Update Issue [https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-unexpected-windows-driver-updates-on-caching-issue/] [Windows / AD Security] * Chrome 149 Patches Record 429 Vulnerabilities [https://www.securityweek.com/chrome-149-patches-429-vulnerabilities/] [General Security News] * Hola Browser Supply Chain Compromise [https://www.bleepingcomputer.com/news/security/hola-browser-for-windows-compromised-to-deliver-cryptominer/] [General Security News] * Everest Forms Pro WordPress RCE Actively Exploited (CVE-2026-3300) [https://thehackernews.com/2026/06/hackers-exploit-critical-everest-forms.html] [General Security News] * Magecart Campaign Abuses Stripe API [https://www.bleepingcomputer.com/news/security/credit-card-theft-campaign-abuses-stripe-to-host-stolen-payment-info/] [General Security News] * VIP Keylogger via JavaScript Loaders [https://isc.sans.edu/diary/rss/33054] [General Security News] * FlutterShell macOS Malvertising [https://thehackernews.com/2026/06/fluttershell-backdoor-spreads-to-macos.html] [General Security News] * FIFA World Cup 2026 Scams [https://thehackernews.com/2026/06/fifa-world-cup-2026-scams-are-already.html] [General Security News] * Hitachi Energy ICS Vulnerabilities [https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-04] [Vulnerability Disclosures] * B&R PPT30 OPC-UA DoS (CVE-2025-11482) [https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-03] [Vulnerability Disclosures] CVES REFERENCED CVE-2024-8176, CVE-2025-11482, CVE-2025-20309, CVE-2025-59375, CVE-2026-0257, CVE-2026-10881, CVE-2026-10882, CVE-2026-10883, CVE-2026-20045, CVE-2026-20127, CVE-2026-20182, CVE-2026-20230, CVE-2026-20245, CVE-2026-25253, CVE-2026-3300, CVE-2026-45497, CVE-2026-7310 INDICATORS OF COMPROMISE IP Addresses: 202.56.2.126, 209.146.60.26, 15.235.166.18, 185.78.165.153 Read the full brief [https://carolinacleartech.com/brief/2026-06-05/]

Cyber Threat Brief for 2026-06-04

SHOW NOTES - 2026-06-04 STORIES COVERED * June 4, 2026 * CISA Adds Three Actively Exploited Vulnerabilities to KEV Catalog [https://www.cisa.gov/news-events/alerts/2026/06/03/cisa-adds-one-known-exploited-vulnerability-catalog] [Critical Alerts] * Acer Wave 7 Routers Have Max-Severity Zero-Days Exposing Credentials [https://www.bleepingcomputer.com/news/security/acer-warns-of-max-severity-zero-days-affecting-wave-7-routers/] [Critical Alerts] * Microsoft 365 Android Apps Leaked OAuth Tokens via Debug Flag [https://thehackernews.com/2026/06/microsoft-365-android-apps-let-any-app.html] [Business & Infrastructure Threats] * Attackers Build Automated EDR Evasion Labs Using AI [https://www.darkreading.com/endpoint-security/attackers-automate-edr-evasion-testing] [Business & Infrastructure Threats] * CISA Warns of Cyberattacks Targeting Fuel Tank Monitoring Systems [https://www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/] [Business & Infrastructure Threats] * HTTP/2 Bomb DoS Attack Crashes Web Servers in Seconds [https://www.bleepingcomputer.com/news/security/new-http-2-bomb-dos-attack-crashes-web-servers-in-under-a-minute/] [Business & Infrastructure Threats] * Fake Sites Mimicking Open-Source Tools Deliver Malware via Traffic Distribution System [https://research.checkpoint.com/2026/impersonation-click-hijacking-and-tds-inside-a-malware-distribution-ecosystem/] [Business & Infrastructure Threats] * Stock Exchange Executive's Outlook Mailbox Compromised for Five Months [https://thehackernews.com/2026/06/hackers-spied-on-stock-exchange.html] [Business & Infrastructure Threats] * TA4922 Chinese Cybercrime Group Expands to Europe with Atlas RAT [https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-atlas-rat-malware-in-european-cyberattacks/] [Business & Infrastructure Threats] * DesckVB RAT Campaign Abuses Google DoubleClick for Evasion [https://thehackernews.com/2026/06/google-doubleclick-abused-in-new.html] [Business & Infrastructure Threats] * U.S. Sanctions Nobitex Crypto Exchange Used by Iranian Ransomware Actors [https://www.bleepingcomputer.com/news/security/the-us-sanctions-nobitex-crypto-exchange-used-by-ransomware/] [Business & Infrastructure Threats] * Active Directory Description Fields Stored Passwords in Plaintext [https://www.theregister.com/security/2026/06/04/all-the-passwords-were-stored-in-active-directory-description-fields/5250820] [Windows / AD Security] * Unpatched Windows Search URI Vulnerability Leaks NTLMv2 Hashes [https://thehackernews.com/2026/06/unpatched-windows-search-uri.html] [Windows / AD Security] * One-Click GitHub.dev Attack Steals Full OAuth Tokens [https://thehackernews.com/2026/06/one-click-github-dev-attack-lets.html] [Vulnerability Disclosures] * Autonomous AI Tool Finds 2-Year-Old Redis RCE (CVE-2026-23479) [https://thehackernews.com/2026/06/autonomous-ai-tool-finds-2-year-old-rce.html] [Vulnerability Disclosures] * Google Gemini Prompt Injection via Android Notifications [https://www.darkreading.com/application-security/malicious-notifications-could-trick-google-gemini-users] [Vulnerability Disclosures] * Open-Source AI Models Used to Build Self-Spreading Worms [https://www.theregister.com/research/2026/06/04/free-ai-model-powers-self-spreading-worm-in-enterprise-test-network/5250918] [General Security News] * Cyber Insurance Rates Drop but Exclusions Widen [https://www.darkreading.com/cyber-risk/cyber-insurance-rates-drop-exclusions-widen] [General Security News] * Police Dismantle 9 Crime Groups in Illegal Streaming Crackdown [https://www.bleepingcomputer.com/news/security/police-dismantles-9-crime-groups-in-illegal-streaming-crackdown/] [General Security News] CVES REFERENCED CVE-2022-0492, CVE-2023-35636, CVE-2025-48595, CVE-2026-23479, CVE-2026-33829, CVE-2026-41100, CVE-2026-41101, CVE-2026-41102, CVE-2026-42832, CVE-2026-45247, CVE-2026-49200, CVE-2026-49201, CVE-2026-49975 INDICATORS OF COMPROMISE IP Addresses: 10.0.1.100 Read the full brief [https://carolinacleartech.com/brief/2026-06-04/]