Cybersecurity Daily: News & Threats
(00:00:00) Space Surge, Icarus OAuth & Chrome Zero-Day CVE-2026-11645 (00:00:51) Klue Breach Hits Security Vendors (00:01:51) Bajaj Auto Ransomware Disclosed (00:02:37) FortiBleed Automated Domain Takeover (00:03:13) Five Eyes AI Warning and GPT-5.5-Cyber (00:04:13) Chrome Zero-Day CVE-2026-11645 Today's cybersecurity briefing opens with the sharpest signal in weeks: a 400% surge in cyberattacks against space infrastructure, timed to the escalation of U.S. and Israeli military operations against Iran. The attacks blend nation-state sophistication with hacktivist volume, targeting defense contractors, aerospace operators, and satellite systems in what appears to be large-scale reconnaissance — or pre-positioning for future disruption. The Icarus OAuth breach is the day's defining supply chain story. A newly attributed extortion group stole OAuth tokens via a compromised Klue-Salesforce integration, exposing CRM data at Huntress, Recorded Future, Tanium, Jamf, HackerOne, Snyk, and others. The victims are security vendors — companies whose core business is protecting others. The vector was a trusted third-party connector, not a direct attack. That's exactly what makes it so effective. India's Bajaj Auto confirmed a ransomware attack on June 23rd affecting parent systems and subsidiary BATL. Containment is ongoing; exfiltration is unconfirmed. For a manufacturer at this scale, the operational risk extends well beyond data loss into production disruption and supply chain exposure. The FortiBleed campaign demonstrates what AI-assisted exploitation looks like at scale: GPU-powered credential cracking, OpenFortiVPN pivoting, and an automated AI penetration agent achieving full domain compromise across thousands of networks. The Five Eyes alliance issued a coordinated warning the same day, flagging that frontier AI models are compressing the window from vulnerability discovery to active exploitation from years to months. Finally, a Chrome V8 zero-day — CVE-2026-11645 — is being actively exploited in the wild. Patch status is unconfirmed as of this recording. Enterprise browser policy teams should treat this as a priority item today. This episode includes AI-generated content.
64 episodes
Comments
0Be the first to comment
Sign up now and become a member of the Cybersecurity Daily: News & Threats community!