2 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-06-23 21:7 : FFmpeg PixelSmash Vulnerability Enables Remote Code Execution
IT Security News Daily Summary 2026-06-23
161 posts were published in the last hour 21:7 : FFmpeg PixelSmash Vulnerability Enables Remote Code Execution 20:32 : FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation 20:10 : Architectural Collapse: How Extension Poisoning, Node Vulnerabilities, and Infrastructure Fog…
FFmpeg PixelSmash Vulnerability Enables Remote Code Execution
PixelSmash, a FFmpeg vulnerability, could allow specially crafted media files to trigger remote code execution. The post FFmpeg PixelSmash Vulnerability Enables Remote Code Execution appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential lists,…
Architectural Collapse: How Extension Poisoning, Node Vulnerabilities, and Infrastructure Fog Enabled the GitHub Repository Breach
Enterprise perimeter defenses are fundamentally built on an obsolete assumption that the developer’s workstation is a secure, trusted anchor point. The massive security breach executed by the threat group TeamPCP, resulting in the exfiltration of 3,800 internal GitHub source code…
Klue says hackers stole credential from 2022 that led to customer data breaches
It’s unclear why Klue had not revoked the credential after the limited pilot, which hackers then used to breach a system holding keys for accessing customers’ data. This article has been indexed from Security News | TechCrunch Read the original…
Innovator Spotlight: NAKIVO
NAKIVO: Closing the Gap Between Backup and Recovery In cybersecurity, there are certain assumptions that refuse to die. One of the most persistent is the belief that if an organization… The post Innovator Spotlight: NAKIVO appeared first on Cyber Defense…
Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity
DC, United States, 23rd June 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity
Colonial Pipeline: 2021 Hindsight and 2026 Insights
Five years after Colonial Pipeline, critical infrastructure still faces ransomware threats and OT security gaps. The post Colonial Pipeline: 2021 Hindsight and 2026 Insights appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed
The private events group, cofounded by Peter Thiel, says a “criminal” hacker is behind a breach that exposed members’ personal details. WIRED found no evidence a break-in was needed to access the files. This article has been indexed from Security…
Phantom APIs Are Eating Your Attack Surface, and Most Security Teams Are Still Looking the Other Way
I’ve spent the better part of fifteen years staring at API traffic logs for a living, and I can tell you the job has changed twice. The first shift came with microservices, when a handful of monolithic endpoints became thousands…
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability CVE-2026-34909 Ubiquiti UniFi OS Path Traversal…
Siemens Products using OpenSSL
View CSAF Summary OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution. Siemens has released new versions for several affected products…
Hubbell Aclara Metrum Cellular Web Interface
View CSAF Summary Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device. The following versions of Hubbell Aclara Metrum Cellular Web Interface are…
Claude Down – A Major Outage Affects Most of the Models
Anthropic experienced a service disruption on Tuesday that produced elevated error rates across multiple Claude models, according to the company’s official status page. By mid-afternoon UTC the company said a fix had been deployed and that it was monitoring systems…
AWS Warns Outbound Traffic Blind Spots Can Enable Cloud Data Exfiltration
Most organizations spend a lot of time locking the front door of their cloud environments. Firewalls, access controls, and web application filters get the bulk of attention because that is where visible threats tend to show up. But what leaves…
Bajaj Auto Confirms Systems Affected by Ransomware Attack
India’s leading two-wheeler manufacturer, Bajaj Auto, disclosed on Tuesday that it fell victim to a ransomware attack that compromised systems at both the parent company and its wholly owned technology subsidiary, Bajaj Auto Technology Ltd (BATL). The cybersecurity incident was…
Your SOC Has Too Many IOCs: How to Cut Feed Noise, Prioritize What Matters, and Improve Response
Most SOCs measure threat intelligence the same way they measure storage: bigger is better. A feed that delivers two million indicators a month looks more impressive on a vendor scorecard than one that delivers two hundred thousand. Dashboards proudly display…
Anthropic Launches Claude Tag – AI Teammate Now Lives Inside Slack
Anthropic has unveiled Claude Tag, a new agentic AI feature that integrates directly into Slack, allowing teams to tag @Claude as a collaborative team member to delegate tasks, automate workflows, and build shared organizational context. The feature is available today…
Dragos Unveils AI for OT Security
Named EmberAI, the new capability is built on Dragos’ massive operational technology cybersecurity dataset. The post Dragos Unveils AI for OT Security appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Dragos Unveils AI…
What the Fortibleed campaign means for organizations running FortiGate firewalls
A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given researchers an unusually detailed look at how…
IT Security News Hourly Summary 2026-06-23 21h : 8 posts
8 posts were published in the last hour 18:41 : LastPass Confirms Customer Data Breach After Klue OAuth Token Theft 18:41 : 2026-06-22: SHub Stealer infection (macOS) 18:41 : Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI…
LastPass Confirms Customer Data Breach After Klue OAuth Token Theft
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: LastPass Confirms Customer…
2026-06-22: SHub Stealer infection (macOS)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2026-06-22: SHub Stealer infection (macOS)