#0734
CISA26 days ago4 min▣LLM reportcritical Seven vulnerabilities, including critical flaws, have been identified in the Naxclow IoT Platform affecting various smart home devices. These vulnerabilities stem from hard-coded cryptographic keys, missing authorization, predictable identifiers, and exposed UART consoles, enabling attackers to perform device takeovers, intercept communications, and extract sensitive network credentials.
#0733
CISA26 days ago4 min▣LLM reportcritical Yarbo Android and iOS applications contain hard-coded MQTT credentials (CVE-2026-10557) that, combined with missing cloud authorization controls (CVE-2026-7368), allow attackers to access global robot telemetry and issue unauthorized commands to any device in the fleet.
#0732
Check Point26 days ago4 min▣LLM reportcritical Check Point Research discovered critical vulnerabilities in LangGraph's SQLite and Redis checkpointers that allow attackers to chain SQL injection with unsafe msgpack deserialization to achieve Remote Code Execution (RCE). The flaws occur when user-controlled input is passed to the getstatehistory() filter, enabling attackers to inject malicious serialized payloads that execute arbitrary OS commands upon deserialization.
#0731
Arctic Wolf26 days ago5 min▣LLM reporthigh Arctic Wolf Labs observed an ongoing campaign exploiting CVE-2026-0257, a high-severity authentication bypass vulnerability in Palo Alto Networks GlobalProtect. Threat actors are forging authentication override cookies to establish unauthorized VPN sessions, followed by rapid internal network reconnaissance using Impacket tooling.
#0730
Zscaler ThreatLabz26 days ago4 min▣LLM reporthigh The Zscaler ThreatLabz 2026 Phishing and Initial Access Report highlights a shift from high-volume phishing to highly targeted campaigns leveraging AI site builders and encrypted channels. Attackers are increasingly utilizing AiTM and BiTM techniques to bypass MFA, while conducting massive reconnaissance via cloud infrastructure to identify exposed entry points.
#0729
Sekoia.io26 days ago6 min▣LLM reporthigh Sekoia's Threat Detection & Research team details the two-decade evolution of APT28's tradecraft, highlighting a strategic shift from monolithic implants to disposable, single-purpose tools and compromised edge-router infrastructure. Recent operations demonstrate a return to custom cloud-resident backdoors and novel experimentation with LLM-driven infostealers.
#0728
Palo Alto Networks26 days ago5 min▣LLM reporthigh The article introduces Behavioral Integrity Verification (BIV) to audit third-party skills for AI agents by comparing declared metadata against actual executable code and natural-language instructions. Analysis of the OpenClaw registry found that while most deviations are benign documentation errors, a critical 5% of skills contain multi-stage attack chains such as silent credential exfiltration and instruction-override hijacking.
#0727EEclecticiq26 days ago5 min▣LLM reportcritical The cyber risk landscape for 2026 is heavily influenced by regional conflicts, with PRC actors pre-positioning in critical infrastructure edge devices for strategic leverage. Russian actors are escalating hybrid warfare and OT/ICS disruption across Europe, while Iranian groups have decentralized to conduct wiper attacks and target cloud infrastructure. Concurrently, eCrime actors are exploiting these geopolitical tensions to deploy ransomware and infostealers, increasingly targeting hypervisors and industrial operations.
#0726
Huntress27 days ago5 min▣LLM reporthigh Threat actors are increasingly targeting macOS environments with infostealers delivered via deceptive .dmg disk images. These attacks rely on social engineering tactics, such as custom background images and misleading filenames, to trick users into bypassing Apple's Gatekeeper protections. This enables rapid 'smash-and-grab' data theft without the need for the malware to establish persistence on the host.
#0725
Recorded Future27 days ago5 min▣LLM reporthigh The 2026 FIFA World Cup presents a complex cyber-physical threat landscape, with cybercriminals already deploying thousands of fraudulent domains for credential harvesting and scams. State-sponsored groups like BlueDelta and Iranian-linked hacktivists are anticipated to leverage the event's global profile for targeted espionage, ransomware extortion, and politically motivated disruptive operations against sponsors, host cities, and attendees.
#0724
Canadian Centre for Cyber Security27 days ago3 min▣LLM reporthigh The Canadian Centre for Cyber Security (CCCS) published a daily digest on June 10, 2026, highlighting security advisories for OpenSSL, HPE, Spring, Mozilla, FreeBSD, and AMD. Organizations are advised to review the specific product advisories and apply necessary patches to mitigate potential vulnerabilities.
#0723
Zscaler ThreatLabz27 days ago6 min▣LLM reporthigh ThreatLabz has identified MLTBackdoor, a highly obfuscated post-exploitation framework delivered via ClickFix social engineering lures. The malware utilizes Mixed Boolean-Arithmetic (MBA), Control Flow Flattening (CFF), and indirect system calls to evade detection, while maintaining persistence and control through a custom encrypted protocol, a Domain Generation Algorithm (DGA), and a Beacon Object File (BOF) loader.
#0722
CrowdStrike27 days ago5 min▣LLM reporthigh The CrowdStrike 2026 Technology Threat Landscape Report highlights that the technology sector remains the primary target for both state-sponsored and eCrime adversaries. China-nexus actors focus on intellectual property theft and AI capabilities, while DPRK-nexus actors leverage fraudulent employment and open-source supply chain compromises (such as the Axios npm package). Additionally, eCrime groups are accelerating extortion operations and exploiting AI trends to distribute malware like macOS infostealers.
#0721
CERT-EU27 days ago4 min▣LLM reportcritical A critical stack-based buffer overflow vulnerability (CVE-2026-41089, CVSS 9.8) in Windows Netlogon allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges on domain controllers via specially crafted packets. The vulnerability is actively being exploited in the wild, necessitating immediate patching of affected Windows Server environments.
#0720
CERT-EU27 days ago4 min▣LLM reportcritical Ivanti has disclosed two critical vulnerabilities in its Sentry products, including an OS command injection flaw (CVE-2026-10520) and an authentication bypass vulnerability (CVE-2026-10523). These vulnerabilities allow remote, unauthenticated attackers to achieve root-level remote code execution and create arbitrary administrative accounts on affected devices.
#0719WWatchtowr27 days ago4 min▣LLM reportcritical Ivanti Sentry is affected by a critical pre-authenticated OS command injection vulnerability (CVE-2026-10520) and an authentication bypass vulnerability (CVE-2026-10523). The command injection flaw allows unauthenticated attackers to achieve root-level remote code execution by sending specially crafted XML payloads to the /mics/api/v2/sentry/mics-config/handleMessage endpoint.
#0718
Cisco Talos27 days ago5 min▣LLM reportcritical Microsoft's June 2026 Patch Tuesday addresses 206 vulnerabilities, including 32 critical flaws primarily involving Remote Code Execution (RCE). Four critical vulnerabilities affecting the Remote Desktop Client, HTTP Protocol Stack, and Windows Graphics component are highlighted as more likely to be exploited, prompting immediate patching and the deployment of updated network intrusion rules.
#0717
Palo Alto Networks27 days ago5 min▣LLM reporthigh Threat actors are increasingly targeting cloud logging services like AWS CloudTrail and Google Cloud Logging to evade detection and maintain persistence. By manipulating log routing, deleting storage destinations, or impairing encryption keys, attackers can blind security operations and operate undetected. Furthermore, attackers can redirect log flows to attacker-controlled infrastructure to gain continuous visibility into the victim's cloud environment.
#0716
CISA28 days ago4 min▣LLM reporthigh Schneider Electric EcoStruxure Panel Servers contain an insecure default initialization vulnerability (CVE-2026-6866, CVSS 7.5) that can lead to unauthorized authentication. Under rare circumstances, credentials may revert to initial settings, allowing attackers to access sensitive information using known default credentials.
#0715
CISA28 days ago4 min▣LLM reporthigh Siemens KACO Blueplanet Inverters contain two vulnerabilities, including a hard-coded cryptographic key issue (CVE-2025-40946) that allows attackers to derive device credentials from serial numbers, and an SQL injection (CVE-2026-41125) in the KACO Meteor server enabling privilege escalation. Siemens has released firmware updates for select models and recommends network isolation for affected devices.