📰 DAILY THREAT BRIEFING
Monday, June 15, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 15, 2026.

  1. FBI disrupts massive AI-powered phishing service using a million URLs
    — Bleeping Computer

    In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation…
  2. Ex-school district employee jailed for hacks on former employer
    — Bleeping Computer

    A former  IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the …
  3. Chinese hackers hijack auth flow, spy on isolated network for a decade
    — Bleeping Computer

    Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility i…
  4. Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
    — The Hacker News

    Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthentic…
  5. U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
    — The Hacker News

    Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for …
  6. Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered
    — Unit 42

    Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here.…
  7. ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
    — Dark Reading

    A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of dat…
  8. Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
    — The Hacker News

    Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credenti…
  9. Claude Fable 5 Doesn't Change the Mythos Security Story
    — Dark Reading

    Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explained.
  10. ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  11. Phishing Attack Volume Down 20%, But Risk Still Rising
    — Dark Reading

    Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiply them.
  12. Trust No Skill: Integrity Verification for AI Agent Supply Chains
    — Unit 42

    Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6560 in last 30 days).
Critical: 1 · High: 12 · Medium: 7 · Low: 0. View full dashboard →

  1. CVE-2026-12198
    — CVSS 7.3 (HIGH)

    A weakness has been identified in Microweber up to 2.0.20. This affects the function userfiles_path of the file /api_nosession/thumbnail_img of the component API Endpoint. Executing a manipulation of the argument cache_p…
  2. CVE-2026-12197
    — CVSS 7.2 (HIGH)

    A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of…
  3. CVE-2026-12193
    — CVSS 7.8 (HIGH)

    A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtl_Handler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-ba…
  4. CVE-2026-12192
    — CVSS 8.8 (HIGH)

    A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit…
  5. CVE-2026-12191
    — CVSS 7.8 (HIGH)

    A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserializ…
  6. CVE-2026-12190
    — CVSS 5.3 (MEDIUM)

    A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for…
  7. CVE-2026-12189
    — CVSS 5.3 (MEDIUM)

    A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url…
  8. CVE-2026-12188
    — CVSS 6.3 (MEDIUM)

    A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the componen…
  9. CVE-2026-12187
    — CVSS 8.8 (HIGH)

    A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Hand…
  10. CVE-2026-12186
    — CVSS 8.8 (HIGH)

    A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulat…
  11. CVE-2026-54413
    — CVSS 8.2 (HIGH)

    driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS s…
  12. CVE-2026-54412
    — CVSS 8.2 (HIGH)

    LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpack_publish_response() function in src/mqtt.c that allows a remote unauthenticated attacker controllin…
  13. CVE-2026-54411
    — CVSS 5.9 (MEDIUM)

    Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacke…
  14. CVE-2026-54410
    — CVSS 8.6 (HIGH)

    nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end…
  15. CVE-2026-54421
    — CVSS 6.8 (MEDIUM)

    In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcom…
  16. CVE-2026-54420
    — CVSS 8.5 (HIGH)

    LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as ex…
  17. CVE-2026-12176
    — CVSS 4.3 (MEDIUM)

    A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action …
  18. CVE-2026-12175
    — CVSS 4.7 (MEDIUM)

    A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissio…
  19. CVE-2026-12174
    — CVSS 8.8 (HIGH)

    A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data l…
  20. CVE-2026-12183
    — CVSS 9.8 (CRITICAL)

    Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint r…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 15, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com