📰 DAILY THREAT BRIEFING
Wednesday, June 17, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 17, 2026.

  1. Fileless Phantom Stealer Targets Browser Credentials
    — Dark Reading

    In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate…
  2. Security Community Slams US Ban on Exporting Mythos, Fable
    — Dark Reading

    An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and My…
  3. Malicious JetBrains Marketplace plugins steal AI API keys from developers
    — Bleeping Computer

    At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. […]
  4. SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
    — Dark Reading

    FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, T…
  5. New Rokarolla Android malware targets 217 banking, crypto apps
    — Bleeping Computer

    A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands…
  6. Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
    — The Hacker News

    A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learnin…
  7. Steam Workshop abused to spread malware via Wallpaper Engine app
    — Bleeping Computer

    Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wall…
  8. ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
    — The Hacker News

    Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Lo…
  9. New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
    — The Hacker News

    Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurr…
  10. Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE
    — Unit 42

    Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. T…
  11. From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
    — SANS ISC

    Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). On…
  12. ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7059 in last 30 days).
Critical: 1 · High: 4 · Medium: 1 · Low: 0. View full dashboard →

  1. CVE-2026-47750
    — CVSS 7.8 (HIGH)

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/mo…
  2. CVE-2026-47747
    — CVSS 7.8 (HIGH)

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/mod…
  3. CVE-2026-46448
    — CVSS 5.4 (MEDIUM)

    In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
  4. CVE-2026-22313
    — CVSS 9.1 (CRITICAL)

    The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send
    arbitrary commands to the de…
  5. CVE-2026-22312
    — CVSS 8.6 (HIGH)

    The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration
    and execute some comma…
  6. CVE-2026-10303
    — CVSS 7.4 (HIGH)

    In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 17, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com