📰 DAILY THREAT BRIEFING
Friday, June 19, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 19, 2026.

  1. Gentlemen ransomware uses multiple EDR killers to disable defenses
    — Bleeping Computer

    The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers…
  2. Novo Nordisk Breach Exposes Software Development Pipeline Risk
    — Dark Reading

    A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identit…
  3. Operation Escaneo Signals Shift in LatAm Threat Landscape
    — Dark Reading

    The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination betwe…
  4. Nintendo confirms data stolen in WebMD subsidiary cyberattack
    — Bleeping Computer

    Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used inter…
  5. FIFA Bug Exposes World Cup Streams to Remote Takeover
    — Dark Reading

    A hacker could have "Rickrolled" the World Cup — or worse — thanks to FIFA's unenforced Entra access controls.
  6. ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
    — Krebs on Security

    For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic lin…
  7. F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
    — The Hacker News

    F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code executi…
  8. USB worm spreads crypto-stealing malware via Windows shortcut files
    — Bleeping Computer

    Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using …
  9. Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
    — The Hacker News

    If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person w…
  10. ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
    — The Hacker News

    The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons.…
  11. ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  12. The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
    — SANS ISC

    [This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program]

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7642 in last 30 days).
Critical: 6 · High: 6 · Medium: 7 · Low: 1. View full dashboard →

  1. CVE-2026-52866
    — CVSS 6.5 (MEDIUM)

    An attacker within BLE communication range can monopolize the device's
    only available BLE connection slot, preventing legitimate users or
    applications from establishing a connection.
  2. CVE-2026-50034
    — CVSS 6.5 (MEDIUM)

    An attacker within BLE communication range can passively intercept
    wireless traffic and obtain sensitive health-related information,
    including glucose measurement values.
  3. CVE-2026-40624
    — CVSS 9.8 (CRITICAL)

    Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+
    cameras may allow a remote, unauthenticated attacker to achieve
    arbitrary code execution via a specially crafted web request.
  4. CVE-2026-12050
    — CVSS 4.3 (MEDIUM)

    SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was interpolated directly into the SQL string with str.format() instead of being…
  5. CVE-2026-12049
    — CVSS 4.3 (MEDIUM)

    Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so …
  6. CVE-2026-12048
    — CVSS 9.3 (CRITICAL)

    Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist er…
  7. CVE-2026-12047
    — CVSS 3.5 (LOW)

    HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Goo…
  8. CVE-2026-12046
    — CVSS 9.0 (CRITICAL)

    Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint — DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> — were the only routes in the module m…
  9. CVE-2026-12045
    — CVSS 9.0 (CRITICAL)

    Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role.
    …
  10. CVE-2026-12044
    — CVSS 8.8 (HIGH)

    SQL injection in pgAdmin 4 across every dialog template that renders “COMMENT ON … IS '<description>'“ for a user-supplied description field. The Jinja templates for Domains (and their constraints), Foreign Tables, L…
  11. CVE-2026-56078
    — CVSS 8.8 (HIGH)

    PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, wr…
  12. CVE-2026-56077
    — CVSS 6.5 (MEDIUM)

    PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit t…
  13. CVE-2026-56076
    — CVSS 8.1 (HIGH)

    PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hard…
  14. CVE-2026-56075
    — CVSS 8.8 (HIGH)

    PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_MODE environment vari…
  15. CVE-2026-56074
    — CVSS 5.5 (MEDIUM)

    PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initia…
  16. CVE-2026-54130
    — CVSS 9.8 (CRITICAL)

    Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
  17. CVE-2026-54017
    — CVSS 7.7 (HIGH)

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the…
  18. CVE-2026-49205
    — CVSS 6.5 (MEDIUM)

    phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 addressed this in the BackupController by adding: $this->userHasPermission…
  19. CVE-2026-47647
    — CVSS 9.9 (CRITICAL)

    Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
  20. CVE-2026-47633
    — CVSS 7.5 (HIGH)

    Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 19, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com