📰 DAILY THREAT BRIEFING
Sunday, June 21, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 21, 2026.

  1. New Prinz Eugen ransomware prioritizes recent files for encryption
    — Bleeping Computer

    A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. […
  2. Microsoft links Mastra AI supply chain attack to North Korean hackers
    — Bleeping Computer

    Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking grou…
  3. Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
    — The Hacker News

    Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 s…
  4. Threat Brief: Mitigating Large-Scale Credential Attacks
    — Unit 42

    We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors…
  5. Klue OAuth breach victim list grows as Icarus hackers claim attack
    — Bleeping Computer

    Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to…
  6. Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
    — The Hacker News

    Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside …
  7. The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
    — The Hacker News

    The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (ED…
  8. Stressors, AI Forcing Changes to Cybersecurity Teams
    — Dark Reading

    As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity ex…
  9. eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
    — SANS ISC

    I detected an interesting phishing email this morning. It targets a major Belgian bank:
  10. Novo Nordisk Breach Exposes Software Development Pipeline Risk
    — Dark Reading

    A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identit…
  11. Operation Escaneo Signals Shift in LatAm Threat Landscape
    — Dark Reading

    The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination betwe…
  12. ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
    — Krebs on Security

    For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic lin…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7487 in last 30 days).
Critical: 1 · High: 3 · Medium: 13 · Low: 3. View full dashboard →

  1. CVE-2026-56355
    — CVSS 3.7 (LOW)

    GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
  2. CVE-2026-56347
    — CVSS 6.1 (MEDIUM)

    AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious…
  3. CVE-2026-56346
    — CVSS 6.5 (MEDIUM)

    AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, cip…
  4. CVE-2026-56345
    — CVSS 8.1 (HIGH)

    AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without verification. An attacker …
  5. CVE-2026-56342
    — CVSS 6.8 (MEDIUM)

    AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeU…
  6. CVE-2026-56341
    — CVSS 7.5 (HIGH)

    AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unau…
  7. CVE-2026-56340
    — CVSS 8.8 (HIGH)

    vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding …
  8. CVE-2025-71379
    — CVSS 4.3 (MEDIUM)

    vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serv…
  9. CVE-2026-5366
    — CVSS 9.9 (CRITICAL)

    Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks val…
  10. CVE-2026-56332
    — CVSS 4.7 (MEDIUM)

    Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabli…
  11. CVE-2026-56330
    — CVSS 3.5 (LOW)

    Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft ma…
  12. CVE-2026-56325
    — CVSS 3.1 (LOW)

    Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters in app_id to act as SQL wildcards. Attackers can create apps…
  13. CVE-2026-56319
    — CVSS 4.3 (MEDIUM)

    Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error respo…
  14. CVE-2026-56307
    — CVSS 4.3 (MEDIUM)

    Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later r…
  15. CVE-2026-56304
    — CVSS 6.5 (MEDIUM)

    picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit th…
  16. CVE-2026-56295
    — CVSS 6.3 (MEDIUM)

    Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require_apikey_expiration organization policy. The checkWebhookPermissi…
  17. CVE-2026-56294
    — CVSS 4.8 (MEDIUM)

    capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSu…
  18. CVE-2026-56282
    — CVSS 5.3 (MEDIUM)

    Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attac…
  19. CVE-2026-56235
    — CVSS 5.3 (MEDIUM)

    Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metrics) that are granted to the anon role without enforcing org m…
  20. CVE-2026-56228
    — CVSS 4.9 (MEDIUM)

    Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value (e.g.…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 21, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com