Daily Threat Briefing — Jun 23, 2026

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 23, 2026.

1. WhatsApp phishing attack uses fake business docs to hack PCs
   — Bleeping Computer
   
   An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to r…
2. The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration
   — Unit 42
   
   Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major …
3. JaredFromSubway MEV bot hacked in $15 million crypto theft
   — Bleeping Computer
   
   The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-d…
4. FFmpeg fixes PixelSmash flaw in widely used video decoder
   — Bleeping Computer
   
   A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions…
5. ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
   — The Hacker News
   
   Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with th…
6. Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
   — The Hacker News
   
   Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 14…
7. Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign
   — Dark Reading
   
   Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cro…
8. 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
   — The Hacker News
   
   A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carri…
9. Webshells Remain Popular, (Mon, Jun 22nd)
   — SANS ISC
   
   Webshells have been popular for a long time. We already covered this topic across multiple diaries[1][2]. I spent some time to track them[3]…
10. ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd)
    — SANS ISC
    
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
11. Threat Brief: Mitigating Large-Scale Credential Attacks
    — Unit 42
    
    We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors…
12. Stressors, AI Forcing Changes to Cybersecurity Teams
    — Dark Reading
    
    As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity ex…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7589 in last 30 days).
Critical: 2 · High: 7 · Medium: 11 · Low: 0. View full dashboard →

1. CVE-2026-10658
   — CVSS 7.1 (HIGH)
   
   A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt_iso_recv() (subsys/bluetooth/host/iso.c), when processing PB=START/SINGLE fragments, the code pu…
2. CVE-2026-10651
   — CVSS 7.1 (HIGH)
   
   A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt_sdp_parse_attribute() accepts an input buffer once it contains the 1-byte a…
3. CVE-2026-10645
   — CVSS 4.9 (MEDIUM)
   
   Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2_fetch_direntry() (subsys/fs/ext2/ext2_diskops.c), the co…
4. CVE-2026-54236
   — CVSS 5.3 (MEDIUM)
   
   vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory addresses from error mes…
5. CVE-2026-54233
   — CVSS 6.5 (MEDIUM)
   
   vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to…
6. CVE-2026-54232
   — CVSS 8.8 (HIGH)
   
   vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is insta…
7. CVE-2026-48746
   — CVSS 9.1 (CRITICAL)
   
   vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the Op…
8. CVE-2026-47155
   — CVSS 6.5 (MEDIUM)
   
   vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies –revi…
9. CVE-2026-41523
   — CVSS 7.5 (HIGH)
   
   vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary cod…
10. CVE-2026-56698
    — CVSS 6.1 (MEDIUM)
    
    Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open par…
11. CVE-2026-56697
    — CVSS 6.1 (MEDIUM)
    
    Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the c…
12. CVE-2026-56357
    — CVSS 4.0 (MEDIUM)
    
    n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned P…
13. CVE-2026-56348
    — CVSS 9.1 (CRITICAL)
    
    n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers…
14. CVE-2026-56326
    — CVSS 6.1 (MEDIUM)
    
    Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attacke…
15. CVE-2026-56324
    — CVSS 8.2 (HIGH)
    
    Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter. Attackers can send mult…
16. CVE-2026-56323
    — CVSS 7.5 (HIGH)
    
    Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence an…
17. CVE-2026-56321
    — CVSS 5.3 (MEDIUM)
    
    Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes, so unauthen…
18. CVE-2026-56314
    — CVSS 7.1 (HIGH)
    
    Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by …
19. CVE-2026-56311
    — CVSS 5.3 (MEDIUM)
    
    Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can…
20. CVE-2026-56306
    — CVSS 6.4 (MEDIUM)
    
    Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN …

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 23, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com