📰 DAILY THREAT BRIEFING
Wednesday, June 24, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 24, 2026.

  1. OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat
    — Unit 42

    Unit 42's analysis of ClawHub revealed evasive malicious skills bypassing automated scanners to deploy infostealers and execute agentic fina…
  2. Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
    — Bleeping Computer

    A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in atta…
  3. Tata Electronics confirms cyberattack as hackers leak data
    — Bleeping Computer

    Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infr…
  4. Scope of Salesforce Attacks Expands as Icarus Leaks Data
    — Dark Reading

    More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
  5. Windows 11 KB5095093 update rolls out new Point-in-Time restore feature
    — Bleeping Computer

    ​​Microsoft has released the KB5095093 preview cumulative update for Windows 11 24H2 and 25H2, which fixes numerous bugs and begins roll…
  6. 'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows
    — Dark Reading

    The CI/CD workflow weakness affects Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache's Doris analytics database, Cloudf…
  7. FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
    — The Hacker News

    A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operati…
  8. Scattered Spider Hackers Plead Guilty on Day 1 of Trial
    — Krebs on Security

    Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport …
  9. Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
    — The Hacker News

    Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roug…
  10. Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
    — The Hacker News

    President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact…
  11. SocGholish Takedown Highlights Malicious TDS Threats
    — Dark Reading

    SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims' networks for cybercrime groups such as the notor…
  12. CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
    — SANS ISC

    The vulnerability

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7780 in last 30 days).
Critical: 1 · High: 4 · Medium: 14 · Low: 1. View full dashboard →

  1. CVE-2026-7574
    — CVSS 8.7 (HIGH)

    Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting root…
  2. CVE-2026-56785
    — CVSS 8.2 (HIGH)

    FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templa…
  3. CVE-2026-54588
    — CVSS 9.6 (CRITICAL)

    Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in it…
  4. CVE-2026-48493
    — CVSS 5.5 (MEDIUM)

  5. CVE-2026-47693
    — CVSS 6.9 (MEDIUM)

    Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-controlled data — speci…
  6. CVE-2026-12164
    — CVSS 4.4 (MEDIUM)

    Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, p…
  7. CVE-2026-12163
    — CVSS 5.5 (MEDIUM)

    Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with suffici…
  8. CVE-2026-54518
    — CVSS 6.5 (MEDIUM)

    jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties() replays…
  9. CVE-2026-9073
    — CVSS 6.2 (MEDIUM)

    A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as auth…
  10. CVE-2026-54517
    — CVSS 5.3 (MEDIUM)

    jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer._deserializeUsingPropertyBased, the active-view …
  11. CVE-2026-54516
    — CVSS 5.3 (MEDIUM)

    jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector._renameProperties() allows a property with @…
  12. CVE-2026-54515
    — CVSS 5.3 (MEDIUM)

    jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual(), per-property @Js…
  13. CVE-2026-54514
    — CVSS 5.3 (MEDIUM)

    jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with…
  14. CVE-2026-54513
    — CVSS 8.1 (HIGH)

    jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray…
  15. CVE-2026-54512
    — CVSS 8.1 (HIGH)

    jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator (PTV) is the pr…
  16. CVE-2026-47375
    — CVSS 6.0 (MEDIUM)

    NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional d…
  17. CVE-2026-46552
    — CVSS 5.8 (MEDIUM)

    NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID (xc-shared-base…
  18. CVE-2026-46551
    — CVSS 6.5 (MEDIUM)

    NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC_ATTACHMENT_FIELD_SIZE against the remote content-length or against the r…
  19. CVE-2026-46550
    — CVSS 5.4 (MEDIUM)

    NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie …
  20. CVE-2026-46549
    — CVSS 2.0 (LOW)

    NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the ACL middleware never consulted either.…

Source: NVD CVE API 2.0


Generated by CryptXNet.ai Threat Intelligence Platform · June 24, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com