📰 DAILY THREAT BRIEFING
Saturday, June 27, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 27, 2026.

  1. FBI: Russian hackers now target Signal backup recovery keys
    — Bleeping Computer

    The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Sign…
  2. CISA sets urgent deadline to fix Cisco flaw exploited in attacks
    — Bleeping Computer

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco U…
  3. FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
    — The Hacker News

    The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step…
  4. AI Decline? Confidence in Autonomous Penetration Testing Falls
    — Dark Reading

    Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
  5. Threat Brief: Mitigating Large-Scale Credential Attacks
    — Unit 42

    We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors…
  6. New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
    — The Hacker News

    A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts …
  7. Polymarket customers lose $3 million in supply-chain attack
    — Bleeping Computer

    Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platfo…
  8. Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
    — Dark Reading

    Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into t…
  9. New Initiative Tackles Security for End-of-Life Open Source Software
    — Dark Reading

    The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regul…
  10. Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
    — The Hacker News

    A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks a…
  11. CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure
    — Unit 42

    Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom…
  12. What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)
    — SANS ISC

    [This is a Guest Diary by Nicole Phillips, an ISC intern as part of the SANS.edu BACS program]

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7944 in last 30 days).
Critical: 5 · High: 14 · Medium: 1 · Low: 0. View full dashboard →

  1. CVE-2026-56414
    — CVSS 7.2 (HIGH)

    A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structur…
  2. CVE-2026-55975
    — CVSS 7.2 (HIGH)

    A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate crea…
  3. CVE-2026-33560
    — CVSS 7.1 (HIGH)

    The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filterin…
  4. CVE-2026-31928
    — CVSS 8.1 (HIGH)

    The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides …
  5. CVE-2026-28701
    — CVSS 9.8 (CRITICAL)

    Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.
  6. CVE-2026-55069
    — CVSS 8.7 (HIGH)

    Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains…
  7. CVE-2026-53577
    — CVSS 6.5 (MEDIUM)

    Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains an access control byp…
  8. CVE-2026-53576
    — CVSS 10.0 (CRITICAL)

    Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public i…
  9. CVE-2026-49984
    — CVSS 7.7 (HIGH)

    Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to…
  10. CVE-2026-49869
    — CVSS 10.0 (CRITICAL)

    Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("/configs") to whitelist the public configuration endpoint fro…
  11. CVE-2026-45807
    — CVSS 7.7 (HIGH)

    Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard bef…
  12. CVE-2026-54353
    — CVSS 8.5 (HIGH)

    Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname agai…
  13. CVE-2026-54352
    — CVSS 9.6 (CRITICAL)

    Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with extract-zip@2.0.1 into a temp di…
  14. CVE-2026-54351
    — CVSS 8.2 (HIGH)

    Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment…
  15. CVE-2026-54350
    — CVSS 10.0 (CRITICAL)

    Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-wit…
  16. CVE-2026-52884
    — CVSS 7.8 (HIGH)

    Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a prefix-based check (PathIsPrefix() or equivalent) that matches paths s…
  17. CVE-2026-50136
    — CVSS 7.4 (HIGH)

    Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The…
  18. CVE-2026-50132
    — CVSS 7.3 (HIGH)

    Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth required) that performs a permanent, state-changing operation: it binds an exter…
  19. CVE-2026-48800
    — CVSS 7.8 (HIGH)

    Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:3658) in the feedUser…
  20. CVE-2026-48778
    — CVSS 7.8 (HIGH)

    Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLin…

Source: NVD CVE API 2.0


Generated by CryptXNet.ai Threat Intelligence Platform · June 27, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com