HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of June 27, 2026.
-
FBI: Russian hackers now target Signal backup recovery keys
— Bleeping Computer
The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Sign… -
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
— Bleeping Computer
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco U… -
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
— The Hacker News
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step… -
AI Decline? Confidence in Autonomous Penetration Testing Falls
— Dark Reading
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology. -
Threat Brief: Mitigating Large-Scale Credential Attacks
— Unit 42
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors… -
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
— The Hacker News
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts … -
Polymarket customers lose $3 million in supply-chain attack
— Bleeping Computer
Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platfo… -
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
— Dark Reading
Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into t… -
New Initiative Tackles Security for End-of-Life Open Source Software
— Dark Reading
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regul… -
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
— The Hacker News
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks a… -
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure
— Unit 42
Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom… -
What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)
— SANS ISC
[This is a Guest Diary by Nicole Phillips, an ISC intern as part of the SANS.edu BACS program]
🪲 NVD — Last 20 Scored Vulnerabilities
Latest scored CVEs from the National Vulnerability Database (7944 in last 30 days).
Critical: 5 · High: 14 · Medium: 1 · Low: 0. View full dashboard →
-
CVE-2026-56414
— CVSS 7.2 (HIGH)
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structur⦠-
CVE-2026-55975
— CVSS 7.2 (HIGH)
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate crea⦠-
CVE-2026-33560
— CVSS 7.1 (HIGH)
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filterin⦠-
CVE-2026-31928
— CVSS 8.1 (HIGH)
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides ⦠-
CVE-2026-28701
— CVSS 9.8 (CRITICAL)
Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths. -
CVE-2026-55069
— CVSS 8.7 (HIGH)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains⦠-
CVE-2026-53577
— CVSS 6.5 (MEDIUM)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains an access control byp⦠-
CVE-2026-53576
— CVSS 10.0 (CRITICAL)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public i⦠-
CVE-2026-49984
— CVSS 7.7 (HIGH)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to⦠-
CVE-2026-49869
— CVSS 10.0 (CRITICAL)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("/configs") to whitelist the public configuration endpoint fro⦠-
CVE-2026-45807
— CVSS 7.7 (HIGH)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard bef⦠-
CVE-2026-54353
— CVSS 8.5 (HIGH)
Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname agai⦠-
CVE-2026-54352
— CVSS 9.6 (CRITICAL)
Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with extract-zip@2.0.1 into a temp di⦠-
CVE-2026-54351
— CVSS 8.2 (HIGH)
Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment⦠-
CVE-2026-54350
— CVSS 10.0 (CRITICAL)
Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-wit⦠-
CVE-2026-52884
— CVSS 7.8 (HIGH)
Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a prefix-based check (PathIsPrefix() or equivalent) that matches paths s⦠-
CVE-2026-50136
— CVSS 7.4 (HIGH)
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The⦠-
CVE-2026-50132
— CVSS 7.3 (HIGH)
Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth required) that performs a permanent, state-changing operation: it binds an exter⦠-
CVE-2026-48800
— CVSS 7.8 (HIGH)
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:3658) in the feedUser⦠-
CVE-2026-48778
— CVSS 7.8 (HIGH)
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLinâ¦
Source: NVD CVE API 2.0
Generated by CryptXNet.ai Threat Intelligence Platform · June 27, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com
Leave a Comment