📰 DAILY THREAT BRIEFING
Monday, June 29, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 29, 2026.

  1. ISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  2. Data breach exposes up to 14.2 million email logins at six ISPs
    — Bleeping Computer

    Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems …
  3. YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)
    — SANS ISC

    YARA-X's 1.18.0 release brings 3 improvements and 2 bugfixes.
  4. Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
    — The Hacker News

    The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campai…
  5. Clean GitHub repo tricks AI coding agents into running malware
    — Bleeping Computer

    An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remain…
  6. OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
    — The Hacker News

    OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as par…
  7. Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
    — Dark Reading

    Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
  8. FBI: Russian hackers now target Signal backup recovery keys
    — Bleeping Computer

    The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Sign…
  9. FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
    — The Hacker News

    The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step…
  10. AI Decline? Confidence in Autonomous Penetration Testing Falls
    — Dark Reading

    Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
  11. Threat Brief: Mitigating Large-Scale Credential Attacks
    — Unit 42

    We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors…
  12. Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
    — Dark Reading

    Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into t…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7235 in last 30 days).
Critical: 0 · High: 7 · Medium: 9 · Low: 4. View full dashboard →

  1. CVE-2026-13526
    — CVSS 7.3 (HIGH)

    A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_class.php. This manipulation of the argument ID causes sql injection. The attack may be ini…
  2. CVE-2026-13525
    — CVSS 6.3 (MEDIUM)

    A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint…
  3. CVE-2026-13524
    — CVSS 5.6 (MEDIUM)

    A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Serv…
  4. CVE-2026-13523
    — CVSS 3.3 (LOW)

    A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The a…
  5. CVE-2026-13522
    — CVSS 4.3 (MEDIUM)

    A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF…
  6. CVE-2026-13521
    — CVSS 7.3 (HIGH)

    A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course…
  7. CVE-2026-13520
    — CVSS 6.3 (MEDIUM)

    A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument …
  8. CVE-2026-13519
    — CVSS 8.8 (HIGH)

    A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The…
  9. CVE-2026-13518
    — CVSS 8.8 (HIGH)

    A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. Remote explo…
  10. CVE-2026-13517
    — CVSS 8.8 (HIGH)

    A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffe…
  11. CVE-2026-13516
    — CVSS 8.8 (HIGH)

    A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-…
  12. CVE-2026-13515
    — CVSS 8.8 (HIGH)

    A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffe…
  13. CVE-2026-13514
    — CVSS 2.4 (LOW)

    A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure…
  14. CVE-2026-13513
    — CVSS 5.0 (MEDIUM)

    A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insuffic…
  15. CVE-2026-13512
    — CVSS 6.3 (MEDIUM)

    A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the compo…
  16. CVE-2026-13511
    — CVSS 3.1 (LOW)

    A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST A…
  17. CVE-2026-13510
    — CVSS 3.7 (LOW)

    A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. …
  18. CVE-2026-13509
    — CVSS 6.3 (MEDIUM)

    A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. …
  19. CVE-2026-13508
    — CVSS 5.5 (MEDIUM)

    A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conver…
  20. CVE-2026-13507
    — CVSS 5.0 (MEDIUM)

    A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label…

Source: NVD CVE API 2.0


Generated by CryptXNet.ai Threat Intelligence Platform · June 29, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com