📰 DAILY THREAT BRIEFING
Monday, June 29, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 29, 2026.

  1. Data breach exposes up to 14.2 million email logins at six ISPs
    — Bleeping Computer

    Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems …
  2. YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)
    — SANS ISC

    YARA-X's 1.18.0 release brings 3 improvements and 2 bugfixes.
  3. Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
    — The Hacker News

    The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campai…
  4. Clean GitHub repo tricks AI coding agents into running malware
    — Bleeping Computer

    An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remain…
  5. OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
    — The Hacker News

    OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as par…
  6. Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
    — Dark Reading

    Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
  7. FBI: Russian hackers now target Signal backup recovery keys
    — Bleeping Computer

    The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Sign…
  8. FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
    — The Hacker News

    The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step…
  9. AI Decline? Confidence in Autonomous Penetration Testing Falls
    — Dark Reading

    Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
  10. Threat Brief: Mitigating Large-Scale Credential Attacks
    — Unit 42

    We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors…
  11. Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
    — Dark Reading

    Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into t…
  12. CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure
    — Unit 42

    Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7226 in last 30 days).
Critical: 0 · High: 4 · Medium: 12 · Low: 4. View full dashboard →

  1. CVE-2026-13516
    — CVSS 8.8 (HIGH)

    A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-…
  2. CVE-2026-13515
    — CVSS 8.8 (HIGH)

    A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffe…
  3. CVE-2026-13514
    — CVSS 2.4 (LOW)

    A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure…
  4. CVE-2026-13513
    — CVSS 5.0 (MEDIUM)

    A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insuffic…
  5. CVE-2026-13512
    — CVSS 6.3 (MEDIUM)

    A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the compo…
  6. CVE-2026-13511
    — CVSS 3.1 (LOW)

    A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST A…
  7. CVE-2026-13510
    — CVSS 3.7 (LOW)

    A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. …
  8. CVE-2026-13509
    — CVSS 6.3 (MEDIUM)

    A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. …
  9. CVE-2026-13508
    — CVSS 5.5 (MEDIUM)

    A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conver…
  10. CVE-2026-13507
    — CVSS 5.0 (MEDIUM)

    A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label…
  11. CVE-2026-13504
    — CVSS 3.5 (LOW)

    A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scrip…
  12. CVE-2026-13503
    — CVSS 5.3 (MEDIUM)

    A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Opt…
  13. CVE-2026-13502
    — CVSS 4.5 (MEDIUM)

    A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Mav…
  14. CVE-2026-13501
    — CVSS 5.3 (MEDIUM)

    A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The …
  15. CVE-2026-13500
    — CVSS 7.3 (HIGH)

    A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a mani…
  16. CVE-2026-13499
    — CVSS 4.3 (MEDIUM)

    A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file login_register.php of the component Registration Handler. Performing a manipulation of th…
  17. CVE-2026-13498
    — CVSS 7.3 (HIGH)

    A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unknown function of the file /forgotpassword.php of the component POST Parameter Handler. Such manipulation of the argument…
  18. CVE-2026-13497
    — CVSS 6.3 (MEDIUM)

    A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The …
  19. CVE-2026-13496
    — CVSS 6.3 (MEDIUM)

    A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid results in sql injection. I…
  20. CVE-2026-13495
    — CVSS 4.7 (MEDIUM)

    A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possibl…

Source: NVD CVE API 2.0


Generated by CryptXNet.ai Threat Intelligence Platform · June 29, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com