Show Notes - 2026-06-06
Stories Covered
- Today:
- SolarWinds Serv-U CVE-2026-28318 Denial-of-Service Vulnerability (CISA KEV) [Critical Alerts]
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 Actively Exploited (No Patch Available) [Critical Alerts]
- Palo Alto PAN-OS CVE-2026-0257 GlobalProtect Authentication Bypass [Critical Alerts]
- UNC3753 (Luna Moth, Chatty Spider) Vishing Campaign Targets US Law Firms [Ransomware & Extortion]
- Over 900 US Automatic Tank Gauge Systems Exposed to Attacks [Business & Infrastructure Threats]
- IronWorm and Miasma Worm Hit npm Supply Chain [Business & Infrastructure Threats]
- Smart TV Apps Turn Devices Into Web-Scraping Proxies for AI [Business & Infrastructure Threats]
- Microsoft Claude Code GitHub Action Exposes CI/CD Secrets [Business & Infrastructure Threats]
- Chinese APT UNC5221 Deploys New Malware (Plenet, AgentPSD) for Persistent Access [Windows / AD Security]
- OP-512 Threat Cluster Targets Microsoft IIS Servers with Custom Web Shell Framework [Windows / AD Security]
- Polyfill Service Reactivation Causes Login Prompts on Major Websites [General Security News]
- 2026 Verizon DBIR Highlights Browser-Based Attacks and Shadow AI [General Security News]
- Vulnerability Disclosure Dispute Between Microsoft and Nightmare Eclipse Researcher [General Security News]
- AI Agent Discovers 21 Zero-Days in FFmpeg [Vulnerability Disclosures]
- Chrome 149 Patches Record 429 Vulnerabilities [Vulnerability Disclosures]
- Sound Blaster Katana V2X Speaker Remote Code Execution via Bluetooth [Vulnerability Disclosures]
CVEs Referenced
CVE-2021-35211, CVE-2022-20775, CVE-2024-28995, CVE-2026-0257, CVE-2026-10881, CVE-2026-20122, CVE-2026-20127, CVE-2026-20128, CVE-2026-20133, CVE-2026-20182, CVE-2026-20245, CVE-2026-28318, CVE-2026-39210, CVE-2026-39218
Indicators of Compromise
Domains:
lhlsjcb[.]com., polyfill[.]io
IP Addresses:
23.128.228.6, 104.207.144.154, 146.19.216.119, 146.19.216.120, 146.19.216.125, 179.43.172.213, 185.195.232.139, 198.12.106.60, 202.144.192.47
Fler avsnitt av Cyber Threat Brief
Visa alla avsnitt av Cyber Threat BriefCyber Threat Brief med Carolina Clear Tech, LLC finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.
