Show Notes - 2026-06-30
Stories Covered
- Today:
- Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) -- Active Exploitation Confirmed [Critical Alerts]
- SimpleHelp CVE-2026-48558 (CVSS 10.0, CISA KEV) -- TaskWeaver and Djinn Stealer Deployed [Critical Alerts]
- BlueHammer CVE-2026-33825 -- Microsoft Defender Now Confirmed Ransomware-Linked in CISA KEV [Critical Alerts]
- Ubiquiti UniFi OS CVE-2026-34908 / 34909 / 34910 (CISA KEV) -- Mirai Botnet Exploitation [Critical Alerts]
- Progress Kemp LoadMaster CVE-2026-8037 (CVSS 9.8) -- Full PoC Published [Critical Alerts]
- PTC Windchill PDMlink / FlexPLM CVE-2026-12569 (CISA KEV) -- JSP Web Shells Deployed [Critical Alerts]
- Bumblebee + AdaptixC2 + Akira: Full 44-Hour Attack Chain Documented [Ransomware & Extortion]
- XSS Forum Takedown: 19-Day Median from Access Listing to Ransomware Victim [Ransomware & Extortion]
- Black Basta Playbook: Cyber Insurance as a Ransom Pricing Signal [Ransomware & Extortion]
- Djinn Stealer / TaskWeaver Campaign (via SimpleHelp CVE-2026-48558) [IOCs & Detection]
- Malicious Perplexity-Spoofing Chromium Extension [IOCs & Detection]
- ConsentFix OAuth Token Hijacking [IOCs & Detection]
- Amazon Q VS Code Extension CVE-2026-12957 -- MCP Auto-Execution Steals Cloud Credentials [Business & Infrastructure Threats]
- ConsentFix: OAuth Token Hijacking Targeting Microsoft 365 [Business & Infrastructure Threats]
- Major Breaches: KDDI (14.22M accounts), Tata Electronics, NAIC via Oracle Zero-Day [Business & Infrastructure Threats]
- Steganographic Webshell + 10-Step Defence Impairment in Active Intrusion [Windows / AD Security]
- EvilTokens: 1,380% Surge in Device-Code Phishing Against Microsoft 365 [Windows / AD Security]
- Apple Patches 30+ Flaws Including AI-Discovered WebKit Bugs; Accelerating Release Cadence [General Security News]
- BioShocking: AI Browser Agents Tricked Into Credential Exfiltration via Game-Framing [General Security News]
- Malicious Chromium Extension Spoofs Perplexity AI for Search Traffic Interception [General Security News]
- AirDrop and Quick Share Proximity Flaws [General Security News]
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 (CISA KEV, EPSS 99th percentile) [Vulnerability Disclosures]
- Dify AI Platform CVE-2026-41947 / CVE-2026-41948 [Vulnerability Disclosures]
- DirtyClone Linux Kernel CVE-2026-43503 -- Local Root via Cloned Packets [Vulnerability Disclosures]
- Mitsubishi Electric MELSOFT Update Manager -- ICS (CVE-2025-11001, EPSS 98th percentile) [Vulnerability Disclosures]
- StoneFly Storage Concentrator -- ICS Critical [Vulnerability Disclosures]
- OFFIS DCMTK Medical Imaging Toolkit -- Healthcare ICS [Vulnerability Disclosures]
CVEs Referenced
CVE-2023-26360, CVE-2023-29298, CVE-2023-29300, CVE-2024-1212, CVE-2025-11001, CVE-2025-54136, CVE-2025-59536, CVE-2025-61882, CVE-2026-12569, CVE-2026-12957, CVE-2026-20245, CVE-2026-21852, CVE-2026-30615, CVE-2026-33691, CVE-2026-33825, CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-35273, CVE-2026-41947, CVE-2026-41948, CVE-2026-43503, CVE-2026-43707, CVE-2026-43715, CVE-2026-43716, CVE-2026-43745, CVE-2026-46817, CVE-2026-48558, CVE-2026-50110, CVE-2026-56413, CVE-2026-56415, CVE-2026-8037
Indicators of Compromise
Domains:
dev-tunnels[.]com, perplexity-ai[.]online
IP Addresses:
7.2.63.2, 7.2.54.18, 8.0.4.29
Fler avsnitt av Cyber Threat Brief
Visa alla avsnitt av Cyber Threat BriefCyber Threat Brief med Carolina Clear Tech, LLC finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.
