{"metadata":{"generatedAt":"2026-06-22T03:00:09.929Z","reportDate":"2026-06-22","totalItems":395,"sourceBreakdown":{"cisa-kev":2,"cisa-advisories":16,"vendor-blogs":214,"malware-bazaar":26,"abuse-ipdb":20,"threatfox":3,"otx":30,"general-news":97},"categoryBreakdown":{"vulnerability":2,"advisory":217,"malware":26,"ip-reputation":20,"threat-intel":33,"news":97},"fetchErrors":[{"source":"nvd","error":"NVD API responded 503"}]},"highlights":[{"id":"cisa-adv-azeotech-daqfactory","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"AzeoTech DAQFactory","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution.\nThe following versions of AzeoTech DAQFactory are affected:\nDAQFactory <=21.1 (CVE-2026-12390)\nCVSS\nVendor\nEquipment\nVulnerabilities\n\n\n\n\nv…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45469-microsoft-excel-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45469","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44817","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44818","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44820","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44823","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45475-microsoft-office-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45475","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45472","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45474","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44819","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44824","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45461","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45645","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45463","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45471-microsoft-word-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45471","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45486","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45643","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45457","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45456-microsoft-outlook-and-word-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45458","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-44803-windows-graphics-component-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44803","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44812","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-healthcare-sector-faces-escalating-ransomware-supply-chain-and-apt-risks-as-cybe","source":"vendor-blogs","category":"advisory","severity":"critical","title":"Healthcare sector faces escalating ransomware, supply chain and APT risks as cyber threats intensify, CYFIRMA warns","description":"CYFIRMA reported that healthcare organizations are facing an increasingly hostile cyber threat environment, with ransomware emerging as the...\nThe post Healthcare sector faces escalating ransomware, supply chain and APT risks as cyber threats intensify, CYFIRMA warns appeared first on Industrial Cyb…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","apt","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T05:48:12.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/ransomware/healthcare-sector-faces-escalating-ransomware-supply-chain-and-apt-risks-as-cyber-threats-intensify-cyfirma-warns/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"abuseip-218.149.228.175","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 218.149.228.175","description":"Country: KR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["218.149.228.175"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:02.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/218.149.228.175","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-173.255.223.62","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 173.255.223.62","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["173.255.223.62"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:02.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/173.255.223.62","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-20.118.217.162","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 20.118.217.162","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["20.118.217.162"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:01.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/20.118.217.162","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null}],"items":[{"id":"cisa-adv-azeotech-daqfactory","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"AzeoTech DAQFactory","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution.\nThe following versions of AzeoTech DAQFactory are affected:\nDAQFactory <=21.1 (CVE-2026-12390)\nCVSS\nVendor\nEquipment\nVulnerabilities\n\n\n\n\nv…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45469-microsoft-excel-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45469","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44817","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44818","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44820","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44823","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45475-microsoft-office-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45475","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45472","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45474","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44819","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44824","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45461","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45645","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45463","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45471-microsoft-word-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45471","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45486","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45643","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45457","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45456-microsoft-outlook-and-word-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45458","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-44803-windows-graphics-component-remote-code-execution-vulnerability","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44803","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44812","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-healthcare-sector-faces-escalating-ransomware-supply-chain-and-apt-risks-as-cybe","source":"vendor-blogs","category":"advisory","severity":"critical","title":"Healthcare sector faces escalating ransomware, supply chain and APT risks as cyber threats intensify, CYFIRMA warns","description":"CYFIRMA reported that healthcare organizations are facing an increasingly hostile cyber threat environment, with ransomware emerging as the...\nThe post Healthcare sector faces escalating ransomware, supply chain and APT risks as cyber threats intensify, CYFIRMA warns appeared first on Industrial Cyb…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","apt","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T05:48:12.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/ransomware/healthcare-sector-faces-escalating-ransomware-supply-chain-and-apt-risks-as-cyber-threats-intensify-cyfirma-warns/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"abuseip-218.149.228.175","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 218.149.228.175","description":"Country: KR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["218.149.228.175"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:02.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/218.149.228.175","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-173.255.223.62","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 173.255.223.62","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["173.255.223.62"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:02.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/173.255.223.62","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-20.118.217.162","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 20.118.217.162","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["20.118.217.162"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:01.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/20.118.217.162","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-89.37.172.146","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 89.37.172.146","description":"Country: GB | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["89.37.172.146"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:01.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/89.37.172.146","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-5.61.209.92","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 5.61.209.92","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["5.61.209.92"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:01.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/5.61.209.92","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-66.132.172.102","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 66.132.172.102","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["66.132.172.102"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:01.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/66.132.172.102","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-185.180.141.47","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 185.180.141.47","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["185.180.141.47"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:01.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/185.180.141.47","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-64.89.161.160","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 64.89.161.160","description":"Country: LU | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["64.89.161.160"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/64.89.161.160","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-115.231.78.11","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 115.231.78.11","description":"Country: CN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["115.231.78.11"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/115.231.78.11","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-182.93.50.90","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 182.93.50.90","description":"Country: MO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["182.93.50.90"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/182.93.50.90","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-47.251.105.241","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 47.251.105.241","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["47.251.105.241"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/47.251.105.241","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-82.152.132.24","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 82.152.132.24","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["82.152.132.24"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/82.152.132.24","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-120.52.12.202","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 120.52.12.202","description":"Country: CN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["120.52.12.202"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/120.52.12.202","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.148.10.240","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.148.10.240","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.148.10.240"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/45.148.10.240","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-91.92.40.4","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 91.92.40.4","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["91.92.40.4"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/91.92.40.4","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-2.26.231.147","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 2.26.231.147","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["2.26.231.147"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/2.26.231.147","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-100.29.192.86","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 100.29.192.86","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["100.29.192.86"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/100.29.192.86","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-185.223.235.10","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 185.223.235.10","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["185.223.235.10"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:17:00.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/185.223.235.10","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-94.247.172.129","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 94.247.172.129","description":"Country: SE | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["94.247.172.129"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:16:59.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/94.247.172.129","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-202.165.29.123","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 202.165.29.123","description":"Country: MY | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["202.165.29.123"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-06-22T02:16:59.000Z","fetchedAt":"2026-06-22T03:00:00.195Z","references":[{"url":"https://www.abuseipdb.com/check/202.165.29.123","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"threatfox-1835359","source":"threatfox","category":"threat-intel","severity":"critical","title":"payload_delivery: undefined","description":"https://bazaar.abuse.ch/sample/fdfaed3893bb2cf3ebd547c889e17c1e2f0b90208ecccc8591164bec41cfdb85/","indicators":{"cves":[],"ips":[],"domains":[""],"urls":[""],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["22June2026","ClearFake","Commandline","macOS","gaea-operations","malware","phishing","scams","stefan-himmelskamp","21June2026","ClickFix","etherhiding","Polygon","Remus","c2","Stealc","DomainShadowing","Windows","Vidar","central-hub","clickfix-hub","evalusion","merry-florist","NetSupport","unc2190","wordpress-compromise","Fake-Captcha","wordpress-injection","c2-rotation","single-gateway","SilentStealer","XWorm","Amos","AtomicStealer","Cthulhu","stealer","SocGholish","remcos","Mirai","asyncrat","elf","IoT","Mozi","SmartApeSG","xmrig","RAT","hta-polyglot","Loader","msix","TDS","crypter","rundll32","WebDav","CobaltStrike","drb-ra","RemusStealer","FakeCaptcha","powershell","clipboard-hijack","NetSupportRAT","i7sb1k","lockbit","Ransomware","honeylabs","honeypot","Ngioweb","Kongtuke","OffLoader","PureLogsStealer","CloudflareHardwareFingerprinting","amatera","ArcStealer","python-backdoor","winpython","Cloudflare","cracked-games","HijackLoader","Prospero","renengine","telemetry","valleyrat_s2","compromised","WordPress","rmm","quasar","dentons-impersonation","google-drive-abuse","homoglyph","msiexec","NeptuneRAT","ErrTraffic","iran","MuddyWater","stagecomp","StrelaStealer","deerstealer","fingerfix","ironpython","tcp79","FRP","liberium","LiberiumRAT","port","ports","ransomware","botnet","infostealer"],"malwareFamily":"ClearFake","confidence":100,"publishedAt":"2026-06-22T02:56:05Z","fetchedAt":"2026-06-22T03:00:01.200Z","references":[{"url":"https://bazaar.abuse.ch/sample/fdfaed3893bb2cf3ebd547c889e17c1e2f0b90208ecccc8591164bec41cfdb85/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/host/cdn.privatefile.host/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e22d7710e36dce587c71a661cb57843ef711f0320ac570ed0b9dea85c891761b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/95a6eeb9407cfae94a99df9ca32c3b1858a5d6ff944eff33ad2228a1915c808b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/2b48b4d74ec2b1cfbd9e732c2b4d1c58c82882007ab5624c74b15657feb9641d/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@Ffforward/116780837774853850","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/c9eadf5f3be0996c41ad4c42f7bf530b74d8682ac630cea018dd0edefa07d4ea/","label":"ThreatFox","domainType":"primary"},{"url":"https://honeylabs.net/lookup/103.186.77.95","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/72.255.3.39","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.13.227","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116777878546581429","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/b6d4ad0231941e0637485ac5833e0fdc75db35289b54e70f3858b70d36d04c80","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/13420d64ce091f6dc0505d5a2ca5858f6080f3d91580459c2284bd68fdcb1979","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/c343f53916747c5b8a60aed844b1882863f432af65867297edf1913f167c4f68","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/vigipart.fr","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116779064370086993","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.15.187","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.124.121","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/45.230.66.112","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/prguru.pk","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/bullpcn.com","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/b57c3186303f4a56ac70699bdef1aede047db5a118370f93df0171d9d2add0d6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3fc4b44fdddb35fc904b4aa619de1cacfe1f73490633e22fd163007fe59b2353/","label":"ThreatFox","domainType":"primary"},{"url":"https://honeylabs.net/lookup/27.215.55.164","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.42.234","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.38.127","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.141.5.137","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/64767a09cce6d538bea2d11e0c59f47abd05f6e57f7a88b2b7a864c782cc1041/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b699a24254fdb28c85fd40c1019703c40fce07ec4bad324bcbc891aad28159b2/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/jobs.trabajoseguro.info","label":"ThreatFox","domainType":"other"},{"url":"https://gist.github.com/jay-salihov/ea2ec22039ad225094e9e25260f4af89","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116776467245914896","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/oldagecarefoundation.com","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/e3726371-10af-4a36-9b47-ed36f6803991","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/RakeshKrish12/status/2067858643366944997","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/160.30.142.218","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/175.107.230.24","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.37.104","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/72.255.32.68","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/59.103.100.2","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/115.55.85.7","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.115.199.18","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.33.228","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.173.7.226","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/202.47.56.219","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/59.97.250.56","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/110.39.233.163","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/36.255.44.120","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.125.13","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/175.107.212.44","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/144.48.130.229","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.51.96","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.6.120","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/122.50.1.26","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/101.31.81.241","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.72.190","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/125.45.68.162","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/102.33.46.27","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/115.42.75.105","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/14.1.104.134","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.18.14.247","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/220.112.61.85","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/45.230.66.118","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/112.239.122.134","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/81.26.83.155","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/202.9.122.224","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/45.230.66.102","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/185.221.253.69","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.6.68","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.181.161.31","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/45.230.66.104","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.181.160.235","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.32.204","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/139.135.42.99","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.146.110.242","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/182.117.70.107","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/144.48.130.215","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/110.38.218.245","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/222.140.134.61","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.52.69","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.9.190","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.73.214","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/117.209.7.37","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.124.127","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/117.245.138.25","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/172.168.148.38","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/202.9.123.77","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/112.25.235.194","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.41.67","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/115.55.232.238","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.125.8","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/101.53.233.87","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/119.30.117.62","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.176.16.93","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.77.15","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/139.135.41.214","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/113.99.201.216","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/186.4.217.208","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/42.230.218.169","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/85.12.229.54","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/72.255.3.97","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.43.68","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.225.191.207","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/185.94.182.57","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/139.135.59.145","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/103.146.111.93","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/delmore-effect.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116771502649851187","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116771505010133312","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116771277016156445","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9f844a78cc2cd8d8a426f050a3efe319930f723eb10be231de1c1f1600e82127/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/birdybird.rest","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/sonofar.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/volunteerskonect.ca","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/d78bc974947dca5f86fc0b5503e157b1537dbac4bcfe4bfb1779213342a5bb19/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116768208446028735","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116767258309670005","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/trecoshop.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/ip-address/45.32.132.194","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/a8fe7ea23ff20fb3ab2bcd122650e0fd0c6f9d384c11570a37290126f5cbef32","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/7123e1514b939b165985560057fe3c761440a9fff9783a3b84e861fd2888d4ab","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/chinarice.asia","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/806a271f5d14a873a1d0965d7caab4f572a5c6b25f5b88985ac88d74c4d96d48/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bdc419313f6d07aae8aa7295dfd00910ee3f4acad5f6310981bfa791e65f1407/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/livelaughfite.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/webexpress.cl","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/withyou.ma","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.kushalcardiaccare.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/toilettage-muzillac.fr","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/panelmienbac.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/systemlt.site","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.koktengri.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/valorglobe.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116765601949424936","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9ab135ec9d97c65caacdc2cd1ac166b7f491d8ad0635b3bd595a244ca6af9795/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/swabina.co.id","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ssagronursery.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/readingtime.space","label":"ThreatFox","domainType":"other"},{"url":"https://www.wordfence.com/blog/2026/06/psa-supply-chain-compromise-targets-shapedplugin-backdoored-pro-plugins-distributed-via-official-channels/","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/clauscreations.nl","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/76ccd85ab8f28058a926eb8d2ea07dd7572896046dd1ae742ec453e1da9213e4/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/www.sarivo.co","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/f673426085334e706064501731e19ca5112d78c48aa94869ad1b8017874820fa/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/09cf564075e4a500b6df3a3ca263076c47730b28d60c12fc59c7fd4e7464fa85/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/recreio.pet","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/scripterx.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/slammedhospitalitytalk.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/renovapqs.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/rebuildinglivesinitiative.org","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/aqua-methodsug.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/atheriumcode.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ayamprestonyonyalina.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/blankpublication.at","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ashifct.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116761124076350047","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/afroskin.id","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/abilitaseguros.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/abelmomaroc.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/activeiman.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/2rbo.com.mx","label":"ThreatFox","domainType":"other"},{"url":"https://urlscan.io/result/019ed22e-347e-7229-af80-c237e0f20fc9/","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/techwizzardz.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/tecnolozzi.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/topflytdrones.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/taiwandonutsoh.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/somaxsis.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.madinastorebd.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.thmonofuku.lat","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.citymoversmagazine.com.ng","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.elficarum.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.itinera.healthcare","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/wellzonebuildingcleaningservicesco.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/westlandconsultants.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/wbworkshops.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/webeffa.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/yourmusicboost.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.lc3.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/protraincompany.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/quickvinrecord.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/refinedwearfashionstore.shop","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/sgsolicitors.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ouagayaar.bf","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/nicescleaningservice.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/nuestisingur.org","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/patronoapp.online","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/teknolojikbirinsan.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ultrasound-transducer-repair.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/shambolicliving.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/tritantech.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/valuevillagelistens.pro","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/streamsvision.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/gooddealsinc.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/judyprescottmarshall.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/indicatorspotvip.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/homefrontprojects.org","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/htxvanthanhphat.vn","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/iamstudent.co.uk","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/hi-tech-engineering.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/gracedrivenlife.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/gospelofwork.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ibtidaa.org","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/mehedimartbd.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/mobconic.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/mercadodeartesdigitales.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/macbekent.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/lumikaafricansafari.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/metroreportase.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/lookeelooky.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/mediosdigitalesdelnorte.net","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/cwshealthsurvey.shop","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/couragefoundation.eu","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/cybernetron.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/drfelipearnaud.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/dulichdonga.vn","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/domarisconcepts.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/dietprepplaybook.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/electromep.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/festivaldotorresmo.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/forumjabar.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/fabidi.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/enerjplus.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ebyeos.com.br","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/dnmurals.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/chiltonlabs.org","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ac4hosting.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/buildmoresolutions.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/cedckenya.org","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/buydallasland.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/ccshdi.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/brasiltarot.online","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/cameradalat.net","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/5f64a0b2fcf36085e27062589a198ae299d4698c16204a0ad4cb702ef694ad2c","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116760415088421593","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4e03498bc61d2b713c0669b58c45dbfd2bc6091ce3db935c5df104a9bb6e3f93/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/dom-inn.de","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116759471266741920","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4c5b729c3522fdd11dfd3e5807c225df109172981d2c214b2a905fa2bf6b39e2/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/348a82709d9ddec8cd56b8b2c55d7793bb99c2ec0d52cb0c388e7485178486ce/","label":"ThreatFox","domainType":"primary"},{"url":"https://blog.sekoia.io/unveiling-errtraffic-inside-a-growing-clickfix-malware-distribution-framework","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/smenapodik.bond","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/plunkev.ca","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/seanofficials.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116755924863312130","label":"ThreatFox","domainType":"other"},{"url":"https://github.com/yankywilson/muddywater-stagecomp-moonzonet","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116755454676917155","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/b7d9f992e21b58de71534c09e6eb78bedcb9685b54ddb4e0ff574face3076da8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3c984b837219c7b80d7b8c1a517a5967753652830c01d5cea4c86c34971ca77f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b124281a985f5914fd8a58e3cf26968341d45c19e654d30e375f850a23c0e8a1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/857ef3e09895cff8faeae1d22935785f7c7afa8860ed0234e52fdbaf6f7521f0/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116754507740381090","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/b064db45193ce571396ff195824ae113a33af2ad516bfe2322ea13c9cc1ce2c4/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116754272663625618","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/ip-address/38.110.228.124","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/58fcc9dbca00abb5401e0e0c23dfe355db017ecbcff6a866ceb81ca444a86d76/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/infobhz.com.br","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"threatfox-1835350","source":"threatfox","category":"threat-intel","severity":"critical","title":"botnet_cc: undefined","description":"https://bazaar.abuse.ch/sample/3898a662f25925b6b46700297832940cfc026f5e59815fe670328a0213094a3b/","indicators":{"cves":[],"ips":[""],"domains":[],"urls":[""],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["remcos","CobaltStrike","redirector","Vo1d","c2","erebus-v14","nation-state-hunter","t1055","t1059_003","drb-ra","Vshell","RAT","RemcosRAT","asyncrat","dcrat","Covenant","RapidStealer","ClickFix","evalusion","jarm:1276612955","merry-florist","NetSupport","port:1337","single-gateway","unc2190","QuasarRAT","Havoc","Amos","AtomicStealer","Cthulhu","macOS","xxxblyat","OverlordRAT","AdaptixC2","valleyrat_s2","cs-watermark-391144938","cs-watermark-987654321","Meterpreter","docker-api","Redtail","selfrep","webpot","diicot","miner","junko","DDoS","ssh","xorddos","boyzee","phoenix-c2","postgres","takeover","phoenix","elf","IoT","Mozi","Mirai","Kongtuke","Adaptix","Stealc","Mythic","EyePyramid","Remus","t1071_001","cs-watermark-1873433027","cs-watermark-1580103824","eval","lua","redis","config","rce","SmartApeSG","xmrig","hta-polyglot","Loader","msix","ValleyRAT","RatonRAT","Vidar","Dropper","fileless","NetSupportRAT","BianLian","cs-watermark-1234567890","Viper","DarkVNC","kimsuky","erebus-v15","t1573_002","Ngioweb","AddType","Digitalocean","FakeCaptcha","mtls","nginx","one-check.lol","powershell","TLS1.3","mesh","meshagent","China","Telecom","TernDoor","UAT-9244","cve-2024-4577","rotator","monero","payload-host","pool","module-load","Muhstik","cron","nc","XWorm","DanBot","poshc2","i7sb1k","payload","Sh","sliver","honeypot","python-backdoor","winpython","cs-watermark-666666666","EvilGinx","EvilGoPhish","kimwolf","Sheet Rat","SheetRAT","Deimos","ConnectWise","rmm","ScreenConnect","powershell-loader","RC4","ContagiousInterview","DPRK","FakeInterview","NanoCore","msiexec","PureLogStealer","PureLogsStealer","BruteRatel","Amadey","ViriBack","23b404","CHAOS","NFS","etherhiding","iran","mois","MuddyWater","tsundere","FRP","relay","blockchain-C2","EtherRat","FakeGit","LuaJIT","Polygon","SmartLoader","manual-override","t1573_001","t1059_001","t1105","fingerfix","ironpython","tcp79","smokeloader","COLDRIVER","SPICA","apt","phishing","botnet","infostealer"],"malwareFamily":"Remcos","confidence":100,"publishedAt":"2026-06-22T02:11:00Z","fetchedAt":"2026-06-22T03:00:01.200Z","references":[{"url":"https://bazaar.abuse.ch/sample/3898a662f25925b6b46700297832940cfc026f5e59815fe670328a0213094a3b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a31bbac723d61178ae45f02937f67b694256220327989155044f9cd97763fca6/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/host/77.90.41.3/","label":"ThreatFox","domainType":"primary"},{"url":"https://chainabuse.com/report/50a2071b-4c3e-488b-bebb-4c260a9c9b11","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9c5f121e984d76e479ca119499d35efe9402925a2c29b195bff88542c47b0c05/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/2a97e8ffb5cfbbccd8e2c812fb6f86769ec014692f9bd598ad446c096630d577/","label":"ThreatFox","domainType":"primary"},{"url":"https://twitter.com/NullBlue67","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/82.144.86.37","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/119.73.19.131","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/110.38.254.172","label":"ThreatFox","domainType":"other"},{"url":"https://tria.ge/260620-yrwfvahs6p/behavioral2","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/aidancollege.ac.ug","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/153.117.15.86","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/223.123.42.235","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/110.39.255.247","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/110.36.86.0","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/c9eadf5f3be0996c41ad4c42f7bf530b74d8682ac630cea018dd0edefa07d4ea/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/ce00a84a546cf51d9428350aa1929c8999a4c48de5d7e53372f4faca22cbaf2e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/25a0bddff7a3254104b66d4e84010c59ef192924cae703655f7fb592640d8d5d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e58ed7df39ec67a18fd90454d3fde120e57aeb06f7ab8f0b8c17d73e4c3a3ad6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/994a77fad92b7ba173483358efc7afc3bae565f9258b98d3c5c1a0fcad948d6b/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116777878546581429","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/b6d4ad0231941e0637485ac5833e0fdc75db35289b54e70f3858b70d36d04c80","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/imgur.media","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/13420d64ce091f6dc0505d5a2ca5858f6080f3d91580459c2284bd68fdcb1979","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/1603899e2cbe71abad453b7c2735a294b93e23e4bedcb9e9f8e74b08b2564efb/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/d113f72b9248e3a89d72d1238a8465af7857822b82951681cff22391ffff3039/","label":"ThreatFox","domainType":"primary"},{"url":"https://gist.github.com/jay-salihov/ea2ec22039ad225094e9e25260f4af89","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/holopebamiy.bond","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/64767a09cce6d538bea2d11e0c59f47abd05f6e57f7a88b2b7a864c782cc1041/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/2fcf553b9656523b3207c08cdf16f7be9a25e55cf8c29f5caf933151c9214367/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/56a90f247ccffb63543d99a659f9517edde587f6e85752c82a9919e325de3ee5/","label":"ThreatFox","domainType":"primary"},{"url":"https://platform.censys.io/hosts/78.40.194.67","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/ip-address/191.44.109.233","label":"ThreatFox","domainType":"other"},{"url":"https://github.com/yankywilson/terndoor-uat9244","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/22620c9c6d0c2b392ee34bd4e7905b6f161bfe25ed3dc756302aeb091a994b0e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/300942cdeac4217d156d03b1032271a6ab59f8dfa826f05bcea12f1094c5c0b1/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/siledepartamentos.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/qantify.net","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/nabane.com.mx","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/mingliu.com.tw","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/madhavsamachar.com","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/9ead4006-d220-4319-b816-369db06bb5d2","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/9fd3ff9b-e009-4a84-90f9-e753c7ad5bec","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/5ca04f75-5241-4b65-9e15-f0b432eb31f5","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/ip-address/45.32.132.194","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/c8c385c10b1586728318f43b9dcafecfd46d8d6000984fe489bb1d219ea8b4f9/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bdc419313f6d07aae8aa7295dfd00910ee3f4acad5f6310981bfa791e65f1407/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7e27deea413f5c390fd790423de9dc552a1e393187607485394044c4ddc85fdf/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.wordfence.com/blog/2026/06/psa-supply-chain-compromise-targets-shapedplugin-backdoored-pro-plugins-distributed-via-official-channels/","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/d9370a3a85d27b864790b225c529647667b5878690eafdcd805a1fd75c76648e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/56e40788e87392cbea4328852c9e5cfcf5ab0a96b778a540835b4fb0bd4cb2d1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/af3ecfc347087c080111b1e845c7d84a2e2625f6d126a0744c016d63ad74483c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/57a17538be51fd67c23990096c864f953b32bed6087ad8e0662db2bdcab3c147/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/18c7e2dc3aa3a2d0aa5493eddb3b08e24f21020da05e54a158a15ade67dc9279/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/file/9e4235c530fc10df9225e9ab98095d7a19d35f9e4ebf50a74dcb4b1e7bf86170","label":"ThreatFox","domainType":"other"},{"url":"https://gitlab.com/marotino-hiring/helios-app/-/blob/main/tailwind.config.js","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/5f64a0b2fcf36085e27062589a198ae299d4698c16204a0ad4cb702ef694ad2c","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116760415088421593","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/f0661c2e8446e0a94c9907f37cb9e2d97feb2a1e9a0182682fe57591293252e4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/eca23985908165bcc9684bf5b0b500601cf0f1861dd97192517beb0401e601f2/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a4018431ceef5951f42ba74ff9a78db54d43030590b1ade030136227eee9035d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/2c2ac25b1fa7891ca502f8a4e3146973e560c467cbfc9df395842d4a07854420/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/348a82709d9ddec8cd56b8b2c55d7793bb99c2ec0d52cb0c388e7485178486ce/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/926e8f1a7f349ff1eef31f89fa8ffe265c30b92e310e8bea19962d38f8c32129/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/fc5e53a38115e8c2d9ed3d2e464127d564340a1d0c4cffa2080baf3ea1a8b28d/","label":"ThreatFox","domainType":"primary"},{"url":"https://tracker.viriback.com/index.php?q=66.94.119.99","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/2df7a9ec38d125b1e1517466ea4761cc9d9071086f2fdc472ce5a2f0ddc43363/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/77dccc5455aac4c8114326446ca1605300db691e379027c0d286f1c44035fa81/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/8a0e2a535aab576ba6a9a88baa4fc6010f26787c0e7d82f44528bf4709dfb7d2/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4c7d82f0ca21ad79857d1802f5d0ef18071a96dd17464cef1dcfff62443a54a4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/5296603d85e7b34a68197e40b30fead8da92d63310ce395396845e23de47a13f/","label":"ThreatFox","domainType":"primary"},{"url":"https://github.com/yankywilson/muddywater-etherhiding-resolver-family","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116755454676917155","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/8cccade2b3df0d398864820af445c22e33512d62a67f1ce80c7b929f82e44826/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/08554a2e413370221dc5f5668d336886e2f66cdbcd14314b7a3b8e3d44febbb0/","label":"ThreatFox","domainType":"primary"},{"url":"https://github.com/yankywilson/etherrat-onchain-c2-detection","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b124281a985f5914fd8a58e3cf26968341d45c19e654d30e375f850a23c0e8a1/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.derp.ca/research/fakegit-luajit-github-campaign/","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/0154fa1643fbafceaeb7953ce540e84d5d84550ed013869e2b8350fc91fccbf7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/8496282ebb3abb2daaecaeb43ce3503688447183367c2015a41ad7b028b4b3d9/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/d5068c90a739e6c19752cd7a1ba7bbc5d9fec9c7a97e7a83cb2290d6b83c92f6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/75b4c39950f8c48c00c926ff46384db745b9ea34797eb5cf3b894768b8ac1a4f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/5ba52a3e4e42eeb6ecbf2e3d843086904562f1e055d8a3409d0204a51c7bb8f7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c565c46640f1721a978d46ee6b969ecc4022d1bcc4c65d52c5ed03911f33f1c5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/927c5294eb8948c337dd92869ca2efff4833f58cd9abe48ccc1bcb74457000b3/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/15bf2353ddd9597f296f09c71fa9ff8bbe2fdc43631704c90b5809ddcdd68dc0/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f4f7e592842a11ec33011a05a0ac29ded4fe214cd34173cbe05ff7ff274f9c0a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/eb11992439bfa973d9e35bc7c386210930e89b439a5d908173ffcc37d25e7336/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3a15704b368b40666edc53de2a029ada5c4333e8f05c3b693c4cd34daa57dee5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/31f78830bdecc47692b20e15f5042e439aadba0c628119066f4de470c8098c19/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0da9eef940fe37d1f110f01ba44c7b15147cea02aa053aac7550f4a902db72f8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c3270918c96d3cf276d60f47141f883df964c8f9b76476d56c72c3df21f1ff55/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3b89b49f578a0d178aebf50f5bda21693920eed9a9525fc80a0335e7a54af8c5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/526b941704ba3453439eaababaa7de897fb06aef78ab180ca8083ca39b06aaa0/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/58bd1345b0a16d3d9513322cc40f43e55b8ca98501bdfa38c7f59e6cc30dbd0f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/5b29f61ae76ae185c75ed6d48e3ebf1c891335243edc25b4aa1435c4c9df0ed7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a63e7dcefe717a6748bb223c17593b13918677dc82cd06468cd58bc891cd53bd/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/ip-address/38.110.228.124","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"otx-6a32e5873cf59d36f41c77be","source":"otx","category":"threat-intel","severity":"critical","title":"ClickFix Campaign Generated Via AI Delivers SmartRAT","description":"In March 2026, threat actors leveraged AI-powered website builders to create typosquatting domains impersonating a Brazilian bank. The campaign employed ClickFix techniques, presenting victims with fake CAPTCHA and BSOD screens to trick them into executing malicious PowerShell commands. This deliver…","indicators":{"cves":[],"ips":["162.141.111.227","64.95.13.238"],"domains":["crefisa.online","windowsupdate-cdn.com","c.windowsupdate-cdn.com","cartaobb.com","cartaobrb.com.br","vfsgloball.net"],"urls":["http://64.95.13.238/payload.php'"],"hashes":{"md5":"b17ccdb5531555e43f082d6e77c07227","sha1":null,"sha256":null}},"tags":["banana rat","fake captcha","smartrat","powershell","typosquatting","ghostloader","brazil","clickfix","qr code interception","banking trojan","credential theft","remcos rat","ai-generated","botnet","supply-chain","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T18:20:54.937Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a32e5873cf59d36f41c77be","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-new-prinz-eugen-ransomware-prioritizes-recent-files-for-encryption","source":"general-news","category":"news","severity":"critical","title":"New Prinz Eugen ransomware prioritizes recent files for encryption","description":"A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T15:23:46.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-prinz-eugen-ransomware-prioritizes-recent-files-for-encryption/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses","source":"general-news","category":"news","severity":"critical","title":"Gentlemen ransomware uses multiple EDR killers to disable defenses","description":"The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T22:31:52.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-the-gentlemen-raas-uses-gentlekiller-edr-framework-targeting-400-security-proces","source":"general-news","category":"news","severity":"critical","title":"The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes","description":"The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor.\n\nThis mature portfolio of EDR-terminating tools is cent…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T18:33:07.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/the-gentlemen-raas-uses-gentlekiller.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-autojack-attack-lets-one-web-page-hijack-ai-agent-for-host-code-execution","source":"general-news","category":"news","severity":"critical","title":"AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution","description":"Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution.\n\nSteer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local service on the same machine and spawn a pr…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T15:30:47.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/autojack-attack-lets-one-web-page.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-f5-patches-two-critical-nginx-open-source-flaws-enabling-remote-code-execution","source":"general-news","category":"news","severity":"critical","title":"F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution","description":"F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems.\n\nThe vulnerabilities are listed below -\n\n\n  CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vulnerability in the ngx_http_v3_modu…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T17:32:14.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-inc-ransomware-emerges-as-major-raas-threat-in-2026-with-830-victims-since-2023","source":"general-news","category":"news","severity":"critical","title":"INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023","description":"Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023.\n\n\"The disruption of LockBit and the shutdown of BlackCat created opportunit…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:12:48.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-dragonforce-hackers-abuse-microsoft-teams-relays-to-hide-backdoor-turn-c2-traffi","source":"general-news","category":"news","severity":"critical","title":"DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic","description":"Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure.\n\nAccording to findings from Broadcom-owned Symantec and Carbon…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T13:30:07.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/dragonforce-hackers-abuse-microsoft.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-confirms-rogueplanet-defender-zero-day-says-patch-is-in-development","source":"general-news","category":"news","severity":"critical","title":"Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development","description":"Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet.\n\nThe vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw.\n\n\"Microsoft is a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T17:36:28.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/microsoft-confirms-rogueplanet-defender_02022423645.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-the-top-10-attack-surface-exposures-in-2026","source":"general-news","category":"news","severity":"critical","title":"The Top 10 Attack Surface Exposures in 2026","description":"Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentic…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T10:30:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/the-top-10-attack-surface-exposures-in.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-new-rokarolla-android-malware-steals-pins-sms-codes-and-crypto-wallet-funds","source":"general-news","category":"news","severity":"critical","title":"New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds","description":"Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands.\n\nTogether, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS,…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T13:10:17.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-weekly-recap-chrome-0-day-unifi-exploits-macos-stealers-vpn-flaw-and-more","source":"general-news","category":"news","severity":"critical","title":"⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More","description":"Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.\n\nThis week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten sof…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T13:49:29.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-inc-ransomware-thrives-by-mastering-the-basics","source":"general-news","category":"news","severity":"critical","title":"INC Ransomware Thrives by Mastering the Basics","description":"And one of those basics is focusing on sectors where a ransomware disruption creates immediate pressure to pay up, like with healthcare.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T19:46:25.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/inc-ransomware-thrives-by-mastering-the-basics","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-lorem-ipsum-malware-pivots-to-clickfix-delivery","source":"general-news","category":"news","severity":"critical","title":"'Lorem Ipsum' Malware Pivots to ClickFix Delivery","description":"New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T15:10:48.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/lorem-ipsum-malware-clickfix-delivery","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-cryptobandits-malware-doubles-as-a-backdoor-abuses-tor","source":"general-news","category":"news","severity":"critical","title":"CryptoBandits Malware Doubles as a Backdoor, Abuses Tor","description":"CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution.\nThe post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T11:19:41.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.securityweek.com/cryptobandits-malware-doubles-as-a-backdoor-abuses-tor/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure","source":"general-news","category":"news","severity":"critical","title":"Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure","description":"CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution.\nThe post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T04:10:34.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.securityweek.com/splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-operation-endgame-disrupts-malware-network-linked-to-major-ransomware-gang","source":"general-news","category":"news","severity":"critical","title":"Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang","description":"SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T10:15:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/operation-endgame-socgholish-evil/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-ico-cautions-healthcare-worker-after-princess-of-wales-incident","source":"general-news","category":"news","severity":"critical","title":"ICO Cautions Healthcare Worker After Princess of Wales Incident ","description":"Hospital insider escapes criminal prosecution after attempting to sell royal’s medical records","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:45:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ico-cautions-healthcare-worker/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-dragonforce-ransomware-exploited-microsoft-teams-to-hide-in-attack-against-major","source":"general-news","category":"news","severity":"critical","title":"DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company","description":"Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T11:30:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/dragonforce-ransomware-hidden/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-adriatic-port-cyber-attack-by-anubis-sparks-warning-over-maritime-security-risks","source":"general-news","category":"news","severity":"critical","title":"Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks","description":"How the Anubis ransomware group stole and leaked an Italian Adriatic port authority's data","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","transport"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T16:15:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/anubis-ransomware-adriatic-port/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-week-in-review-74k-fortinet-firewall-credentials-stolen-splunk-enterprise-rce-un","source":"general-news","category":"news","severity":"critical","title":"Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack","description":"Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A hardware neural network backdoor that hides in plain sight Deep learning systems on edge devices often rely on third-party-designed FPGAs and ASICs for performance and efficiency, creating supply chai…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-21T08:00:25.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.helpnetsecurity.com/2026/06/21/week-in-review-74k-fortinet-firewall-credentials-stolen-splunk-enterprise-rce-under-active-attack/","label":"Help Net Security","domainType":"media"}],"feedLabel":null},{"id":"news-unauthenticated-rce-in-splunk-enterprise-under-active-attack-cve-2026-20253","source":"general-news","category":"news","severity":"critical","title":"Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)","description":"CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor and Resec…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T10:50:33.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.helpnetsecurity.com/2026/06/19/splunk-vulnerability-cve-2026-20253-exploited/","label":"Help Net Security","domainType":"media"}],"feedLabel":null},{"id":"news-australian-sugar-producer-works-to-restore-operations-as-ransomware-group-claims","source":"general-news","category":"news","severity":"critical","title":"Australian sugar producer works to restore operations as ransomware group claims attack","description":"Mackay Sugar said it was \"working urgently\" to verify claims that a highly active ransomware group was behind a cyberattack that shut down harvesting and milling operations.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:20:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://therecord.media/mackay-sugar-cyberattack-claimed-gentlemen","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-20253","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-20253 — Splunk Enterprise Missing Authentication for Critical Function Vulnerability","description":"Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.","indicators":{"cves":["CVE-2026-20253"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T00:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.202Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20253","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-48907","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-48907 — Widget Factory Joomla Content Editor Improper Access Control Vulnerability","description":"Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. ","indicators":{"cves":["CVE-2026-48907"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T00:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.202Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48907","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-apollo-pharmacy-blood-glucose-monitoring-system-apg-01-bt","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device.\nThe following versions of Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-mitsubishi-electric-co-s-melsec-iq-f-series-fx5-enet-ip-ethernet-module","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-mitsubishi-electric-melsec-iq-f-series","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Mitsubishi Electric MELSEC iQ-F Series","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection manag…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-05","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-schneider-electric-easergy-ecostruxture-powerlogic-and-saitel-products","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products","description":"View CSAF\nSummary\nSchneider Electric is aware of vulnerabilities in its PowerChute™ Serial Shutdown product. The [PowerChute Serial Shutdown](https://www.se.com/ww/en/product-range/137943580-powerchute-serial-shutdown/#products) product is a UPS management software enabling graceful system shutdown…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-07","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-rockwell-automation-factorytalk-historian-site-edition","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Rockwell Automation FactoryTalk Historian Site Edition","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system.\nThe following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected:\nFactoryTalk Historian SE…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-03","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-aver-ptc-cameras","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"AVer PTC cameras","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow arbitrary code execution.\nThe following versions of AVer PTC cameras are affected:\nPTC500S vers:all/* (CVE-2026-40624)\nPTC115 vers:all/* (CVE-2026-40624)\nPTC500+ vers:all/* (CVE-2026-40624)\nPTC115+ vers:all/* (CVE-2026-40624…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-schneider-electric-easylogic-t150-and-saitel-dp","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Schneider Electric EasyLogic T150 and Saitel DP","description":"View CSAF\nSummary\nSuccessful exploitation this vulnerability could allow an attacker to gain unauthorized access to sensitive files\nThe following versions of Schneider Electric EasyLogic T150 and Saitel DP are affected:\nSchneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Co…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-04","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-rockwell-automation-flex-i-o-ethernet-ip-adapters","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Rockwell Automation FLEX I/O EtherNet/IP Adapters","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability.\nThe following versions of Rockwell Automation FLEX I/O EtherNet/IP Adapters are affected:\n1794-AENTR V2.012 (CVE-2026-0646, CVE-20…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-rockwell-automation-logix-5370-5570-controllers-vulnerable-to-denial-of-service-","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF).\nThe following versions of Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP are affected:\nCompactL…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-03","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-rockwell-automation-rslinx","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Rockwell Automation RSLinx ","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own.\nThe following versions of RSLinx Classic Third-Party Vulnerability are affected:\nRSLinx Classic <=4.50.00 (CVE-2020-13573)…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-02","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-rockwell-automation-factorytalk-analytics-pavilionx","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Rockwell Automation FactoryTalk Analytics PavilionX","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could result in an attacker executing privileged operations.\nThe following versions of Rockwell Automation FactoryTalk Analytics PavilionX are affected:\nFactoryTalk Analytics PavilionX <7.01 (CVE-2025-14272)\nCVSS\nVendor\nEquipment\nVulner…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-rockwell-automation-compactlogix","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Rockwell Automation CompactLogix","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.\nThe following versions of Rockwell Automation CompactLogix are affected:\nCompactLogix 5370 L1\nCompactLogix 5370 L2\nCompactLogix 5370 L3\nCVSS\nVendor\nEquipment\nVulnerabili…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-04","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"vendor-fcc-to-review-telecom-supply-chain-security-reporting-requirements-amid-rising-c","source":"vendor-blogs","category":"advisory","severity":"high","title":"FCC to review telecom supply chain security reporting requirements amid rising cybersecurity, espionage threats","description":"The U.S. Federal Communications Commission (FCC) is seeking public comment on an information collection review tied to its...\nThe post FCC to review telecom supply chain security reporting requirements amid rising cybersecurity, espionage threats appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T15:26:49.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/threats-attacks/fcc-to-review-telecom-supply-chain-security-reporting-requirements-amid-rising-cybersecurity-espionage-threats/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-nist-sp-1339-releases-ot-backup-quick-start-guide-to-boost-industrial-cyber-resi","source":"vendor-blogs","category":"advisory","severity":"high","title":"NIST SP-1339 releases OT Backup Quick Start Guide to boost industrial cyber resilience, accelerate incident recovery","description":"The U.S. National Institute of Standards and Technology (NIST) released Special Publication 1339, an OT (Operational Technology) Backup...\nThe post NIST SP-1339 releases OT Backup Quick Start Guide to boost industrial cyber resilience, accelerate incident recovery appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:18:39.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/nist/nist-sp-1339-releases-ot-backup-quick-start-guide-to-boost-industrial-cyber-resilience-accelerate-incident-recovery/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-cisc-unveils-enhanced-cirmp-rules-to-address-ai-legacy-systems-supply-chain-and-","source":"vendor-blogs","category":"advisory","severity":"high","title":"CISC unveils Enhanced CIRMP Rules to address AI, legacy systems, supply chain, and insider risks across critical infrastructure","description":"Australia’s Cyber and Infrastructure Security Centre (CISC) announced enhanced security requirements to strengthen protections for the nation’s critical...\nThe post CISC unveils Enhanced CIRMP Rules to address AI, legacy systems, supply chain, and insider risks across critical infrastructure appeare…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T05:51:31.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/regulation-standards-and-compliance/cisc-unveils-enhanced-cirmp-rules-to-address-ai-legacy-systems-supply-chain-and-insider-risks-across-critical-infrastructure/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"malbaz-a558714eb3c35a8f99c7991292f45b3edf3af2e08c151b6f74afb0691c189851","source":"malware-bazaar","category":"malware","severity":"high","title":"data_x86_64","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"d825cbe08ea10150385fe97f1e95779b","sha1":"8d7f1ad5f017d81502cc7afa8d0e1b4b92b90494","sha256":"a558714eb3c35a8f99c7991292f45b3edf3af2e08c151b6f74afb0691c189851"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:57:13Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/a558714eb3c35a8f99c7991292f45b3edf3af2e08c151b6f74afb0691c189851/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-4121a0bfb7059830e5ec9cc01126e37a5840987833ed524707356ae493d29b33","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.arm7","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"807c73039d6f413d6f496bac16cb4f2a","sha1":"0d65ac92f0ab24da9a7493ac973fdfb4d627f112","sha256":"4121a0bfb7059830e5ec9cc01126e37a5840987833ed524707356ae493d29b33"}},"tags":["elf","Mirai","upx-dec","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:56:33Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/4121a0bfb7059830e5ec9cc01126e37a5840987833ed524707356ae493d29b33/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-b92abe3dde271635548f3b6c2e93f24548c2f11611bac731d6e01d835ec95775","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.arm5","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"4108ab76360876c3d7e863193df66de8","sha1":"f720556c0f788a02121e14efaac69857f1bd8234","sha256":"b92abe3dde271635548f3b6c2e93f24548c2f11611bac731d6e01d835ec95775"}},"tags":["elf","Mirai","upx-dec","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:55:52Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/b92abe3dde271635548f3b6c2e93f24548c2f11611bac731d6e01d835ec95775/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-d0345ab1663c0153617184e5c970a566e0b8965ab364a1c9eea7cdecad15cd61","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.arm7","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"992a89dd9d5edcca926b68e4afab8188","sha1":"1e1bb6b35dbaa899052e3a48fa91d27688f104bb","sha256":"d0345ab1663c0153617184e5c970a566e0b8965ab364a1c9eea7cdecad15cd61"}},"tags":["elf","Mirai","upx","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:55:40Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/d0345ab1663c0153617184e5c970a566e0b8965ab364a1c9eea7cdecad15cd61/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-ce0b3137383e4112269155f36dfa6c238f6e4d57d73555c15b2c4ef796afbab3","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.arm5","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"356a1243d88a22d8221d57aea7c3caa0","sha1":"abfd63d9eb74c5e6167850a2ef375e81893adab5","sha256":"ce0b3137383e4112269155f36dfa6c238f6e4d57d73555c15b2c4ef796afbab3"}},"tags":["elf","upx"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-22T02:54:29Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/ce0b3137383e4112269155f36dfa6c238f6e4d57d73555c15b2c4ef796afbab3/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-0238e06a1ac58756abb6a5d261aa720ee600d7a8bf16fc50bf134251f6df5efd","source":"malware-bazaar","category":"malware","severity":"high","title":"data_x86","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"0bcc0ba9cec4a6580ab067f1b33876dc","sha1":"b69a1964323a8b04985028616e15338f35324b90","sha256":"0238e06a1ac58756abb6a5d261aa720ee600d7a8bf16fc50bf134251f6df5efd"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:53:19Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/0238e06a1ac58756abb6a5d261aa720ee600d7a8bf16fc50bf134251f6df5efd/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-3b11d33e8f3ca26375350fe631f78c09d42a017d156c8022b74c4a9c280c1381","source":"malware-bazaar","category":"malware","severity":"high","title":"data_mipsel","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"e887f45934e73f7257aa5fd81fb1cba3","sha1":"99892a76c13ed20a478b8843e65f33764f691df6","sha256":"3b11d33e8f3ca26375350fe631f78c09d42a017d156c8022b74c4a9c280c1381"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:50:33Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/3b11d33e8f3ca26375350fe631f78c09d42a017d156c8022b74c4a9c280c1381/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-3585bbb1adae6cca2e8c084e893cc05c81c11fab54f53c22567bc683aa0f8774","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.sh4","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"caee427aa16d2ec15ded83a7934d7ce4","sha1":"958cf6ea61616a5441fad255ef1a4b1e5f1626fa","sha256":"3585bbb1adae6cca2e8c084e893cc05c81c11fab54f53c22567bc683aa0f8774"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:50:31Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/3585bbb1adae6cca2e8c084e893cc05c81c11fab54f53c22567bc683aa0f8774/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-9a73e54c5aaf4ae3291fd4ae23059c5a9bfbebd4abbf794d1840362a81bfb9ec","source":"malware-bazaar","category":"malware","severity":"high","title":"data_mips","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"340c04ab6937d66e9147488c236183ec","sha1":"46dc3a8244b871c3b11f19f676bb3688d335ae1a","sha256":"9a73e54c5aaf4ae3291fd4ae23059c5a9bfbebd4abbf794d1840362a81bfb9ec"}},"tags":["elf","Gafgyt","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:50:30Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/9a73e54c5aaf4ae3291fd4ae23059c5a9bfbebd4abbf794d1840362a81bfb9ec/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-f197de37ab531b3db10d24757e3668602901389878afe2e11546a3f6be5d818d","source":"malware-bazaar","category":"malware","severity":"high","title":"k.php","description":"File type: sh | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"e66f444d93ca51f3a3630e847b29bbd9","sha1":"f96c95e4dc4cf85aa315a34d4815225f2324b0d1","sha256":"f197de37ab531b3db10d24757e3668602901389878afe2e11546a3f6be5d818d"}},"tags":["sh"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-22T02:48:11Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/f197de37ab531b3db10d24757e3668602901389878afe2e11546a3f6be5d818d/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-639015f49fe00afa52244a61ddc8b32969ce8c884fc709281cb1f2938b447e4a","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.m68k","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"cf1d682e438d6a4abf7750dae5e07739","sha1":"28132b173a0b5cad81efc69bf6ec11eaaf0efe61","sha256":"639015f49fe00afa52244a61ddc8b32969ce8c884fc709281cb1f2938b447e4a"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:46:43Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/639015f49fe00afa52244a61ddc8b32969ce8c884fc709281cb1f2938b447e4a/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-c03210e941c3de902810021ae1364922f797eb3432f5d4390d3982c495961d36","source":"malware-bazaar","category":"malware","severity":"high","title":"data_arm7","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"44e38bcd5b2a92cb32d7e794b3b150ef","sha1":"e0faa89c46071c3d554513ad1f08d07563963ce4","sha256":"c03210e941c3de902810021ae1364922f797eb3432f5d4390d3982c495961d36"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:45:30Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/c03210e941c3de902810021ae1364922f797eb3432f5d4390d3982c495961d36/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-a3cb43a29e0f181f1145426e70fccdce8e04ce82c667ab0861426f31670e75a5","source":"malware-bazaar","category":"malware","severity":"high","title":"data_mips-uclibc","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"a4f2c59ced19e9a2ae4868be4aabc945","sha1":"6ba0f101b6bc7293221ad9cce2eac1ecbc627ffa","sha256":"a3cb43a29e0f181f1145426e70fccdce8e04ce82c667ab0861426f31670e75a5"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:45:29Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/a3cb43a29e0f181f1145426e70fccdce8e04ce82c667ab0861426f31670e75a5/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-9bbed06deb57b262ed1a74cdb6d17ca21161163cbada6538267b6afd00e61cb6","source":"malware-bazaar","category":"malware","severity":"high","title":"data_powerpc","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"a8aaa95c71829fa18af3cd9799954962","sha1":"2d0fe4b80d5064ed72dad730e4c26e60506517f3","sha256":"9bbed06deb57b262ed1a74cdb6d17ca21161163cbada6538267b6afd00e61cb6"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:43:10Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/9bbed06deb57b262ed1a74cdb6d17ca21161163cbada6538267b6afd00e61cb6/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-84bf32c6c5852dcfe76cfe8ce6b40a4408603b3e52137a9562bfddbaddc760b2","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.mips","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"74e71ccc947d89710a89e6055c25178f","sha1":"18dc5ac54947125482d8ee2e5fd89e11400715cf","sha256":"84bf32c6c5852dcfe76cfe8ce6b40a4408603b3e52137a9562bfddbaddc760b2"}},"tags":["elf","Mirai","upx-dec","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:40:51Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/84bf32c6c5852dcfe76cfe8ce6b40a4408603b3e52137a9562bfddbaddc760b2/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-84a09f4fdf90abd5364f982b3d7d49aabf862a38bc78b66bf23014daaf19d8ae","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.mips","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"6c54dc573e8fdb22cc507602674636d7","sha1":"dd3ddefdd068758e48d29a10d1ea2d88c150faeb","sha256":"84a09f4fdf90abd5364f982b3d7d49aabf862a38bc78b66bf23014daaf19d8ae"}},"tags":["elf","Mirai","upx","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:39:19Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/84a09f4fdf90abd5364f982b3d7d49aabf862a38bc78b66bf23014daaf19d8ae/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-fcc9249b4f188e5a66fca4fd3811585f16438e7dd0542301f1575209010fad90","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.x86","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"6b406c155f39aaaadb6f988b63e30f76","sha1":"4d12d9960de695d0e8bdb5f79497e8c8f181f367","sha256":"fcc9249b4f188e5a66fca4fd3811585f16438e7dd0542301f1575209010fad90"}},"tags":["elf","Mirai","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:34:19Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/fcc9249b4f188e5a66fca4fd3811585f16438e7dd0542301f1575209010fad90/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-2ec11059183fff0a0da44a9e8a4bffea0d55dd8e31dc966bbb52c5435530dc48","source":"malware-bazaar","category":"malware","severity":"high","title":"ok","description":"File type: sh | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"873970375886a32afcc8c2a885c4d52c","sha1":"8ed7ed488f074eb7bcf5cc856b43d07a192ebdf3","sha256":"2ec11059183fff0a0da44a9e8a4bffea0d55dd8e31dc966bbb52c5435530dc48"}},"tags":["Mirai","sh","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:34:18Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/2ec11059183fff0a0da44a9e8a4bffea0d55dd8e31dc966bbb52c5435530dc48/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-c6473b0fc4ebd18ab4ffe6771c77cece197e40299cac3745bbc12c0bea2261bf","source":"malware-bazaar","category":"malware","severity":"high","title":"file","description":"File type: exe | Reporter: Bitsight","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"41dced704c3d94e43df2e751629ac5ac","sha1":"d4ff06a9937544058e1578e57a4e49fb346b9e80","sha256":"c6473b0fc4ebd18ab4ffe6771c77cece197e40299cac3745bbc12c0bea2261bf"}},"tags":["54e64e","dropped-by-Amadey","exe"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-22T02:33:26Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/c6473b0fc4ebd18ab4ffe6771c77cece197e40299cac3745bbc12c0bea2261bf/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-5ea5fd6006918909f9026626019e19b00f8935ec9f03b9cab6d8f88ac8c77e8c","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.arm6","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"c3c863ec3c05591b0b7143a0ead85901","sha1":"2ddbad1e2d138648fab1dd713e739c9d33b84dd7","sha256":"5ea5fd6006918909f9026626019e19b00f8935ec9f03b9cab6d8f88ac8c77e8c"}},"tags":["elf","Mirai","upx-dec","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:33:22Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/5ea5fd6006918909f9026626019e19b00f8935ec9f03b9cab6d8f88ac8c77e8c/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-0d4ecc9f1c7e94da3e93389cc98088fe162a4ef1ba90d54330411fd92ea3ed3a","source":"malware-bazaar","category":"malware","severity":"high","title":"sora.arm6","description":"File type: elf | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"c49410048280d5045bf9b3db7253dd3f","sha1":"9db97a15da70e9bb43689fc1199b8d8b457181bc","sha256":"0d4ecc9f1c7e94da3e93389cc98088fe162a4ef1ba90d54330411fd92ea3ed3a"}},"tags":["elf","Mirai","upx","botnet"],"malwareFamily":"Mirai","confidence":null,"publishedAt":"2026-06-22T02:33:07Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/0d4ecc9f1c7e94da3e93389cc98088fe162a4ef1ba90d54330411fd92ea3ed3a/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-2c5260360de10f214b6ed6b612ad463bb5341ffd17d4900b50bf607d4e94d17e","source":"malware-bazaar","category":"malware","severity":"high","title":"loader.zip","description":"File type: zip | Reporter: Kejult","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"818f02e595eb7faa11e0812a11c4a110","sha1":"2590e55014369f1cc7280596d52e147f3da07065","sha256":"2c5260360de10f214b6ed6b612ad463bb5341ffd17d4900b50bf607d4e94d17e"}},"tags":["bun","exe","NWHStealer","stealer","zip"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-22T02:17:16Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/2c5260360de10f214b6ed6b612ad463bb5341ffd17d4900b50bf607d4e94d17e/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-967e1665f6935556bdaf20d9060eb03d45382a5c0dd232675daac3c6962e2a86","source":"malware-bazaar","category":"malware","severity":"high","title":"YimMenuV2.dll","description":"File type: exe | Reporter: Kejult","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"51a41100fbe14088241bc9a977c820a8","sha1":"c7992d4bc8a2018578a46741548f53aa6a81ad88","sha256":"967e1665f6935556bdaf20d9060eb03d45382a5c0dd232675daac3c6962e2a86"}},"tags":["dll","exe","GameHack","Riskware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-22T02:07:35Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/967e1665f6935556bdaf20d9060eb03d45382a5c0dd232675daac3c6962e2a86/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-3898a662f25925b6b46700297832940cfc026f5e59815fe670328a0213094a3b","source":"malware-bazaar","category":"malware","severity":"high","title":"Requirement.vbs","description":"File type: vbs | Reporter: threatcat_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"862ce69fbc11bac8f9f122cd40967f63","sha1":"7f574cc31b6a54f454d962344969a55bf64f8afb","sha256":"3898a662f25925b6b46700297832940cfc026f5e59815fe670328a0213094a3b"}},"tags":["vbs"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-22T02:03:33Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/3898a662f25925b6b46700297832940cfc026f5e59815fe670328a0213094a3b/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-0b8cae277bf0e3f0f33c5c44e5fd0dac50278086dd5769f9d96c44d748d8a90b","source":"malware-bazaar","category":"malware","severity":"high","title":"SynInstallerV2.exe","description":"File type: exe | Reporter: Kejult","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"72cc8e3d5bb03a4ee445735a529f2e58","sha1":"951bf64ab8bb44148d29ea2ad3499f706d55e711","sha256":"0b8cae277bf0e3f0f33c5c44e5fd0dac50278086dd5769f9d96c44d748d8a90b"}},"tags":["downloader","exe","loader","SalatStealer"],"malwareFamily":"SalatStealer","confidence":null,"publishedAt":"2026-06-22T02:00:44Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/0b8cae277bf0e3f0f33c5c44e5fd0dac50278086dd5769f9d96c44d748d8a90b/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-e9b9e9b3ba47548c9f0937837bf16550f573c25f7405e8cfbf45519d79ccde4e","source":"malware-bazaar","category":"malware","severity":"high","title":"rDirectricesdepol__ticasparaempleados_2026_pdf.exe","description":"File type: exe | Reporter: fabiodemartin","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"b0e14b749d6ea74efedde6ca496b45d0","sha1":"a0a473dd0296e295d3802c77bbe5766ffb333b0b","sha256":"e9b9e9b3ba47548c9f0937837bf16550f573c25f7405e8cfbf45519d79ccde4e"}},"tags":["exe","GuLoader","signed"],"malwareFamily":"GuLoader","confidence":null,"publishedAt":"2026-06-22T02:00:07Z","fetchedAt":"2026-06-22T03:00:01.553Z","references":[{"url":"https://bazaar.abuse.ch/sample/e9b9e9b3ba47548c9f0937837bf16550f573c25f7405e8cfbf45519d79ccde4e/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a105530af26afbd3752ab81","source":"otx","category":"threat-intel","severity":"high","title":"Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload","description":"Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and Po…","indicators":{"cves":["CVE-2018-0802","CVE-2025-55182","CVE-2025-68670"],"ips":[],"domains":["allgoodsdirect.com.au","istochnik.org","onedrivesupport.net","agenciakharis.com.br","alnakhlah.com.sa","amerikastaj.com","bigbang.me","cloudguide.in","fishingflytackle.com","goverru.com","humanitas.si","internationalcommoditiesllc.com","investika-club.com","kufar.org","lafortunaitalian.co.uk","landscapeuganda.com","mamurjor.com","spbnews.net","tenkoff.org","totallegacy.org","ultimatecore.net","wizzifi.com","znews.net","firsai.tipshub.net"],"urls":[],"hashes":{"md5":"fb0f8027acf1b1e47e07a63d8812ed50","sha1":"a1e11a22eb07047a94de9a59a589178cbc78e1da","sha256":"88dc7beba703964cccb84225c7243cd43a28694fb031a42240b0e56894e7a9c9"}},"tags":["vbcloud","netsupport rat","powershower","reversesocks","phantomheart","valleyrat","powercloud","cloud atlas","apt","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-05-22T13:08:00.327Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a105530af26afbd3752ab81","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a0f8f36422c8adb515a9804","source":"otx","category":"threat-intel","severity":"high","title":"Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 Providers","description":"Between February and May 2026, over 1,350 active command-and-control servers were identified across 98 infrastructure providers spanning 14 Middle Eastern countries. Saudi Arabia's STC hosted 981 C2 servers, representing 72.4% of all regional malicious infrastructure, the largest concentration globa…","indicators":{"cves":["CVE-2025-11953"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["netsupport rat","termite","telecommunications","asyncrat","soullessrat","bulletproof hosting","middle east","offensive frameworks","phexia","phorpiex","xmrig","twizt","dynowiper","echogather","maas platforms","c2 infrastructure","tactical rmm","lockbit black","gophish","hajime","espionage campaigns","sliver","prism x","iot botnets","hellsuchecker","aquilarat","cobalt strike","cve-2025-11953","acunetix","mirai","keitaro","mozi","rondodox","ransomware","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-05-21T23:03:18.109Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a0f8f36422c8adb515a9804","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a3526fcbaffc5909dd73ce4","source":"otx","category":"threat-intel","severity":"high","title":"Operation Poisson – Analyzing a Cybercriminal’s Entire Operation","description":"A comprehensive analysis of 339 commands issued by a French-speaking threat actor nicknamed 'Poisson' over 33 days, targeting a French automotive small business and four French individuals. The attacker utilized a multi-stage fileless attack deploying a 70-line Python keylogger to harvest banking an…","indicators":{"cves":[],"ips":["217.154.162.45","217.154.217.139"],"domains":["wawsenti.duckdns.org","pois43.s3.eu-central-003.backblazeb2.com","sentiwaw.s3.eu-central-003.backblazeb2.com","w456w5.s3.eu-central-003.backblazeb2.com"],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"f06e7e1a4363a01ba2a4fee2e28abdd623abf4194bda373f23ff0e151b5c2b45"}},"tags":["tailscale","rustdesk","poisson","credential-theft","france","keylogger","fileless-attack","openssh","havoc","havoc-c2","vpn-mesh-persistence","botnet","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T11:24:44.247Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a3526fcbaffc5909dd73ce4","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a34c6344468a941c924c02c","source":"otx","category":"threat-intel","severity":"high","title":"Analysis of Gamaredon campaign targeting Ukraine weaponizing CVE-2025-8088","description":"A campaign exploiting the WinRAR path-traversal vulnerability CVE-2025-8088 has been actively targeting Ukraine since February 2026, with ongoing activity through June 2026. The operation uses Ukrainian military and conscription-themed documents as lures, distributed as RAR archives. The malicious a…","indicators":{"cves":["CVE-2025-8088"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"ea610ea6a8d69cb1e93fb79d4a8fa26f","sha1":"d8d789af0ede2ce38a50b516f7603376589ae141","sha256":"1ebbdf3671cd5ca25a8a8e7ca2f6e46dd22c631e01bfcc5c909ae2fd680bf458"}},"tags":["path-traversal","cve-2025-8088","military-lures","conscription-themed","powershell","gamaredon","ukraine","winrar","persistence","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T04:31:48.774Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a34c6344468a941c924c02c","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a3408141101549b20c17550","source":"otx","category":"threat-intel","severity":"high","title":"Okendo Reviews Supply Chain Attack","description":"On May 14, 2026, a supply chain attack was discovered targeting the Okendo Reviews widget, a customer review platform used by over 18,000 brands. The threat actor injected malicious JavaScript code into the legitimate widget, which is deployed on high-traffic e-commerce pages including storefronts a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":["http://cdn-static.okendo.io/reviews-widget-plus/js/okendo-reviews.js","https://api.wigetticks.com/logout/private-response.php?8D1V4th3","https://api.wizzleticks.com/claims/scope-schema.php?4ManBBdA"],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["sectop rat","netsupport","netsupport rat","supply chain attack","smartrat","clickfix","okendo reviews","javascript injection","remcos","stealc","smartapesg","phishing","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T15:00:36.545Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a3408141101549b20c17550","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a3406813fdcd206dd6ba872","source":"otx","category":"threat-intel","severity":"high","title":"Operation Endgame vs. SocGholish Fake Updates","description":"A multinational law enforcement operation called Operation Endgame has successfully disrupted SocGholish, a malware framework operated by threat actor TA569 since 2017. The operation took down 106 servers and domains and remediated nearly 15,000 compromised WordPress websites. SocGholish uses fake b…","indicators":{"cves":[],"ips":[],"domains":["trademark.iglesiaelarca.com","content.garretttrails.org","promo.summat10n.org","billing.roofnrack.us","devel.asurans.com","storehouse.beautysupplysalonllc.com","samples.addisgraphix.com","api-app.uppercrafteroom.com","pa-portal.benningtonspringsmhp.com","shop.steadycompanion.com","platform.exathomeswebuyarizona.com","app-front.anmaradigital.com","js-new.newtoyourgame.com"],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["venomrat","smokeloader","pikabot","evilcorp","wordpress compromise","operation endgame","bumblebee","traffic distribution system","rhadamanthys","danabot","icedid","qakbot","initial access broker","fake updates","domain shadowing","doppelpaymer","hades","ransomhub","socgholish","trickbot","wastedlocker","lockbit","gholoader","frigidstealer","fakeupdates","web inject","ransomware distribution","ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:53:53.014Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a3406813fdcd206dd6ba872","label":"OTX Pulse","domainType":"primary"},{"url":"https://otx.alienvault.com/pulse/6a340682e2ce31882868e7f1","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a3363abf0061625f1a7b54a","source":"otx","category":"threat-intel","severity":"high","title":"Twitter Feed - nextronresearch - 17-06-2026","description":"SideCopy, also tracked as APT36 or Transparent Tribe, has launched a new attack campaign targeting Indian defense personnel using a fake 'Minutes Of Meeting' document as lure. The attack employs an identical playbook to previous operations: a double-extension Minutes Of Meeting.docx.lnk file execute…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"e9f8a7e6275c263d2a1c9c5c9725addbf484c77c1aa8387093c16f50ebdc11ab"}},"tags":["rat","indian defense targeting","double extension","decoy document","pdfdocs rat","persistence hkcu","powershell stager","apt36","transparent tribe","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T03:19:07.460Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a3363abf0061625f1a7b54a","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a32a34570e116fb4e3621e7","source":"otx","category":"threat-intel","severity":"high","title":"From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware","description":"INC has evolved from an emerging ransomware-as-a-service operation into one of the most active groups in 2026, claiming over 800 victims since 2023. The disruption of LockBit and BlackCat's shutdown created opportunities for INC to expand as affiliates migrated. Both Windows and Linux/ESXi encryptor…","indicators":{"cves":["CVE-2023-3519","CVE-2023-48788","CVE-2024-57727","CVE-2025-5777"],"ips":[],"domains":["incblog.su","incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion","incpaykabjqc2mtdxq6c23nqh4x6m5dkps5fr6vgdkgzp5njssx6qkid.onion"],"urls":[],"hashes":{"md5":"eb37c4fcfc00d3813ab94f4d59378b47","sha1":"70331fdf528f4f5b75b5e30427e379bc88aa05b4","sha256":"ff5da8f0330a4c581c37284c74aae2683c007dc6e406e1e2e6803e7bb398b77b"}},"tags":["cve-2025-5777","encryption","double-extortion","lynx","cobalt strike","raas","sinobi","cve-2024-57727","ransomware-as-a-service","rust-based","inc","cve-2023-3519","veeam-credential-dumping","cve-2023-48788","data-leak-site","vmware-esxi","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T13:38:13.113Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a32a34570e116fb4e3621e7","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a325eca53b232c21f5b84ff","source":"otx","category":"threat-intel","severity":"high","title":"New APT-Q-27 sample spotted","description":"A new campaign has been identified utilizing a valid digital signature from a Chinese technology company that remains unrevoked. The attack chain employs a dropper that retrieves an extension-based module list from command and control infrastructure. The malicious payloads exploit DLL Side-Loading t…","indicators":{"cves":[],"ips":[],"domains":["api.keensie.com"],"urls":["http://api.keensie.com:5198/"],"hashes":{"md5":"130fbe74fea31b30b59b071ccf22bf68","sha1":null,"sha256":null}},"tags":["dropper","dll side-loading","chinese threat actor","apt-q-27","tencent","digital signature abuse","apt","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T08:46:02.049Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a325eca53b232c21f5b84ff","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a316151d9ab4af59e56576d","source":"otx","category":"threat-intel","severity":"high","title":"Attackers Weaponize Microsoft Teams Relays to Stay Hidden","description":"Attackers deploying DragonForce ransomware against a major U.S. services firm concealed their command-and-control traffic within Microsoft Teams relay infrastructure using Backdoor.Turn, a custom Go-based remote access trojan. This novel technique leverages anonymous Teams visitor tokens and TURN re…","indicators":{"cves":["CVE-2025-61155","CVE-2023-52271","CVE-2025-1055"],"ips":["62.164.177.25"],"domains":["comunidadesparentais.com.br","glanz-gmbh.de","mysimerp.net","professionalhomebasedbusiness.com","projetosmecanicos.com.br","safefire.jo","socialbizsolutions.com","turnkeyaiagents.com"],"urls":["http://192.36.27.51/TechSupV18Fix3.zip"],"hashes":{"md5":"ecb1d69999a730760b3c5654920f0ef6","sha1":"b4ddb0adf94e28b53e392900c5ff2f538616441b","sha256":"f174c19902523dcf005fa044b6598403a5e5c0a5982398d1bc0dcc5ec1cd351b"}},"tags":["dragonforce","dll side-loading","ransomware","byovd","cve-2023-52271","cve-2025-61155","cve-2025-1055","turn relay","credential theft","vulnerable drivers","backdoor.turn","microsoft teams abuse","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:44:33.091Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a316151d9ab4af59e56576d","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a305377d29f8bfdadc72786","source":"otx","category":"threat-intel","severity":"high","title":"Public and Private Medical Community Targeted by Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research","description":"A sophisticated espionage campaign attributed to UNC6508, a China-nexus threat actor, targeted North American academic, medical, and military research institutions for over a year. The adversary exploited REDCap servers, deployed custom INFINITERED malware to harvest credentials, and maintained pers…","indicators":{"cves":[],"ips":["23.169.65.49"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"db65c1b9f9e4cb4d729f45ad4b6fcf3e277caf9eb4c875425dec93fd883f9136"}},"tags":["medical research targeting","unc6508","infinitered","credential harvesting","redcap exploitation","china-nexus","email exfiltration","content compliance abuse","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T19:33:11.979Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a305377d29f8bfdadc72786","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a30d0b403db287f819b47e9","source":"otx","category":"threat-intel","severity":"high","title":"WebAssembly Malware Found in Trojanized Open VSX Extensions","description":"Trojanized Visual Studio Code extensions distributed via the Open VSX marketplace deliver a sophisticated WebAssembly-based attack chain. The extensions ship ChaCha20-encrypted TinyGo-compiled WebAssembly modules that poll the Solana blockchain for command-and-control instructions embedded in transa…","indicators":{"cves":[],"ips":["45.150.34.158"],"domains":["dodod.lat"],"urls":["http://dodod.lat/darwin/i/_","http://dodod.lat/linux/i/_","http://dodod.lat/win32/i/_","https://dodod.lat/","https://dodod.lat/darwin/i/_","https://dodod.lat/linux/i/_","https://dodod.lat/win32/i/_"],"hashes":{"md5":"f595fb7867beb76b4deab53fa328e0a2","sha1":"c0ed7d575fe8085e942898c9a26f15992c895ba9","sha256":"558b4f1d9a263c13756ab0126c09dd080c85ba405b29488e1c4e6aa68b554f1f"}},"tags":["glasswasm","cryptocurrency targeting","dead-drop c2","webassembly","chacha20 encryption","supply chain","tinygo","vs code extensions","open vsx","solana blockchain","botnet","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T04:27:32.065Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a30d0b403db287f819b47e9","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-arystinger-botnet-infected-thousands-of-d-link-routers-worldwide","source":"general-news","category":"news","severity":"high","title":"AryStinger botnet infected thousands of D-Link routers worldwide","description":"A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-21T14:14:22.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/arystinger-botnet-infected-thousands-of-d-link-routers-worldwide/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers","source":"general-news","category":"news","severity":"high","title":"Microsoft links Mastra AI supply chain attack to North Korean hackers","description":"Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T14:09:19.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-threatsday-bulletin-claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-","source":"general-news","category":"news","severity":"high","title":"ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories","description":"The internet did not break this week. It got used exactly as designed, which is worse.\n\nSearches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T15:27:54.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/threatsday-bulletin-claude-chat-abuse.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-details-windows-clipper-malware-campaign-using-usb-lnk-worm-and-tor-ba","source":"general-news","category":"news","severity":"high","title":"Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2","description":"Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has\n targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication.\n\"The clipper in this…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:30:42.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/microsoft-details-windows-clipper.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-junior-hacker-used-tailscale-and-openssh-to-keep-access-after-his-c2-went-offlin","source":"general-news","category":"news","severity":"high","title":"Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline","description":"A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.\n\nOrdinary stuff, until one move near the end.\n\nBefore his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim's machine, building a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T16:00:56.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-145-mastra-npm-packages-compromised-via-hijacked-contributor-account","source":"general-news","category":"news","severity":"high","title":"145 Mastra npm Packages Compromised via Hijacked Contributor Account","description":"As many as 145 npm packages associated with the Mastra namespace (\"@mastra/*\"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from E…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T07:38:24.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-china-linked-sprysocks-backdoor-expands-to-windows-with-driver-based-stealth","source":"general-news","category":"news","severity":"high","title":"China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth","description":"Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.\n\n\"The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,\" ESET said in a report shared with The Hacker News. \"Both come with…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T09:44:34.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/china-linked-sprysocks-backdoor-expands.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrik","source":"general-news","category":"news","severity":"high","title":"In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum","description":"Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover.\nThe post In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStri…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T15:23:36.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.securityweek.com/in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrike-probe-aws-continuum/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-cybersecurity-firms-impacted-by-klue-supply-chain-attack","source":"general-news","category":"news","severity":"high","title":"Cybersecurity Firms Impacted by Klue Supply Chain Attack","description":"The hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future.\nThe post Cybersecurity Firms Impacted by Klue Supply Chain Attack appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T09:19:06.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.securityweek.com/cybersecurity-firms-impacted-by-klue-supply-chain-attack/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-15-000-wordpress-websites-cleaned-up-in-socgholish-botnet-takedown","source":"general-news","category":"news","severity":"high","title":"15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown ","description":"Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame.\nThe post 15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown  appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T06:46:44.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.securityweek.com/15000-wordpress-websites-cleaned-up-in-socgholish-botnet-takedown/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-sprysocks-backdoor-expands-from-linux-to-windows","source":"general-news","category":"news","severity":"high","title":"SprySOCKS Backdoor Expands From Linux to Windows","description":"China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:30:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/sprysocks-backdoor-windows/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-accenture-to-buy-dragos-runzero-and-netrise-in-4-2-billion-cybersecurity-deal","source":"general-news","category":"news","severity":"high","title":"Accenture to buy Dragos, runZero, and NetRise in $4.2 billion cybersecurity deal","description":"Accenture is expanding its position with the acquisition of a majority stake in Dragos and all of runZero and NetRise to deliver end-to-end operational technology (OT) security for the critical infrastructure and industrial operations underpinning power grids, pipelines, manufacturing, distribution…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T09:06:42.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.helpnetsecurity.com/2026/06/19/accenture-dragos-runzero-netrise-acquisition/","label":"Help Net Security","domainType":"media"}],"feedLabel":null},{"id":"news-police-raid-malware-network-tied-to-russia-s-evil-corp-hacker-group","source":"general-news","category":"news","severity":"high","title":"Police raid malware network tied to Russia's Evil Corp hacker group","description":"An international operation targeted the SocGholish botnet, which has been linked to the Russia-based cybercrime group Evil Corp.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T12:57:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://therecord.media/socgholish-botnet-disrupted","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-authorities-disrupt-evil-corp-s-socgholish-botnet","source":"general-news","category":"news","severity":"high","title":"Authorities disrupt Evil Corp’s SocGholish botnet","description":"Cybersecurity firms, researchers and officials took down 106 servers and remediated nearly 15,000 sites that were infected with the malware.\nThe post Authorities disrupt Evil Corp’s SocGholish botnet appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T22:03:32.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://cyberscoop.com/socgholish-malware-botnet-takedown-evilcorp/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-accenture-shells-out-4-18b-on-three-companies-in-big-industrial-cybersecurity-pu","source":"general-news","category":"news","severity":"high","title":"Accenture shells out $4.18B on three companies in big industrial cybersecurity push","description":"The consulting giant’s majority stake in Dragos, along with the purchase runZero and NetRise, marks its first major push into operational technology software as AI-driven threats to critical infrastructure intensify.\nThe post Accenture shells out $4.18B on three companies in big industrial cybersecu…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T15:05:03.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://cyberscoop.com/accenture-industrial-cybersecurity-acquisition-dragos-netrise-runzero/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"cisa-adv-cisa-urges-hardening-fortinet-devices-after-reports-of-credential-exposure","source":"cisa-advisories","category":"advisory","severity":"medium","title":"CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure","description":"CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with appro…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposure","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"threatfox-1834908","source":"threatfox","category":"threat-intel","severity":"medium","title":"payload: undefined","description":"https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ContagiousInterview","akira","elf","Ransomware","note","ransomnote","ClickFix","crypter","rundll32","WebDav","hta-polyglot","Loader","msix","IoT","Mozi","China","CrowDoor","FamousSparrow","Telecom","TernDoor","TropicTrooper","UAT-9244","malicious","Kongtuke","python-backdoor","winpython","Sheet Rat","SheetRAT","powershell-loader","RC4","Dropper","fake-document","logmein-resolve","rmm","vbs","discord-c2","golang","infostealer","vileransomware","Downloader","iran","mois","MuddyWater","stagecomp","fingerfix","ironpython","tcp79","ransomware","botnet"],"malwareFamily":"Meterpreter","confidence":100,"publishedAt":"2026-06-21T16:40:53Z","fetchedAt":"2026-06-22T03:00:01.200Z","references":[{"url":"https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/file/c343f53916747c5b8a60aed844b1882863f432af65867297edf1913f167c4f68","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/13420d64ce091f6dc0505d5a2ca5858f6080f3d91580459c2284bd68fdcb1979","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/27.37.111.24:48041","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/110.37.13.96:37828","label":"ThreatFox","domainType":"other"},{"url":"https://honeylabs.net/lookup/77.110.122.49","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/24adb118a6f7a8d717bb3d3329c33f6b0eb39046a8fb7f2b3a1fff21436bf7d2","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/bb4e08d8d96ace12a659a07d0ede31546e121176321b1d0f8cd15fe0f62127c0","label":"ThreatFox","domainType":"other"},{"url":"https://github.com/yankywilson/terndoor-uat9244","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/file/3d1d192e9879d33a954ea6e5eb0199cd3cb03622d88f2aebd50074eade956f61","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/9e4235c530fc10df9225e9ab98095d7a19d35f9e4ebf50a74dcb4b1e7bf86170","label":"ThreatFox","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/725162f784b4438559ad5c434a0cb6f634a2a09f2aba1e4d5e5047f6e37f15a0","label":"ThreatFox","domainType":"other"},{"url":"https://github.com/yankywilson/vile-ransomware-cti","label":"ThreatFox","domainType":"primary"},{"url":"https://github.com/yankywilson/muddywater-stagecomp-moonzonet","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/ip-address/38.110.228.124","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"otx-6a3447ad5cdebd92116d1c01","source":"otx","category":"threat-intel","severity":"medium","title":"Popa: From Sourcing to Distribution","description":"An Android proxyware SDK named Popa enrolls consumer devices including phones, tablets, and streaming boxes into a commercial residential proxy network. Operating since at least 2020, Popa and its variants (Loopop, Neupop, and Moneytiser) are distributed inside consumer streaming, IPTV, and utility…","indicators":{"cves":[],"ips":["172.105.19.27","51.161.86.9","141.95.98.71","134.195.196.245","134.195.196.85","139.162.174.86","148.113.190.175","38.89.70.214","38.99.82.188","216.106.189.146","67.220.70.69","38.99.82.9","134.195.196.184","134.195.198.2","134.195.198.52","135.125.160.44","135.181.116.42","135.181.18.95","135.181.57.111","135.181.61.18","135.181.61.24","135.181.75.30","141.94.199.151","141.94.199.152","141.94.29.105","141.94.73.20","141.95.126.97","141.95.33.100","141.95.33.108","141.95.33.112","141.95.33.117","141.95.33.143","141.95.35.96","141.95.35.97","141.95.98.156","141.95.98.158","141.95.98.159","141.95.98.164","141.95.98.173","141.95.98.174","141.95.98.175","141.95.98.176","141.95.98.177","146.59.47.171","146.59.54.55","146.59.54.8","146.59.81.145","146.59.81.179","146.59.81.182","146.59.84.15","146.59.85.8","148.113.162.52","148.113.220.152","148.113.222.71","149.56.29.107","15.235.12.25","15.235.222.55","15.235.224.157","15.235.224.224","15.235.228.121","15.235.233.16","15.235.233.20","15.235.53.67","15.235.65.66","15.235.65.97","15.235.82.174","15.235.85.237","15.235.85.238","15.235.85.93","15.235.86.140","15.235.9.81","157.90.4.34","157.90.4.97","158.51.120.61","158.51.121.121","158.51.121.126","158.51.121.30","158.51.121.39","158.51.121.83","162.19.139.106","162.19.72.85","162.19.88.205","162.19.88.213","167.17.64.20","167.88.61.114","172.99.188.236","172.99.189.20","172.99.189.67","172.99.189.88","186.190.215.121","194.195.125.168","198.244.165.186","198.244.212.119","198.57.27.30","216.106.189.33","37.27.55.79","38.110.1.157","38.111.114.193","38.114.120.146","38.114.120.238","38.114.120.39","38.114.120.72","38.22.17.181","38.22.17.205","38.22.17.218","38.86.135.91","51.195.24.11","51.195.24.3","51.195.24.58","51.195.24.59","51.195.24.6","51.195.24.60","51.222.248.165","51.77.190.206","51.89.11.179","51.89.11.192","51.89.11.246","54.38.13.215","57.128.125.81","57.128.192.112","57.128.231.167","57.128.231.196","57.128.97.134","57.129.39.245","57.129.39.247","57.129.49.77","57.129.52.203","57.129.54.85","57.129.64.89","57.129.96.136","65.108.9.68","65.109.27.93","65.109.28.33","65.21.226.195","66.163.117.114","66.163.117.132","66.228.34.25","67.220.66.55","67.220.70.142","67.220.70.43","67.220.70.91","67.220.74.119","67.220.94.39","67.220.94.47","85.90.247.42","91.134.20.114"],"domains":["nice-protect.com","house-spirit.com","gmslb.net","rainproxy.io","enigmaproxy.net","fast-mob.com","s01691.novel-layer.com","pulse-vol.com","zen-tava.com","s1.gmslb.net","s1252.gmslb.net","s1244.gmslb.net","gw.netnut.net","sdk.netnut.io","axe-net.com","byte-armor.com","byte-buff.com","cool-horizon.com","digiproxy.cc","earth2trust.com","flashproxy.com","flexible-networks.com","grid-push.com","iprocket.io","link-flux.com","litics-net.com","mob-hit.com","net-echo.com","nova-lan.com","novel-layer.com","noverland.com","sdkmob.org","shield-sky.com","sky-borders.com","star-layer.com","swift-zip.com","tera-home.com","vault-sentinel.com","viki-play.com","voltix-net.com","worker-net.com","world2trust.com","yoursfind.com","zync-stream.com","flix.com.vision","gw-flashproxy-eu.netnut.net","gw-xunjie-ca.netnut.net","gw.rainproxy.io","org.speedcheck.sclibrary.support","presi-eu.enigmaproxy.net","proxy.iprocket.io","resi-digiproxy.netnut.net","residential.digiproxy.cc","s01679.gmslb.net","s01683.flexible-networks.com","s01687.gmslb.net","s01689.grid-push.com","s01692.tera-home.com","s01693.gmslb.net","s01695.grid-push.com","s01696.noverland.com","s01697.gmslb.net","s01698.gmslb.net","s01699.nova-lan.com","s01700.novel-layer.com","s100.gmslb.net","s1234.gmslb.net","s1235.gmslb.net","s1236.gmslb.net","s1237.gmslb.net","s1238.gmslb.net","s1239.gmslb.net","s1240.gmslb.net","s1246.gmslb.net","s1248.gmslb.net","s1250.gmslb.net","s1254.gmslb.net","s1256.gmslb.net","s1258.gmslb.net","s1262.gmslb.net","s1266.gmslb.net","s1272.gmslb.net","s1278.gmslb.net","s1296.net-echo.com","s1310.gmslb.net","s1312.gmslb.net","s1314.noverland.com","s1314.sdkmob.org","s1316.fast-mob.com","s1318.noverland.com","s1320.gmslb.net","s1322.gmslb.net","s1324.gmslb.net","s1326.gmslb.net","s1328.gmslb.net","s1330.sdkmob.org","s1368.byte-buff.com","s1372.nice-protect.com","s1374.grid-push.com","s1380.swift-zip.com","s1382.sdkmob.org","s1386.sdkmob.org","s1480.byte-buff.com","s1483.grid-push.com","s1484.novel-layer.com","s1487.noverland.com","s1488.viki-play.com","s1489.nova-lan.com","s1491.worker-net.com","s1503.nice-protect.com","s1507.worker-net.com","s1511.net-echo.com","s1515.link-flux.com","s1517.viki-play.com","s1519.tera-home.com","s1523.swift-zip.com","s1529.nova-lan.com","s1539.link-flux.com","s1541.net-echo.com","s1549.gmslb.net","s1573.pulse-vol.com","s1587.viki-play.com","s1589.gmslb.net","s1591.gmslb.net","s1593.gmslb.net","s1595.nova-lan.com","s1597.nova-lan.com","s1599.gmslb.net","s1601.grid-push.com","s1605.viki-play.com","s1607.link-flux.com","s1664.link-flux.com","s1688.tera-home.com","s1690.nova-lan.com","s1692.litics-net.com","s1772.nova-lan.com","s1820.net-echo.com","s1822.pulse-vol.com","s1830.net-echo.com","s1832.link-flux.com","s1834.link-flux.com","s1836.gmslb.net","s1838.net-echo.com","s1840.gmslb.net","s1842.gmslb.net","s1844.nova-lan.com","s1846.gmslb.net","s1848.gmslb.net","s1850.gmslb.net","s1851.gmslb.net","s1852.gmslb.net","s1854.gmslb.net","s1856.gmslb.net","s1858.gmslb.net","s1860.gmslb.net","s1861.gmslb.net","s1862.gmslb.net","s1863.gmslb.net","s1864.gmslb.net","s1865.gmslb.net","s1866.gmslb.net","s1868.gmslb.net","s1870.gmslb.net","s1872.gmslb.net","s1874.gmslb.net","s1876.byte-buff.com","s1878.nova-lan.com","s1880.net-echo.com","s1884.gmslb.net","s2.net-echo.com","s205.link-flux.com","s206.sdkmob.org","s209.worker-net.com","s212.nova-lan.com","s217.fast-mob.com","s228.nova-lan.com","s231.worker-net.com","s232.fast-mob.com","s242.link-flux.com","s246.sdkmob.org","s247.fast-mob.com","s251.pulse-vol.com","s256.sky-borders.com","s269.sdkmob.org","s34.flexible-networks.com","s7.nova-lan.com","s72.byte-buff.com","s88.fast-mob.com"],"urls":["http://gw.netnut.net:9595"],"hashes":{"md5":"3a69aedb78677993384dfe9b476e3d26","sha1":"55c0235188c16bd2e18a21fa78d9a39c220b8b73","sha256":"d06b86da3777be0e2156c35f031f503d280a17ee3a1cc531f4c5fb806c0f749b"}},"tags":["residential proxy","netnut","neupop","sdk","moneytiser","hopanet","popa","loopop","proxyware","android","consent bypass","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T19:31:57.309Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a3447ad5cdebd92116d1c01","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a34874a01c1f77a4c242d5b","source":"otx","category":"threat-intel","severity":"medium","title":"Operation FlutterBridge: The FlutterShell macOS Backdoor","description":"FlutterShell is a macOS backdoor campaign active from December 2025 to March 2026, identified as cluster CL-CRI-1089 under Operation FlutterBridge. The threat actors deliberately misused the Flutter framework to deliver malware through malvertising campaigns on Google and YouTube. The malware employ…","indicators":{"cves":[],"ips":[],"domains":["atsheisdomestic.org","etoftheappyrince.org","healightejustb.org","sinterfumesco.com","event.process.name","event.process.parent.name"],"urls":["https://atsheisdomestic.org/update-thanks.html","https://atsheisdomestic.org/api/podcasts","https://atsheisdomestic.org/api/subscribe","https://atsheisdomestic.org/api/update-delay","https://etoftheappyrince.org","https://etoftheappyrince.org/...","https://etoftheappyrince.org/api/pdfs","https://etoftheappyrince.org/api/update-delay","https://etoftheappyrince.org/summarize-text","https://etoftheappyrince.org/update-thanks.html","https://healightejustb.org/api/central-config","https://healightejustb.org/checkForNewVersion","https://healightejustb.org/summarize-text","https://healightejustb.org/welcome_page.html","https://healightejustb.org/welcome_page.js"],"hashes":{"md5":"ffd773f157df70291f0910a45a1d8d9a","sha1":"bb1e6e2650d3d77d732c5eb5176011f914dd87df","sha256":"fc091ddb4d845280aeb7745cfdb6b7cb0013abc35db9e634f055b8e8fb0b5b1e"}},"tags":["browser hijacking","operation flutterbridge","certificate rotation","dart obfuscation","macos backdoor","flutter framework abuse","fluttershell","c2-conditional payload","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T00:03:22.071Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a34874a01c1f77a4c242d5b","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a34874a45b9c09ee90c0aff","source":"otx","category":"threat-intel","severity":"medium","title":"OXLOADER: new loader evading detection to drop infostealer","description":"A previously undocumented Windows loader designated as OXLOADER delivers the CASTLESTEALER infostealer through malicious Google Ads campaigns, achieving remarkably low detection rates. The loader employs multiple obfuscation layers including control-flow flattening, opaque predicates, and mixed Bool…","indicators":{"cves":[],"ips":[],"domains":["node-js.prentiva99.info"],"urls":["http://app.miloyannopoulos.com/download","http://app.miloyannopoulos.com/download?subid1=download","http://link.storjshare.io/raw/jux4e4ky5mruo4jkxsssp42sau4q/ruslan/BATPackageBuilderSetup.bat","http://link.storjshare.io/raw/jwwvr4oskkkjsgevt774ta62ehya/ruslan/aBsvwbdas.exe","https://link.storjshare.io/raw/jv5uebuqwzfpmtahj34q753ptykq/node/BATPackageBulderSetup.bat","https://link.storjshare.io/raw/jvsmdybqmvwep2oawbobp6ub7aza/node/node-v24.15.0-x64-86.exe"],"hashes":{"md5":"956c6128e9362e075f8d006c93616a66","sha1":"1591ab9bf31f3e22555dd2320d9ab386d8f3a4b8","sha256":"fdfc7831e5c24cfa80152860dfe8c056ba079f7df1393bf6bb7b18ed974eda37"}},"tags":["oxloader","donutloader","reloc section abuse","malvertising","obfuscation","anti-vm","google ads","castlestealer","russian-speaking actor","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T00:03:22.815Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a34874a45b9c09ee90c0aff","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a340681b8799a4a3ef56500","source":"otx","category":"threat-intel","severity":"medium","title":"May 2026 Infostealer Trend Report","description":"This analysis covers infostealer distribution trends observed during May 2026, based on automated collection systems and diagnostic logs. Distribution occurred primarily through illegal software disguised as cracks and keygens, as well as email campaigns. ACRStealer, Remus, and LummaC2 were most pre…","indicators":{"cves":[],"ips":[],"domains":["comples.biz","dafkov.shop","ciuzdaw.shop","ablackb.shop","cloxaa.shop"],"urls":[],"hashes":{"md5":"0b8a891324d65f3d9e08dd04980cb66e","sha1":"b7b5b80706f24bc065203080938ec1893170502f","sha256":"74877ea7d1112b1f7e6949815c81c5083b739adf3d5322dd480abe93c0657656"}},"tags":["credential theft","agenttesla","infostealer","vidar","darkcloud","lummac2","clickfix","remus","dll side-loading","acrstealer","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:53:53.616Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a340681b8799a4a3ef56500","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a33c3eeab85c6e12893a90e","source":"otx","category":"threat-intel","severity":"medium","title":"Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign","description":"Cybercriminals orchestrated a sophisticated malvertising operation leveraging Google Ads to impersonate popular AI developer tools including Claude AI, ChatGPT Codex, Perplexity, Cursor IDE, and JetBrains. Over seven weeks spanning April to June 2026, attackers deployed 106 unique malicious hostname…","indicators":{"cves":[],"ips":[],"domains":["jerryshvac.com","customroofingcontractors.com","a2abotnet.com","claude-code.official-version.com","isgilan.com","plirepsijr74.com","thnikagent.com","babulikinet.com","loserrq0j1sha8.com","bernasibutuwqu2.com","briskinternet.com","touristprogram.com","homeinspectionnaperville.com","yoauction.com","alabamarecoverycenter.com","5x5web.com","bewqslkslikrtjinfg9.com","oaklandwaterdamage.com","peowqlauoshau8.com","20claude.ai"],"urls":["https://loserrq0j1sha8.com/debug/loader.sh?build=a39427f9d5bfda11277f1a58c89b7c2d"],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["gitlab pages abuse","macsync","ai impersonation","macsync infostealer","social engineering","apac targeting","google ads abuse","clickfix","malvertising","phishing","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T10:09:50.681Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a33c3eeab85c6e12893a90e","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a33c3f0081d62e3b09eaf65","source":"otx","category":"threat-intel","severity":"medium","title":"GitBait: Phishing targeting the Mexican financial sector","description":"A sophisticated, modular phishing infrastructure has been identified targeting at least 12 Mexican financial institutions over a three-year period. The operation leverages GitHub Pages for hosting and SheetBest API for credential exfiltration, eliminating the need for dedicated backend infrastructur…","indicators":{"cves":[],"ips":[],"domains":[],"urls":["https://api.sheetbest.com/sheets/0e2a1336-e971-496f-9eb2-cd8dcd25565c","https://api.sheetbest.com/sheets/47edba58-31f7-41e6-af18-31c77046dee1","https://api.sheetbest.com/sheets/578ad828-fc67-4447-9182-197f92c1f302","https://api.sheetbest.com/sheets/db4a7782-bc66-4a99-875b-ede99744f3fe","https://api.sheetbest.com/sheets/f2958fbe-cdd7-4796-a4e4-19539d759a9f","https://api.sheetbest.com/sheets/fe9f1e2d-16c9-4d92-9bdf-8425921ac073"],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["credential harvesting","sheetbest api","financial fraud","phishing kit","github pages abuse","serverless infrastructure","mexican banking","gitbait","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T10:09:52.842Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a33c3f0081d62e3b09eaf65","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a33628e05ab2c2a8cced854","source":"otx","category":"threat-intel","severity":"medium","title":"Klue Integration Abused in Salesforce Data Theft | Threat Spotlight","description":"In June 2026, a compromised Klue competitive-intelligence platform integration was exploited to exfiltrate customer relationship management data from enterprise Salesforce environments. Attackers authenticated through compromised Klue service accounts, generated OAuth tokens, and executed automated…","indicators":{"cves":[],"ips":["212.86.125.24","94.154.32.160"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["salesforce","unc6395","oauth abuse","api exfiltration","third-party integration","klue integration","shinyhunters","crm data theft"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T03:14:22.763Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a33628e05ab2c2a8cced854","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a332459370e15b403bb6a4e","source":"otx","category":"threat-intel","severity":"medium","title":"Invisible Sting: Over 4000 Outdated Routers Compromised by AryStinger, Becoming Global Attack Springboards for Hackers","description":"AryStinger is a sophisticated botnet targeting legacy routers based on RTL819X chipsets and NAS devices through vulnerabilities disclosed over a decade ago, including CVE-2013-3307, CVE-2016-5681, and CVE-2025-11837. The malware exists in two versions: a C-based RTL819X variant for resource-constrai…","indicators":{"cves":["CVE-2016-5681","CVE-2013-3307","CVE-2025-11837"],"ips":[],"domains":["opi7.com","dybic.ajb8.com","eixfi.ajb8.com","hgodpcx.ajb8.com","hgodpcx.auq8.com","io.ary2.com","sdkv1.dataexplore.cc","sdkv1.dataexplore.co","xonice.ahb8.com","xook.ajb8.com"],"urls":["http://eixfi.ajb8.com","http://hgodpcx.ajb8.com","http://hgodpcx.ajb8.com/prod/RTL819X/","http://opi7.com","http://xonice.ahb8.com","http://xook.ajb8.com","https://dybic.ajb8.com","https://hgodpcx.ajb8.com/n","https://hgodpcx.ajb8.com/prod/RTL819X/","https://hgodpcx.ajb8.com/prod/standard/","https://hgodpcx.auq8.com/t","https://sdkv1.dataexplore.cc","https://sdkv1.dataexplore.co"],"hashes":{"md5":"fffcbd0ac2cb545496890f50395181ff","sha1":null,"sha256":null}},"tags":["cve-2013-3307","legacy routers","arystinger","distributed scanning","rtl819x","traffic tunneling","cve-2025-11837","subdomain enumeration","reconnaissance infrastructure","botnet","cve-2016-5681","dropbear backdoor","d-link"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T22:48:57.476Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a332459370e15b403bb6a4e","label":"OTX Pulse","domainType":"primary"},{"url":"https://otx.alienvault.com/pulse/6a32e3c65eeef62d1606b638","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a33628ba6068a0dfc61732a","source":"otx","category":"threat-intel","severity":"medium","title":"Crypto Clipper uses Tor and worm-like propagation for persistence and control","description":"A Windows-based cryptocurrency clipper has been actively targeting users since February 2026, employing sophisticated techniques to steal digital assets. The malware propagates through malicious shortcut files on USB devices, creating a worm-like infection chain. Once deployed, it utilizes Windows S…","indicators":{"cves":[],"ips":[],"domains":["facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion","ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion","cgky6bn6ux5wvlybtmm3z255igt52ljml2ngnc5qp3cnw5jlglamisad.onion","he5vnov645txpcv57el2theky2elesn24ebvgwfoewlpftksxp4fnxad.onion","shinypogk4jjniry5qi7247tznop6mxdrdte2k6pdu5cyo43vdzmrwid.onion","7goms4byw26kkbaanz5a5u5234gusot7rp5imzc3ozh66wwcvmcudjid.onion","gfoqsewps57xcyxoedle2gd53o6jne6y5nq5eh25muksqwzutzq7b3ad.onion","j3bv7g27oramhbxxuv6gl3dcyfmf44qnvju3offdyrap7hurfprq74qd.onion","lyhizqy2js2eh6ufngkbzntouiikdek5zsdj3qwa22b4z6knpqorgiad.onion","wt26llpl5k6gok3vnaxmucwgzv2wk3l7nuibbh25clghrtus3p5ctsid.onion"],"urls":[],"hashes":{"md5":"03b51af0a04467cebfa235199db4c02e","sha1":"bbe05d2f2487ed09e1062111fd448822364a44a7","sha256":"f3b54984caca95fd496bcfe5d7db1611b08d2f5b7d250b43b430e5d76393f9e0"}},"tags":["screenshot exfiltration","seed phrase stealing","cryptocurrency clipper","cryptobandits","clipboard hijacking","remote code execution","tor proxy","contebrew","wallet theft","usb worm","botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T03:14:19.500Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a33628ba6068a0dfc61732a","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a338520dd8f528ed63d76f0","source":"otx","category":"threat-intel","severity":"medium","title":"From package to postinstall payload: Inside the Mastra npm supply chain compromise","description":"Microsoft Threat Intelligence discovered a large-scale npm supply chain attack compromising over 140 packages in the mastra and @mastra scopes. The attack originated from takeover of the ehindero npm maintainer account, which published poisoned package versions introducing easy-day-js, a malicious t…","indicators":{"cves":[],"ips":[],"domains":[],"urls":["https://23.254.164.92:8000/update/49890878"],"hashes":{"md5":null,"sha1":null,"sha256":"b73de25c053c3225a077738a1fcbd9ca6966d7b3cd6f5494a30f0aa0eae55c7e"}},"tags":["supply-chain-attack","typosquatting","credential-theft","npm","account-takeover","easy-day-js","cryptocurrency-clipper","postinstall-hook","botnet","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T05:41:52.250Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a338520dd8f528ed63d76f0","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a32a359d57a0d5d5999e35f","source":"otx","category":"threat-intel","severity":"medium","title":"140+ npm Packages Compromised in Coordinated Supply Chain Attack","description":"More than 140 Mastra npm packages were compromised through a supply chain attack that injected a typosquatted dependency called easy-day-js. A single npm account published malicious versions within a short timeframe, affecting packages including @mastra/core with over 918K weekly downloads. The atta…","indicators":{"cves":[],"ips":[],"domains":["hwsrv-1327785.hostwindsdns.com","hwsrv-1327786.hostwindsdns.com"],"urls":["https://23.254.164.92:8000/update/49890878","https://23.254.164.92:8000/update/49890878'"],"hashes":{"md5":null,"sha1":null,"sha256":"cdec8b20338beb708b5be8d3d7a3041a35a8b0fb92f9186262f312d55ff82066"}},"tags":["infostealer","persistence mechanism","easy-day-js","supply chain attack","cryptocurrency theft","postinstall hook","typosquatting","cross-platform stealer","npm packages","botnet","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T13:38:33.443Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a32a359d57a0d5d5999e35f","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a31dfc08e2c3f8e5019ab67","source":"otx","category":"threat-intel","severity":"medium","title":"Bluekit Phishing as a Service (PhaaS)","description":"BlueKit operates as a mature commercial Phishing-as-a-Service platform offering 87 ready-made phishing kits targeting banks, cloud services, cryptocurrency exchanges, and global brands. The platform features subscription-based access, automated account takeover capabilities, peer-to-peer infrastruct…","indicators":{"cves":[],"ips":[],"domains":["bluekit.cc","bluekit.pk","bluekit.su","bluekit.ws","bluekitsmi6sd5mjurh3l7n7oeizbedoe2hw2lsljtb5nbxiul6hzkqd.onion"],"urls":[],"hashes":{"md5":"2f08ce5a60ec42ffaaac5c46ba18bac8","sha1":null,"sha256":null}},"tags":["peer-to-peer-infrastructure","anti-detection","session-hijacking","automated-workflows","phishing-as-a-service","cryptocurrency-theft","account-takeover","credential-harvesting","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T23:44:00.424Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a31dfc08e2c3f8e5019ab67","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a315d670f9460fe003298a8","source":"otx","category":"threat-intel","severity":"medium","title":"Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack","description":"A ClickFix social engineering attack on an unmonitored endpoint led to a multi-stage intrusion affecting over 11 hosts. The infection chain began with a malicious HTA payload that silently installed an MSI package containing Potemkin, a custom loader with a deterministic DGA. Potemkin delivered RMMP…","indicators":{"cves":[],"ips":["77.110.122.58","213.165.41.26"],"domains":["resumeacceptable.com","cl.distritovagas.com","sonra.eutialyson.com","pestrear-lamp.xyz","anus-staylard.xyz","fair-bath-fond.xyz","rule-bead-dust.xyz","uglyshop-mare.xyz"],"urls":["http://sonra.eutialyson.com/inst24.msi","https://cl.distritovagas.com/hte.hta","http://77.110.122.58:23205/cons_1.0.1.msi","http://77.110.122.58:23205/lQhEQui9a4lZ.exe","http://77.110.122.58:23205/lQhEQui9a4lZ.exe'","http://77.110.122.58:44479/bjxxUmG8K3uy.ps1","https://resumeacceptable.com"],"hashes":{"md5":"d37cc44db90a65341263deb162024447","sha1":"4537b37b65e9dc35640d750f3fa7f4944534f6b1","sha256":"cd4e5e2c65b1660470d3446539ee68adf5faeece3eaeb46583623be9911ee145"}},"tags":["rmmproject","blockchain c2","chisel","etherrat","credential theft","clickfix","dga","lateral movement","hidden desktop","potemkin","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:27:51.719Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a315d670f9460fe003298a8","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a315d684f0c09972ddea652","source":"otx","category":"threat-intel","severity":"medium","title":"Android Banker with Complete Device Takeover Capabilities","description":"A newly identified Android banking trojan named Rokarolla has been discovered, distributed through malicious websites masquerading as popular applications like TikTok or Google Chrome. The malware targets 217 distinct cryptocurrency and banking applications using 137 sophisticated commands for devic…","indicators":{"cves":[],"ips":[],"domains":["morevoms.cfd","abiorime.cfd","blestorians.cfd","beralisvc.info"],"urls":["https://abiorime.cfd","https://beralisvc.info","https://blestorians.cfd","https://morevoms.cfd"],"hashes":{"md5":"fefec424a52e88ef72e707c1f401df01","sha1":"e8daa78dca3287b2dd5ebb2ad1c202e869d1eed9","sha256":"fe41e6c1725f63582f022a17abe098e49338a78118a00ca87785b2fa0cf3dadf"}},"tags":["rokarolla","cryptocurrency theft","overlay attacks","banking credentials","accessibility abuse","sms hijacking","android trojan","keylogger","ransomware","botnet","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:27:52.275Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a315d684f0c09972ddea652","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a30df4495796498a192312a","source":"otx","category":"threat-intel","severity":"medium","title":"Investigation of email-based attack delivering MediaFire ZIP file with execution chain analysis","description":"An investigation revealed a malicious email campaign directing victims to download a ZIP file from MediaFire. The infection chain began with a Python setup executable (Setu.exe) that side-loaded a malicious 400 MB python37.dll containing repeated byte padding. The DLL performed process injection int…","indicators":{"cves":[],"ips":["138.124.186.2","185.76.243.85"],"domains":["bsc.blockrazor.xyz","xn--fiqq24b9hejs1c.clickvector.tech"],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["mediafire","netsupport rmm","dll hijacking","scheduled task persistence","remote access","email delivery","python side-loading","process injection","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T05:29:40.423Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a30df4495796498a192312a","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a30537886784fbb90bd4a5b","source":"otx","category":"threat-intel","severity":"medium","title":"How attackers are jailbreaking LLMs with CTF framing and how to catch them","description":"Threat actors are bypassing AI model safety guardrails by framing exploit requests as legitimate security research, such as capture-the-flag challenges or CVE-hunting exercises. This technique manipulates upstream LLMs into generating working exploit code that attackers deploy against real targets.…","indicators":{"cves":["CVE-2026-0770","CVE-2026-33017","CVE-2026-39987","CVE-2026-42208","CVE-2026-40281","CVE-2026-42271","CVE-2026-44336","CVE-2026-44694","CVE-2026-42589","CVE-2026-45331","CVE-2026-45672","CVE-2026-45301","CVE-2026-47391"],"ips":["103.142.140.238","212.107.30.69","115.171.80.253","103.142.140.246","38.181.81.164","68.77.201.89"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["cve-2026-39987","cve-2026-45397","cve-2026-42271","cve-2026-42302","cve exploitation","cve-2026-42266","cve-2026-45301","cve-2026-42208","llm jailbreaking","ai platform targeting","cve-2026-42589","cve-2026-44694","cve-2026-33017","cve-2026-45672","cve-2026-45331","cve-2026-44336","prompt injection","cve-2026-40281","cve-2026-47391","credential harvesting","rce campaigns","ai agent exploitation","ctf framing","phishing","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T19:33:12.547Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a30537886784fbb90bd4a5b","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-6a311c5582f3c51d5631d979","source":"otx","category":"threat-intel","severity":"medium","title":"Gamers beware: malicious wallpapers on Steam found stealing accounts","description":"Since late 2025, cybercriminals have been exploiting Wallpaper Engine, a popular live wallpaper application on Steam, to distribute malware through Steam Workshop. Attackers target primarily Chinese and Russian gamers by embedding malicious code within application wallpapers shared on the platform.…","indicators":{"cves":[],"ips":["120.48.156.17","202.144.192.29"],"domains":[],"urls":["https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1","https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download","http://202.144.192.29/download2/Themes2.zip","http://202.144.192.29/audit.php","http://brightly.to/download2/Themes2.zip"],"hashes":{"md5":"ded08ae5df7f1b12e5fdb767dbbed0b1","sha1":"59868381885b33f6c8809cd3d945da7d167439a3","sha256":"fc586cad94e5a10dd5be6a6ae6096bd02dfbfd094365bec87e788ed0798d6f67"}},"tags":["account hijacking","vidar","wallpaper engine","infostealer","steam workshop","lumma","gaming platform","renengine","credential theft","darkkomet","crypto miner","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T09:50:13.037Z","fetchedAt":"2026-06-22T03:00:01.245Z","references":[{"url":"https://otx.alienvault.com/pulse/6a311c5582f3c51d5631d979","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-webinar-how-attackers-bypass-mfa-and-how-defenders-can-respond","source":"general-news","category":"news","severity":"medium","title":"Webinar: How attackers bypass MFA and how defenders can respond","description":"Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. [...…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T12:12:20.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/webinar-how-attackers-bypass-mfa-and-how-defenders-can-respond/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-crypto-clipper-campaign-abuses-fake-reviews-ai-narrators-and-virustotal-comments","source":"general-news","category":"news","severity":"medium","title":"Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments","description":"An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research.\n\nThe threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub,…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T18:14:24.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/crypto-clipper-campaign-abuses-fake.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-fake-microsoft-alerts-used-to-deploy-north-korean-narwhalrat-malware","source":"general-news","category":"news","severity":"medium","title":"Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware","description":"The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new malware called NarwhalRAT.\n\n\"The attack email contained a message impersonating an MS account security…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T08:14:55.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/fake-microsoft-alerts-used-to-deploy.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-north-korean-hackers-are-turning-developer-tools-into-malware-delivery-channels","source":"general-news","category":"news","severity":"medium","title":"North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels","description":"Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi).\n\nAccording to a report published by Proofpoint, the threat actor has b…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T19:32:52.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-one-click-microsoft-365-copilot-flaw-could-have-let-attackers-steal-emails-files","source":"general-news","category":"news","severity":"medium","title":"One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes","description":"A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.\n\nResearchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link poin…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T15:09:05.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-sweeping-credential-harvesting-heist-compromises-30k-fortinet-devices","source":"general-news","category":"news","severity":"medium","title":"Sweeping Credential-Harvesting Heist Compromises 30K+ Fortinet Devices","description":"Attackers are actively targeting various sectors across nearly 200 countries and already have compiled a list of working credentials for tens of thousands of compromised devices.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T14:06:34.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/sweeping-credential-harvesting-heist-compromises-30k-fortinet-devices","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-the-beginning-of-the-end-of-social-engineering","source":"general-news","category":"news","severity":"medium","title":"The Beginning of the End of Social Engineering","description":"AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T15:08:32.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/beginning-end-social-engineering","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-serverless-phishing-kit-on-github-targets-mexican-banks","source":"general-news","category":"news","severity":"medium","title":"Serverless Phishing Kit on GitHub Targets Mexican Banks","description":"GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/gitbait-github-pages-sheetbest/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"cisa-adv-cisa-adds-one-known-exploited-vulnerability-to-catalog","source":"cisa-advisories","category":"advisory","severity":"unknown","title":"CISA Adds One Known Exploited Vulnerability to Catalog","description":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nCVE-2026-20253 Splunk Enterprise Missing Authentication for Critical Function Vulnerability\nThis type of vulnerability is a frequent attack vector for malicious cyber…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-adds-one-known-exploited-vulnerability-catalog","label":"CISA Advisory","domainType":"primary"},{"url":"https://www.cisa.gov/news-events/alerts/2026/06/16/cisa-adds-one-known-exploited-vulnerability-catalog","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-cisa-adds-two-known-exploited-vulnerabilities-to-catalog","source":"cisa-advisories","category":"advisory","severity":"unknown","title":"CISA Adds Two Known Exploited Vulnerabilities to Catalog","description":"CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nCVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability\nCVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T12:00:00.000Z","fetchedAt":"2026-06-22T03:00:00.188Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/06/15/cisa-adds-two-known-exploited-vulnerabilities-catalog","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-5791-users-root-appended-to-group-listings","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-5791 Users: `root` appended to group listings","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:40:10.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5791","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-4574-crossbeam-channel-crossbeam-channel-vulnerable-to-double-free-on-d","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:39:58.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-4574","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45445-aes-ocb-iv-ignored-on-evp-cipher-path","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:40:55.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45445","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-34183-unbounded-memory-growth-in-the-quic-path-challenge-handler","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:41:20.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34183","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-7383-possible-heap-buffer-overflow-in-asn-1-multibyte-string-conversion","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:43:24.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7383","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-42768-multi-recipientinfo-bleichenbacher-oracle-in-cms-decrypt-and-pkcs","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:41:45.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42768","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-9076-out-of-bounds-read-in-cms-password-based-decryption","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:42:01.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9076","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45446-incorrect-tag-processing-for-empty-messages-in-aes-gcm-siv-and-ae","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:42:18.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45446","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-42766-possible-null-dereference-in-password-based-cms-decryption","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:42:43.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42766","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-42767-null-pointer-dereference-in-crmf-encryptedvalue-decryption","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:43:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42767","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-34180-heap-buffer-over-read-in-asn-1-content-parsing","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:43:31.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34180","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-44967-opentelemetry-cpp-otlp-http-exporters-read-unbounded-http-respons","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:43:49.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44967","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-46331-net-sched-fix-pedit-partial-cow-leading-to-page-cache-corruption","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T08:43:41.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46331","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45485-microsoft-office-information-disclosure-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45485","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44821","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45460","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45466-microsoft-word-information-disclosure-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45466","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45649-office-for-android-spoofing-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45649 Office for Android Spoofing Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45649","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-44822-microsoft-excel-information-disclosure-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44822","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45455","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45459-microsoft-excel-security-feature-bypass-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability","description":"Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45459","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12439-use-after-free-in-digital-credentials","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12439 Use after free in Digital Credentials","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12439","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12440-use-after-free-in-digitalcredentials","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12440 Use after free in DigitalCredentials","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12440","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12451","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12445-use-after-free-in-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12445 Use after free in Extensions","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12445","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12467","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11653","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12446-insufficient-data-validation-in-passwords","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12446 Insufficient data validation in Passwords","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12446","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12441-use-after-free-in-file-input","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12441 Use after free in File Input","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12441","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11630","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12447-heap-buffer-overflow-in-webrtc","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12447 Heap buffer overflow in WebRTC","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12447","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12466","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12443-use-after-free-in-web-authentication","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12443 Use after free in Web Authentication","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12443","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12452-use-after-free-in-downloads","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12452 Use after free in Downloads","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12452","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12453-insufficient-validation-of-untrusted-input-in-input","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12453 Insufficient validation of untrusted input in Input","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12453","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11667","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12455-use-after-free-in-tab-strip","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12455 Use after free in Tab Strip","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12455","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12456-insufficient-validation-of-untrusted-input-in-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12456","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11659","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11654","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12458-incorrect-security-ui-in-passwords","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12458 Incorrect security UI in Passwords","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12458","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12457-insufficient-data-validation-in-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12457 Insufficient data validation in Extensions","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12457","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12459-inappropriate-implementation-in-serial","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12459 Inappropriate implementation in Serial","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12459","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12460-insufficient-policy-enforcement-in-file-system-access","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12460","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12462-use-after-free-in-media","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12462 Use after free in Media","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12462","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11681","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12464-use-after-free-in-browser","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12464 Use after free in Browser","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12464","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12463-inappropriate-implementation-in-views","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12463 Inappropriate implementation in Views","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12463","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12465-insufficient-validation-of-untrusted-input-in-metrics","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12465","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12454-race-in-safe-browsing","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12454 Race in Safe Browsing","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12454","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12468-inappropriate-implementation-in-updater","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12468 Inappropriate implementation in Updater","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12468","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12449-use-after-free-in-chromoting","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12449 Use after free in Chromoting","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12449","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12444-out-of-bounds-read-in-chromoting","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12444 Out of bounds read in Chromoting","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12444","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12437-use-after-free-in-webshare","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12437 Use after free in WebShare","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12437","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12461-out-of-bounds-read-in-webrtc","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12461 Out of bounds read in WebRTC","description":"Corrected CVE title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12461","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11668","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-42903-windows-kerberos-denial-of-service-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability","description":"Updated an acknowledgement. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42903","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12439-use-after-free-in-digital-credentials","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12439 Use after free in Digital Credentials","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:19.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12439","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12440-use-after-free-in-digitalcredentials","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12440 Use after free in DigitalCredentials","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:22.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12440","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12451","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12445-use-after-free-in-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12445 Use after free in Extensions","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:26.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12445","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12467","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12446-insufficient-data-validation-in-passwords","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12446 Insufficient data validation in Passwords","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:27.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12446","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12441-use-after-free-in-file-input","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12441 Use after free in File Input","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:24.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12441","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12447-heap-buffer-overflow-in-webrtc","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12447 Heap buffer overflow in WebRTC","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:29.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12447","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12466","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12443-use-after-free-in-web-authentication","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12443 Use after free in Web Authentication","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:25.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12443","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12452-use-after-free-in-downloads","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12452 Use after free in Downloads","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:31.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12452","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12453-insufficient-validation-of-untrusted-input-in-input","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12453 Insufficient validation of untrusted input in Input","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:33.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12453","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12455-use-after-free-in-tab-strip","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12455 Use after free in Tab Strip","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:34.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12455","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12456-insufficient-validation-of-untrusted-input-in-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12456 Insufficient validation of untrusted input in Extensions","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:36.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12456","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12458-incorrect-security-ui-in-passwords","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12458 Incorrect security UI in Passwords","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:38.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12458","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12457-insufficient-data-validation-in-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12457 Insufficient data validation in Extensions","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:37.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12457","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12459-inappropriate-implementation-in-serial","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12459 Inappropriate implementation in Serial","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:39.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12459","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12460-insufficient-policy-enforcement-in-file-system-access","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12460 Insufficient policy enforcement in File System Access","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:40.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12460","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12462-use-after-free-in-media","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12462 Use after free in Media","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:42.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12462","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12464-use-after-free-in-browser","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12464 Use after free in Browser","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:44.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12464","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12463-inappropriate-implementation-in-views","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12463 Inappropriate implementation in Views","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:43.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12463","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12465-insufficient-validation-of-untrusted-input-in-metrics","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12465 Insufficient validation of untrusted input in Metrics","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:46.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12465","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12454-race-in-safe-browsing","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12454 Race in Safe Browsing","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:50.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12454","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12468-inappropriate-implementation-in-updater","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12468 Inappropriate implementation in Updater","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:52.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12468","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12449-use-after-free-in-chromoting","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12449 Use after free in Chromoting","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:56.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12449","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12444-out-of-bounds-read-in-chromoting","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12444 Out of bounds read in Chromoting","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:55.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12444","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12437-use-after-free-in-webshare","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12437 Use after free in WebShare","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:53.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12437","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12461-out-of-bounds-read-in-webrtc","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12461 Out of bounds read in WebRTC","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:52:57.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12461","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-24289-windows-kernel-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24289","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32177-net-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32177 .NET Elevation of Privilege Vulnerability","description":"Removed incorrectly added rows from the Security Updates table.  This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-6965-integer-truncation-on-sqlite","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-6965 Integer Truncation on SQLite","description":"Added Visual Studio software to the Security Updates table.  Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6965","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-8376-perl-versions-through-5-43-10-have-a-heap-buffer-overflow-when-com","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:40:20.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8376","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-48914-qemu-kvm-heap-buffer-overflow-in-virtio-blk-scsi-request-handling","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:43:42.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48914","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-42014-gnutls-fix-use-after-free-in-gnutls-pkcs11-token-set-pin","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:01:29.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42014","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-53689","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-53689 ","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:01:36.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53689","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-12087-socket-versions-before-2-041-for-perl-have-an-out-of-bounds-heap-","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:01:42.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12087","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-9669-bz2-bz2decompressor-reuse-after-error-can-cause-a-stack-buffer-ove","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:01:47.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9669","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-43966-http-response-splitting-via-non-vchar-bytes-in-cow-http-struct-hd","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:01:53.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43966","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-10275-opensc-pkcs11-tool-key-generation-pkcs11-tool-c-test-kpgen-certwr","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:40:27.000Z","fetchedAt":"2026-06-22T03:00:09.879Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10275","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-47633-microsoft-cost-management-information-disclosure-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability","description":"Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47633","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32208-microsoft-edge-chromium-based-spoofing-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32208","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32174-azure-bot-service-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability","description":"Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32174","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45480-azure-active-directory-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability","description":"Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45480","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-42895-microsoft-copilot-tampering-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-42895 Microsoft Copilot Tampering Vulnerability","description":"Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42895","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-54130-m365-copilot-information-disclosure-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability","description":"Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54130","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-47647-dynamics-365-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability","description":"Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47647","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-48584-microsoft-azure-synapse-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability","description":"Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48584","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-48582-microsoft-exchange-online-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability","description":"Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48582","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-47645-microsoft-365-copilot-s-business-chat-elevation-of-privilege-vuln","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability","description":"Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47645","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-47646-dynamics-365-customer-voice-spoofing-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47646","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-71073-input-lkkbd-disable-pending-work-before-freeing-device","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-71073 Input: lkkbd - disable pending work before freeing device","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:48:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71073","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-71072-shmem-fix-recovery-on-rename-failures","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-71072 shmem: fix recovery on rename failures","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:48:17.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71072","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-28387-potential-use-after-free-in-dane-client-code","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-28387 Potential Use-after-free in DANE Client Code","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:50:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28387","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-43308-btrfs-don-t-bug-on-unexpected-delayed-ref-type-in-run-one-delayed","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:48:34.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43308","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-25681-invoking-incorrect-handling-of-character-references-in-doctype-no","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-25681 Invoking  incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:40:41.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25681","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-25680-invoking-denial-of-service-when-parsing-arbitrary-html-in-golang-","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:40:25.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25680","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45447-heap-use-after-free-in-the-pkcs7-verify-function","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:41:13.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45447","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-48854-unbounded-request-body-accumulation-causes-memory-exhaustion-in-e","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:01:50.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48854","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-46292-pmdomain-core-fix-detach-procedure-for-virtual-devices-in-genpd","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:49:51.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46292","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-46274-io-wq-check-that-the-predecessor-is-hashed-in-io-wq-remove-pendin","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:50:04.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46274","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-46291-crypto-caam-guard-hmac-key-hex-dumps-in-hash-digest-key","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:50:14.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46291","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-46293-clk-microchip-mpfs-ccc-fix-out-of-bounds-access-during-output-reg","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:50:27.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46293","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-34182-cms-authenvelopeddata-processing-may-accept-forged-messages","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T08:41:57.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34182","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-47636-microsoft-sharepoint-server-spoofing-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47636","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-42828-windows-projected-file-system-elevation-of-privilege-vulnerabilit","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42828","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-40371-microsoft-dynamics-365-on-premises-elevation-of-privilege-vulnera","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability","description":"Updated the fixed version information and download link. The fix was previously believed to be included in Dynamics 365 Server (on-premises) version 6.2; however, it has been confirmed that the fix is included in Dynamics 365 Server v9.1 (on-premises) Update 1.45 (version 9.1.0045.0011). The downloa…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40371","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-45602-windows-dynamic-host-configuration-protocol-dhcp-tampering-vulner","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability","description":"Updated CWE value.  This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45602","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-50656-microsoft-defender-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability","description":"Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as \"RoguePlanet \". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-42915-microsoft-windows-vmswitch-denial-of-service-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability","description":"Corrected the CVE description and title. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:00:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42915","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-54411-linux-pam-through-1-7-2-contains-an-observable-timing-discrepancy","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T08:01:29.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54411","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12012-use-after-free-network","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12012 Use after free  Network","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:31.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12012","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12008-use-after-free-digitalcredentials","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12008 Use after free  DigitalCredentials","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:26.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12008","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12019-out-of-bounds-write-codecs","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12019 Out of bounds write  Codecs","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:40.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12019","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12016-insufficient-validation-of-untrusted-input-devtools","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12016 Insufficient validation of untrusted input  DevTools","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:36.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12016","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12015-use-after-free-autofill","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12015 Use after free  Autofill","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:35.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12015","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11628-use-after-free-in-ozone","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11628 Use after free in Ozone","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:29.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11628","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11629","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11682","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11631-use-after-free-in-aura","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11631 Use after free in Aura","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:34.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11631","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11632-use-after-free-in-tabstrip","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11632 Use after free in TabStrip","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:35.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11632","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11633-use-after-free-in-bluetooth","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11633 Use after free in Bluetooth","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:37.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11633","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11635","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11641","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11699","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11700","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11634-use-after-free-in-gamepad","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11634 Use after free in Gamepad","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:38.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11634","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11639-use-after-free-in-compositing","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11639 Use after free in Compositing","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:45.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11639","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11637-use-after-free-in-views","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11637 Use after free in Views","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:42.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11637","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11644","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11662","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11636-use-after-free-in-autofill","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11636 Use after free in Autofill","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:41.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11636","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11638-use-after-free-in-printing","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11638 Use after free in Printing","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:44.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11638","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11648","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11640-integer-overflow-in-libyuv","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11640 Integer overflow in libyuv","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:47.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11640","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11679","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11642-use-after-free-in-web-apps","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11642 Use after free in Web Apps","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:49.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11642","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11645-out-of-bounds-memory-access-in-v8","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11645 Out of bounds memory access in V8","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:53.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11645","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11643-use-after-free-in-proxy","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11643 Use after free in Proxy","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:50.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11643","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11646-use-after-free-in-viewtransitions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11646 Use after free in ViewTransitions","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:54.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11646","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11657-use-after-free-in-payments","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11657 Use after free in Payments","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:10.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11658","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11665","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11660-insufficient-validation-of-untrusted-input-in-new-tab-pa","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:15.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11661","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11692","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11659-insufficient-validation-of-untrusted-input-in-ui","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11659 Insufficient validation of untrusted input in UI","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:13.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11660","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11698","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11663-use-after-free-in-skia","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11663 Use after free in Skia","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:19.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11664","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11662-type-confusion-in-bindings","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11662 Type Confusion in Bindings","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:18.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11663","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11665-out-of-bounds-read-in-dawn","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11665 Out of bounds read in Dawn","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:22.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11666","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11668-uninitialized-use-in-codecs","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11668 Uninitialized Use in Codecs","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:26.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11669","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11669-integer-overflow-in-media","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11669 Integer overflow in Media","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:27.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11670","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11656","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11670-use-after-free-in-pdf","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11670 Use after free in PDF","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:28.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11671","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11671-use-after-free-in-navigation","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11671 Use after free in Navigation","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:30.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11672","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11672-out-of-bounds-write-in-gpu","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11672 Out of bounds write in GPU","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:31.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11673","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11673-use-after-free-in-interestgroups","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11673 Use after free in InterestGroups","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:32.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11674","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11675-insufficient-validation-of-untrusted-input-in-skia","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11675 Insufficient validation of untrusted input in Skia","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:35.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11676","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11674-use-after-free-in-guest-view","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11674 Use after free in Guest View","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:34.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11675","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11676-insufficient-validation-of-untrusted-input-in-dawn","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11676 Insufficient validation of untrusted input in Dawn","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:36.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11677","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11687","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11677-race-in-network","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11677 Race in Network","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:37.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11678","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11679-use-after-free-in-codecs","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11679 Use after free in Codecs","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:40.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11680","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11682-insufficient-validation-of-untrusted-input-in-views","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:44.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11683","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11683-use-after-free-in-webcodecs","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11683 Use after free in WebCodecs","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:45.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11684","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11684-insufficient-policy-enforcement-in-network","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11684 Insufficient policy enforcement in Network","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:46.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11685","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11687-use-after-free-in-dawn","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11687 Use after free in Dawn","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:50.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11688","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11688-object-lifecycle-issue-in-svg","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11688 Object lifecycle issue in SVG","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:52.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11689","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11685-insufficient-data-validation-in-mediacapture","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:48.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11686","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11689-insufficient-validation-of-untrusted-input-in-passwords","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:53.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11690","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11690-out-of-bounds-read-and-write-in-media","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11690 Out of bounds read and write in Media","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:54.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11691","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11692-use-after-free-in-read-anything","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11692 Use after free in Read Anything","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:57.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11693","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11693-inappropriate-implementation-in-plugins","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11693 Inappropriate implementation in Plugins","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:58.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11694","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11694-use-after-free-in-serviceworker","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11694 Use after free in ServiceWorker","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:59.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11695","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11657","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11695-inappropriate-implementation-in-passwords","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11695 Inappropriate implementation in Passwords","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:15:01.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11696","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11696-uninitialized-use-in-video","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11696 Uninitialized Use in Video","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:15:02.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11697","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11700-use-after-free-in-tracing","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11700 Use after free in Tracing","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:15:07.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11701","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12018-inappropriate-implementation-mojo","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12018 Inappropriate implementation  Mojo","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:38.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12018","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12007-use-after-free-core","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12007 Use after free  Core","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:24.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12007","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12017-insufficient-validation-of-untrusted-input-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12017 Insufficient validation of untrusted input  Extensions","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:37.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12017","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12014-use-after-free-cast","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12014 Use after free  Cast","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:33.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12014","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12013-use-after-free-media","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12013 Use after free  Media","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:32.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12013","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12010-heap-buffer-overflow-gpu","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12010 Heap buffer overflow  GPU","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:29.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12010","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12009-insufficient-validation-of-untrusted-input-accessibility","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12009 Insufficient validation of untrusted input  Accessibility","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:27.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12009","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11648-use-after-free-in-fullscreen","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11648 Use after free in FullScreen","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:57.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11649","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11651-use-after-free-in-network","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11651 Use after free in Network","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:01.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11652","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11649-use-after-free-in-v8","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11649 Use after free in V8","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:13:58.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11650","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11651","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-11654-use-after-free-in-cameracapture","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-11654 Use after free in CameraCapture","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T02:14:06.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11655","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-12011-use-after-free-webmidi","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-12011 Use after free  WebMIDI","description":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T14:00:30.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-12011","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-6429-netrc-credential-leak-with-reused-proxy-connection","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-6429 netrc credential leak with reused proxy connection","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T08:40:40.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6429","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5545-wrong-reuse-of-http-negotiate-connection","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5545 wrong reuse of HTTP Negotiate connection","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T08:40:49.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5545","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-6253-proxy-credentials-leak-over-redirect-to-proxy","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-6253 proxy credentials leak over redirect-to proxy","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T08:40:58.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6253","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-7774-tarfile-data-filter-path-traversal-bypass-allows-writing-outside-t","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T08:41:21.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7774","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-49762-unbounded-integer-parsing-in-the-version-module-enables-cpu-and-m","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T08:42:16.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49762","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-46433-lldpd-heap-oob-read-in-vlan-decapsulation-memmove","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T08:42:41.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46433","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-11526-gd-versions-before-2-86-for-perl-allow-os-command-injection-and-f","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T08:02:31.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11526","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-close-encounters-of-the-human-kind","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Close Encounters of the Human Kind","description":"In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off when you’re busy dealing with real life.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T18:00:24.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://blog.talosintelligence.com/close-encounters-of-the-human-kind/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-scripting-the-disassembler-local-agentic-reverse-engineering-through-vbdec-s-liv","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model","description":"Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through a live COM interface.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T10:00:05.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://blog.talosintelligence.com/scripting-the-disassembler/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-sd1775-flex-i-o-dual-port-ethernet-ip-adapters-multiple-vulnerabilities","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"SD1775 | FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities ","description":"CVE-2026-0646: CVSS v4.0 8.7, CVSS v3.1 7.5 | https://cveawg.mitre.org/api/cve/CVE-2026-0646CVE-2026-0647: CVSS v4.0 8.8, CVSS v3.1 9.4 | https://cveawg.mitre.org/api/cve/CVE-2026-0647Published Date: Tue Jun 16 14:14:00 UTC 2026","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T14:14:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html","label":"Rockwell Automation","domainType":"primary"}],"feedLabel":null},{"id":"vendor-sd1777-factorytalk-analytics-pavilionx-improper-api-authorization","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"SD1777 | FactoryTalk® Analytics™ PavilionX™ - Improper API Authorization","description":"CVE-2025-14272: CVSS v4.0 8.3, CVSS v3.1 7.0 | https://cveawg.mitre.org/api/cve/CVE-2025-14272Published Date: Tue Jun 16 13:48:00 UTC 2026","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T13:48:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1777.html","label":"Rockwell Automation","domainType":"primary"}],"feedLabel":null},{"id":"vendor-sd1773-factorytalk-historian-site-edition-multiple-vulnerabilities","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"SD1773 | FactoryTalk Historian Site Edition - Multiple Vulnerabilities","description":"CVE-2025-13036: CVSS v4.0 9.2, CVSS v3.1 7.7 | https://cveawg.mitre.org/api/cve/CVE-2025-13036CVE-2025-44019: CVSS v4.0 7.1, CVSS v3.1 7.1 | https://cveawg.mitre.org/api/cve/CVE-2025-44019CVE-2025-36539: CVSS v4.0 7.1, CVSS v3.1 6.5 | https://cveawg.mitre.org/api/cve/CVE-2025-36539Published Date: Tu…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T13:41:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html","label":"Rockwell Automation","domainType":"primary"}],"feedLabel":null},{"id":"vendor-sd1776-compactlogix-5370-controllers-multiple-vulnerabilities","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"SD1776 | CompactLogix 5370 Controllers – Multiple Vulnerabilities ","description":"CVE-2025-11694: CVSS v4.0 8.7, CVSS v3.1 7.5 | https://cveawg.mitre.org/api/cve/CVE-2025-11694CVE-2026-9307: CVSS v4.0 6.3, CVSS v3.1 5.3 | https://cveawg.mitre.org/api/cve/CVE-2026-9307Published Date: Tue Jun 16 13:27:00 UTC 2026","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T13:27:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html","label":"Rockwell Automation","domainType":"primary"}],"feedLabel":null},{"id":"vendor-sd1772-logix-5370-and-5570-controllers-vulnerable-to-denial-of-service-via-cip","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"SD1772 | Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP","description":"CVE-2026-11317: CVSS v4.0 8.7, CVSS v3.1 7.5 | https://cveawg.mitre.org/api/cve/CVE-2026-11317Published Date: Tue Jun 16 12:59:00 UTC 2026 | Last Updated Date: 2026-06-16T08:59:00.000-04:00","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T12:59:00.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html","label":"Rockwell Automation","domainType":"primary"}],"feedLabel":null},{"id":"vendor-ncsc-s-horne-warns-uk-infrastructure-under-sustained-cyber-pressure-from-russia-","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"NCSC’s Horne warns UK infrastructure under sustained cyber pressure from Russia, China and Iran; urges resilience","description":"The head of the U.K.’s National Cyber Security Centre (NCSC) warned that hostile states are driving the majority...\nThe post NCSC’s Horne warns UK infrastructure under sustained cyber pressure from Russia, China and Iran; urges resilience appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:21:40.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/critical-infrastructure/ncscs-horne-warns-uk-infrastructure-under-sustained-cyber-pressure-from-russia-china-and-iran-urges-resilience/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-manufacturing-cyber-threats-shift-toward-identity-driven-attacks-as-credential-l","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Manufacturing cyber threats shift toward identity-driven attacks as credential leaks and vishing surge, Doppel warns","description":"New data from Doppel identified that manufacturing remains one of the most heavily targeted sectors for cyberattacks, as...\nThe post Manufacturing cyber threats shift toward identity-driven attacks as credential leaks and vishing surge, Doppel warns appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T08:20:47.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/manufacturing/manufacturing-cyber-threats-shift-toward-identity-driven-attacks-as-credential-leaks-and-vishing-surge-doppel-warns/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-accenture-s-dragos-investment-marks-new-phase-for-ot-cybersecurity-in-critical-i","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Accenture’s Dragos investment marks new phase for OT cybersecurity in critical infrastructure","description":"Accenture announced on Thursday that it is acquiring a majority stake in Dragos at a $3.25 billion valuation,...\nThe post Accenture’s Dragos investment marks new phase for OT cybersecurity in critical infrastructure appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T06:48:29.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/critical-infrastructure/accentures-dragos-investment-marks-new-phase-for-ot-cybersecurity-in-critical-infrastructure/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-accenture-expands-ot-cybersecurity-capabilities-with-dragos-stake-acquires-runze","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Accenture expands OT cybersecurity capabilities with Dragos stake, acquires runZero and NetRise","description":"Building on its $10 billion cybersecurity business, Accenture is expanding its position with the acquisition of a majority...\nThe post Accenture expands OT cybersecurity capabilities with Dragos stake, acquires runZero and NetRise appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T12:09:27.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/news/accenture-expands-ot-cybersecurity-capabilities-with-dragos-stake-acquires-runzero-and-netrise/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-dispel-debuts-site-console-to-deliver-on-prem-zero-trust-remote-access-for-nerc-","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Dispel debuts Site Console to deliver on-prem zero trust remote access for NERC CIP-regulated OT environments","description":"Dispel announced general availability of Site Console, the Dispel Zero Trust Engine On-Prem dashboard — a fully local...\nThe post Dispel debuts Site Console to deliver on-prem zero trust remote access for NERC CIP-regulated OT environments appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T05:45:15.000Z","fetchedAt":"2026-06-22T03:00:09.880Z","references":[{"url":"https://industrialcyber.co/news/dispel-debuts-site-console-to-deliver-on-prem-zero-trust-remote-access-for-nerc-cip-regulated-ot-environments/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"news-klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack","source":"general-news","category":"news","severity":"unknown","title":"Klue OAuth breach victim list grows as Icarus hackers claim attack","description":"Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new \"Icarus\" extortion group publicly claims the attack. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T22:31:04.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin","source":"general-news","category":"news","severity":"unknown","title":"Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin","description":"Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T20:25:02.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-texas-govt-data-breach-exposes-over-3-million-driver-s-licenses","source":"general-news","category":"news","severity":"unknown","title":"Texas govt data breach exposes over 3 million driver’s licenses","description":"The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T16:12:41.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/texas-govt-data-breach-exposes-over-3-million-drivers-licenses/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-june-2026-windows-updates-break-recycle-bin-prompts","source":"general-news","category":"news","severity":"unknown","title":"Microsoft: June 2026 Windows updates break Recycle Bin prompts","description":"Microsoft has confirmed a confusing Windows bug that causes different filenames to appear in the confirmation dialog when deleting a file from the Recycle Bin. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T11:32:34.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-recycle-bin-bug-on-all-supported-windows-releases/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday","source":"general-news","category":"news","severity":"unknown","title":"CISA: Splunk Enterprise flaw actively exploited, patch by Sunday","description":"CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T10:39:58.000Z","fetchedAt":"2026-06-22T03:00:03.013Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak","source":"general-news","category":"news","severity":"unknown","title":"CISA warns Fortinet users to secure devices after FortiBleed leak","description":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed \"FortiBleed.\" [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T06:47:55.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-nintendo-confirms-data-stolen-in-webmd-subsidiary-cyberattack","source":"general-news","category":"news","severity":"unknown","title":"Nintendo confirms data stolen in WebMD subsidiary cyberattack","description":"Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T18:31:36.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/nintendo-confirms-data-stolen-in-webmd-subsidiary-cyberattack/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files","source":"general-news","category":"news","severity":"unknown","title":"USB worm spreads crypto-stealing malware via Windows shortcut files","description":"Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T16:20:06.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-hackers-exploit-gravity-smtp-wordpress-plugin-bug-to-expose-api-keys","source":"general-news","category":"news","severity":"unknown","title":"Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys","description":"Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.\n\nThe vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-20T09:56:04.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-unpatchable-usbliter8-exploit-breaks-apple-a12-and-a13-securerom-boot-chain","source":"general-news","category":"news","severity":"unknown","title":"Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain","description":"Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips.\n\nThat code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T18:37:41.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-from-assistive-to-agentic-the-ai-shift-that-s-redefining-threat-management","source":"general-news","category":"news","severity":"unknown","title":"From Assistive to Agentic: The AI Shift That's Redefining Threat Management","description":"Introduction\n\nThe average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes, generating (overlapping) alerts and data. And yet, breach dwell times remain stubbornly long (~43 days),…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T11:58:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/from-assistive-to-agentic-ai-shift.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-salesforce-disables-klue-app-integration-after-oauth-token-abuse-exposes-custome","source":"general-news","category":"news","severity":"unknown","title":"Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data","description":"Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026.\n\nTo that end, organizations will be unable to connect to Salesforce via the app until further notice,…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T09:03:57.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/salesforce-disables-klue-app.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-apple-patches-beats-studio-buds-flaw-letting-nearby-attackers-spy-via-microphone","source":"general-news","category":"news","severity":"unknown","title":"Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone","description":"Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users.\n\nThe vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T06:36:09.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-malicious-jetbrains-plugins-steal-ai-api-keys-as-chrome-extensions-capture-chatb","source":"general-news","category":"news","severity":"unknown","title":"Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats","description":"Cybersecurity researchers have flagged a \"coordinated malware campaign\" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys.\n\n\"Every plugin poses as an AI coding assistant built on DeepSeek and other lar…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T13:51:58.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cisa-warns-of-actively-exploited-joomla-jce-flaw-allowing-php-code-execution","source":"general-news","category":"news","severity":"unknown","title":"CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution","description":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\n\nThe vulnerability, tracked as CVE-202…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T05:50:46.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/cisa-warns-of-actively-exploited-joomla.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squattin","source":"general-news","category":"news","severity":"unknown","title":"Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting","description":"A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure.\n\nPalo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty pr…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T19:05:41.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/google-vertex-ai-sdk-flaw-let-attackers.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-clickfix-campaigns-expand-malware-delivery-with-new-loaders-and-fake-update-lure","source":"general-news","category":"news","severity":"unknown","title":"ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures","description":"Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively.\n\nAttacks involving BabaDeda Loader, observed in April 2026,…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T17:41:28.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-survey-94-of-incidents-involve-anonymized-infrastructure-teams-are-still-reactiv","source":"general-news","category":"news","severity":"unknown","title":"Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive","description":"Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms.\n\nYet despite this abundance of information, many organizations continu…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T11:30:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/survey-94-of-incidents-involve.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-attackers-exploit-three-fortinet-fortisandbox-flaws-one-patched-last-week","source":"general-news","category":"news","severity":"unknown","title":"Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week","description":"Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber.\n\nIn a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours.\n\nCVE-2026-398…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T10:30:41.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/attackers-exploit-three-fortinet.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cisco-releases-security-updates-for-actively-exploited-sd-wan-manager-flaw","source":"general-news","category":"news","severity":"unknown","title":"Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw","description":"Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild.\n\nThe vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0.\n\n\"A vulnerability in the web UI of Cisco Catalyst SD-WAN Man…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T06:05:58.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/cisco-releases-security-updates-for.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cisa-flags-litespeed-cpanel-plugin-flaw-exploited-for-root-privilege-escalation","source":"general-news","category":"news","severity":"unknown","title":"CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation","description":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026.\n\nThe vulnerability in qu…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T05:41:52.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-chinese-hackers-abused-google-workspace-rules-to-steal-research-and-defense-emai","source":"general-news","category":"news","severity":"unknown","title":"Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails","description":"A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email.\n\nThe way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the u…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T19:44:06.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/chinese-hackers-abused-google-workspace.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-litellm-vulnerability-chain-lets-low-privilege-users-take-over-ai-gateway-server","source":"general-news","category":"news","severity":"unknown","title":"LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers","description":"A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed\n\nLiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one Open…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T16:39:01.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-popular-wordpress-plugin-scripts-tampered-to-plant-hidden-backdoors-on-sites","source":"general-news","category":"news","severity":"unknown","title":"Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites","description":"An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.\n\nWhen a site administrator was logged in as the file loaded, the code created an admin account under the attacker's con…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T09:59:38.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-palo-alto-warns-of-active-exploitation-of-pan-os-globalprotect-vpn-flaw","source":"general-news","category":"news","severity":"unknown","title":"Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw","description":"Palo Alto Networks has revealed that it has observed \"active exploitation\" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals.\n\nThe vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T06:17:32.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-novo-nordisk-breach-exposes-software-development-pipeline-risk","source":"general-news","category":"news","severity":"unknown","title":"Novo Nordisk Breach Exposes Software Development Pipeline Risk","description":"A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T20:05:47.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-fileless-phantom-stealer-targets-browser-credentials","source":"general-news","category":"news","severity":"unknown","title":"Fileless Phantom Stealer Targets Browser Credentials","description":"In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to evade detection.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T22:26:34.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/fileless-phantom-stealer-targets-browser-credentials","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-sprysocks-windows-variant-abuses-kernel-drivers-to-evade-detection","source":"general-news","category":"news","severity":"unknown","title":"SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection","description":"FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T20:11:48.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/threat-intelligence/sprysocks-windows-variant-kernel-drivers","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-rokarolla-android-trojan-levels-up-to-full-device-control-persistence","source":"general-news","category":"news","severity":"unknown","title":"Rokarolla Android Trojan Levels Up to Full Device Control, Persistence","description":"The emerging malware, spread via fake TikTok and Chrome downloads, has evolved by combining banking fraud with extensive device surveillance and remote control.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T17:32:32.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/endpoint-security/rokarolla-android-trojan","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-http-2-bomb-attacks-put-telcos-healthcare-orgs-at-risk","source":"general-news","category":"news","severity":"unknown","title":"HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk","description":"The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T19:31:37.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/vulnerabilities-threats/http-2-bomb-attacks-telcos-healthcare","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-copilot-searchleak-attack-allows-1-click-data-theft","source":"general-news","category":"news","severity":"unknown","title":"Copilot 'SearchLeak' Attack Allows 1-Click Data Theft","description":"The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T19:27:48.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/application-security/copilot-searchleak-attack-1-click-data-theft","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-china-nexus-actor-spies-on-us-researchers-undetected-for-a-year","source":"general-news","category":"news","severity":"unknown","title":"China-Nexus Actor Spies on US Researchers Undetected for a Year","description":"Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to breach numerous institutions and exfiltrate sensitive data.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T17:00:45.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.darkreading.com/threat-intelligence/china-nexus-actor-us-researchers-undetected","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-fortibleed-86-000-fortinet-device-credentials-compromised","source":"general-news","category":"news","severity":"unknown","title":"FortiBleed: 86,000 Fortinet Device Credentials Compromised","description":"The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs.\nThe post FortiBleed: 86,000 Fortinet Device Credentials Compromised appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T10:48:08.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.securityweek.com/fortibleed-86000-fortinet-device-credentials-compromised/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-cisco-to-acquire-widefield-security-to-boost-splunk-s-agentic-soc","source":"general-news","category":"news","severity":"unknown","title":"Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC","description":"WideField will accelerate Agentic SOC capabilities by expanding the lens on threat investigation to include identity, credentials, sessions, and blast radius.\nThe post Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T07:22:22.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.securityweek.com/cisco-to-acquire-widefield-security-to-boost-splunks-agentic-soc/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-majority-of-internet-accessible-redcap-servers-outdated","source":"general-news","category":"news","severity":"unknown","title":"Majority of Internet-Accessible REDCap Servers Outdated","description":"These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment.\nThe post Majority of Internet-Accessible REDCap Servers Outdated appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T17:07:48.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.securityweek.com/majority-of-internet-accessible-redcap-servers-outdated/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-aws-unveils-continuum-an-ai-powered-vulnerability-management-platform","source":"general-news","category":"news","severity":"unknown","title":"AWS Unveils 'Continuum,' an AI-Powered Vulnerability Management Platform","description":"Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T11:00:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/aws-continuum-ai-vulnerability/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-confidence-lacks-in-threat-detection-across-non-email-channels-like-slack-and-te","source":"general-news","category":"news","severity":"unknown","title":"Confidence Lacks in Threat Detection Across Non-Email Channels like Slack and Teams ","description":"Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T09:00:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/threat-detection-across-nonemail/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-latam-infrastructure-hit-by-fortinet-and-ivanti-exploits","source":"general-news","category":"news","severity":"unknown","title":"LATAM Infrastructure Hit by Fortinet and Ivanti Exploits","description":"CloudSEK maps Operation Escaneo, a campaign hitting Latin American infrastructure via perimeter bugs","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T11:30:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/operation-escaneo-cloudsek-latam/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-hostile-states-behind-75-of-cyber-attacks-on-uk-critical-infrastructure-ncsc-war","source":"general-news","category":"news","severity":"unknown","title":"Hostile States Behind 75% of Cyber-Attacks on UK Critical Infrastructure, NCSC Warns","description":"Richard Horne, the NCSC CEO, said three-quarters of cyber-attacks targeting UK critical infrastructure came from nation-state actors","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-18T09:10:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/hostile-states-cni-75-percent-ncsc/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-ai-threats-and-alert-fatigue-challenge-cybersecurity-teams","source":"general-news","category":"news","severity":"unknown","title":"AI Threats and Alert Fatigue Challenge Cybersecurity Teams ","description":"Filigran survey at Infosecurity Europe 2026 reveals AI-powered attacks as the top concern, with false positives, alert fatigue and manual processes draining security teams","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T12:30:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ai-threats-alert-fatigue-challenge/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-eu-security-experts-to-support-ukrainian-organizations-in-case-of-cyber-attacks","source":"general-news","category":"news","severity":"unknown","title":"EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks","description":"Ukraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidents","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T09:45:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ukraine-included-eu-cyber-reserve/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-rokarolla-trojan-combines-banking-fraud-with-device-surveillance","source":"general-news","category":"news","severity":"unknown","title":"Rokarolla Trojan Combines Banking Fraud With Device Surveillance","description":"Rokarolla Android trojan steals banking logins and spies on victims while blocking fraud alerts","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T13:15:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/rokarolla-android-banking-trojan/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-chainguard-jpmorgan-bny-team-up-to-secure-open-source-from-ai-threats","source":"general-news","category":"news","severity":"unknown","title":"Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats","description":"Athena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit them","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T11:00:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/chainguard-bny-open-source-athena/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-attackers-hijack-popular-wordpress-plugins-to-deploy-backdoors","source":"general-news","category":"news","severity":"unknown","title":"Attackers Hijack Popular WordPress Plugins to Deploy Backdoors","description":"Tampered OptinMonster and sister plugins plant hidden backdoors on 1.2 million WordPress sites","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T17:00:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/wordpress-plugin-supply-chain/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-maine-takes-breach-reporting-portal-offline-after-fake-entries","source":"general-news","category":"news","severity":"unknown","title":"Maine Takes Breach Reporting Portal Offline After Fake Entries","description":"The Office of the Maine Attorney General has suspended its breach reporting portal","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T09:00:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.infosecurity-magazine.com/news/maine-breach-reporting-portal/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-the-systemd-261-release-brings-a-software-tpm-new-os-installer","source":"general-news","category":"news","severity":"unknown","title":"The systemd 261 release brings a software TPM, new OS installer","description":"Linux distributions that ship systemd as their init system now have a new version to track. The systemd 261 update adds a cloud metadata subsystem, carries process state through kexec reboots, and continues a long-running effort to load external libraries on demand. Cloud metadata gets a local inter…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-21T22:30:29.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.helpnetsecurity.com/2026/06/22/systemd-261-released/","label":"Help Net Security","domainType":"media"}],"feedLabel":null},{"id":"news-klue-breach-lead-to-salesforce-data-theft-huntress-affected","source":"general-news","category":"news","severity":"unknown","title":"Klue breach lead to Salesforce data theft, Huntress affected","description":"Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18, framing it as a “security domino effect…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T12:57:39.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.helpnetsecurity.com/2026/06/19/klue-salesforce-data-breach-huntress/","label":"Help Net Security","domainType":"media"}],"feedLabel":null},{"id":"news-cybercriminals-abused-github-youtube-and-virustotal-to-push-crypto-stealing-malw","source":"general-news","category":"news","severity":"unknown","title":"Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware","description":"A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the mal…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-19T12:11:44.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://www.helpnetsecurity.com/2026/06/19/fake-github-stars-crypto-stealing-malware/","label":"Help Net Security","domainType":"media"}],"feedLabel":null},{"id":"news-hostile-states-behind-three-quarters-of-attacks-on-britain-s-critical-infrastruc","source":"general-news","category":"news","severity":"unknown","title":"Hostile states behind three-quarters of attacks on Britain's critical infrastructure, cyber chief warns","description":"NCSC CEO Richard Horne warned that “kinetic targeting in any conflict tomorrow will be based on intelligence gathered today” and that nation-state adversaries were “prepositioning” throughout British critical infrastructure.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T17:55:00.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://therecord.media/britain-nation-state-cyberattacks-richard-horne-rusi","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-attackers-hit-pair-of-critical-fortinet-vulnerabilities-the-vendor-disclosed-in-","source":"general-news","category":"news","severity":"unknown","title":"Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April","description":"Multiple firms have observed active exploitation of the FortiSandbox defects, and warn that the attacks originate from multiple sources, not a single campaign.\nThe post Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-17T15:42:46.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://cyberscoop.com/fortinet-fortisandbox-vulnerabilities-exploits/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-ai-s-constant-patching-treadmill-can-be-a-security-problem","source":"general-news","category":"news","severity":"unknown","title":"AI’s constant patching treadmill can be a security problem","description":"The breakneck speed of model releases may be creating short, silent security gaps as developers must choose between performance and security, according to a new report.\nThe post AI’s constant patching treadmill can be a security problem appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-16T20:32:30.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://cyberscoop.com/claude-code-security-vulnerabilities-ai-patches-backslash-security/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-google-exposes-china-espionage-group-that-s-been-lurking-in-networks-undetected-","source":"general-news","category":"news","severity":"unknown","title":"Google exposes China espionage group that’s been lurking in networks undetected since 2023","description":"The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to intercept research and steal data with national security implications.\nThe post Google exposes China espionage group that’s been lurking in networks undetected since 2023 appeare…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-06-15T20:11:48.000Z","fetchedAt":"2026-06-22T03:00:03.014Z","references":[{"url":"https://cyberscoop.com/google-unc6508-china-espionage-threat/","label":"CyberScoop","domainType":"media"}],"feedLabel":null}],"llmPrompt":"You are a cybersecurity analyst. Summarize this daily threat intelligence report for 2026-06-22.\nTotal items collected: 395 from sources: cisa-kev: 2, cisa-advisories: 16, vendor-blogs: 214, malware-bazaar: 26, abuse-ipdb: 20, threatfox: 3, otx: 30, general-news: 97.\n\nTop threats by severity:\n1. [CRITICAL] AzeoTech DAQFactory\n2. [CRITICAL] CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability\n3. [CRITICAL] CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability\n4. [CRITICAL] CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability\n5. [CRITICAL] CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability\n6. [CRITICAL] CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability\n7. [CRITICAL] Healthcare sector faces escalating ransomware, supply chain and APT risks as cyber threats intensify, CYFIRMA warns\n8. [CRITICAL] Malicious IP: 218.149.228.175\n9. [CRITICAL] Malicious IP: 173.255.223.62\n10. [CRITICAL] Malicious IP: 20.118.217.162\n\nProvide: (1) Executive summary (2-3 sentences), (2) Key threats to watch,\n(3) Recommended actions for security teams, (4) Notable trends.\nBe concise and actionable. Focus on what matters most to defenders."}