Cyber Threat Brief

Carolina Clear Tech, LLC

Your daily cybersecurity briefing. Vulnerabilities, ransomware, threat actors, and patches that matter, explained for IT professionals and business leaders protecting small and mid-sized organizations. From Carolina Clear Tech.

  1. 4d ago

    2026-06-20: CISA orders federal agencies to patch Splunk Enterprise by Sunday as active exploitation confirmed

    Show Notes - 2026-06-20 Stories Covered: - Today: - CISA: Splunk Enterprise flaw actively exploited, patch by Sunday (CVE-2026-20253) (https://www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/) - FortiBleed: 86,000 Fortinet Device Credentials Compromised (https://www.securityweek.com/fortibleed-86000-fortinet-device-credentials-compromised/) - The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes (https://thehackernews.com/2026/06/the-gentlemen-raas-uses-gentlekiller.html) - DragonForce Abuses Microsoft Teams Relays to Conceal Backdoor Traffic (https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-25-7/) - Klue OAuth breach victim list grows as Icarus hackers claim attack (https://www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/) - Threat Brief: Mitigating Large-Scale Credential Attacks (FortiBleed) (https://unit42.paloaltonetworks.com/large-scale-credential-attacks/) - CryptoBandits Malware Doubles as a Backdoor, Abuses Tor (https://www.securityweek.com/cryptobandits-malware-doubles-as-a-backdoor-abuses-tor/) - Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites (https://thehackernews.com/2026/06/operation-endgame-disrupts-socgholish.html) - Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin (CVE-2026-4020) (https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/) - 1.2 million WordPress sites compromised in OptinMonster supply chain attack (https://www.securityweek.com/in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrike-probe-aws-continuum/) - Texas govt data breach exposes over 3 million driver's licenses (https://www.bleepingcomputer.com/news/security/texas-govt-data-breach-exposes-over-3-million-drivers-licenses/) - Authorities Dismantle PhaaS Network & Clean Sites Infected with SocGholish (https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-25-7/) - MaXSS and Spyder flaws expose 10 million Chrome users to hacking (https://www.securityweek.com/in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrike-probe-aws-continuum/) - 10-year-old phpBB flaw enables session hijacking (https://www.securityweek.com/in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrike-probe-aws-continuum/) - JetBrains Marketplace plugins steal developer AI keys (https://www.securityweek.com/in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrike-probe-aws-continuum/) - AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution (CVE-2026-25592, CVE-2026-26030) (https://thehackernews.com/2026/06/autojack-attack-lets-one-web-page.html) - Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html) - Avada Builder WordPress plugin (CVE-2026-8713) (https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/) - Microsoft: June 2026 Windows updates break Recycle Bin prompts (https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-recycle-bin-bug-on-all-supported-windows-releases/) - Chromium CVEs (CVE-2026-12446, CVE-2026-12458, CVE-2026-12439, CVE-2026-12447, CVE-2026-12453, CVE-2026-12459, CVE-2026-12460, CVE-2026-12454) (https://msrc.microsoft.com/update-guide/) CVEs Referenced: CVE-2026-12439, CVE-2026-12446, CVE-2026-12447, CVE-2026-12453, CVE-2026-12454, CVE-2026-12458, CVE-2026-12459, CVE-2026-12460, CVE-2026-20253, CVE-2026-25592, CVE-2026-26030, CVE-2026-4020, CVE-2026-8713 Indicators of Compromise: IPs: 0.4.2.2 Full brief: https://carolinacleartech.com/brief/202 ...

    29 min

  2. 5d ago

    2026-06-19: CISA adds actively exploited Splunk vulnerability to its KEV catalog days after disclosure

    Show Notes - 2026-06-19 Stories Covered: - June 19, 2026 - Today: - Splunk Enterprise Authentication Bypass (CVE-2026-20253) (https://www.securityweek.com/splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure/) - FortiBleed: 74,000 Fortinet Devices Compromised (https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/) - F5 NGINX Critical Remote Code Execution Flaws (https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html) - INC Ransomware: 830 Victims Since 2023 (https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html) - DragonForce Abuses Microsoft Teams Relays to Hide Backdoor Traffic (https://thehackernews.com/2026/06/dragonforce-hackers-abuse-microsoft.html) - The Gentlemen Ransomware: Multiple EDR Killers in Active Development (https://www.bleepingcomputer.com/news/security/gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses/) - Operation Endgame Disrupts SocGholish Infrastructure (https://www.proofpoint.com/us/blog/threat-insight/sayonara-socgholish-operation-endgame-disrupts-major-cybercrime-operation) - HCRG Care Group Notifies Patients 16 Months After Medusa Ransomware Attack (https://databreaches.net/2026/06/18/uk-more-than-one-year-later-hcrg-is-first-notifying-patients-of-ransomware-attack/?pk_campaign=feed&pk_kwd=uk-more-than-one-year-later-hcrg-is-first-notifying-patients-of-ransomware-attack) - HHS Settles with Spencer Gifts Health Plan for $450K After Ransomware Investigation (https://databreaches.net/2026/06/18/hhs-o%ef%ac%83ce-for-civil-rights-settles-ransomware-investigation-with-spencer-gifts-health-plan-for-450k-corrective-action-plan/?pk_campaign=feed&pk_kwd=hhs-o%25ef%25ac%2583ce-for-civil-rights-settles-ransomware-investigation-with-spencer-gifts-health-plan-for-450k-corrective-action-plan) - Klue Supply Chain Attack Hits Cybersecurity Firms (https://www.darkreading.com/cyberattacks-data-breaches/salesforce-data-thefts-klue-app-compromise) - ShapedPlugin WordPress Supply Chain Attack (https://www.bleepingcomputer.com/news/security/shapedplugin-update-flow-hacked-to-infect-wordpress-sites/) - AutoJack: AI Agent Framework RCE via Localhost Trust Boundary (https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/) - Microsoft 365 Backup Gaps Require Third-Party Solutions (https://www.bleepingcomputer.com/news/security/5-reasons-microsoft-365-backup-isnt-enough-for-business-data-protection/) - Rockwell Automation FactoryTalk Historian Authentication Bypass (https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-03) - Industrial Control System Vulnerabilities (https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-03) - Medical Device Bluetooth Vulnerabilities (https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01) - Apple Beats Studio Buds Microphone Eavesdropping Flaw (https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html) - Unpatchable iPhone SecureROM Exploit for A12/A13 Chips (https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html) - Microsoft June 2026 Vulnerabilities (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47633) - Windows Server 2016 Security Update Failures Fixed (https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2016-security-update-failures/) CVEs Referenced: CVE-2023-3519, CVE-2023-48788, CVE-2023-52271, CVE-2024-57727, CVE-2025-1055, CVE-2025-13036, CVE-2025-20700, CVE-2025-20701, CVE-2025-20702, CVE-2025-36539, CVE-2025-44019, CVE-2025-5777, CVE-2025-61155, CVE-2026-10275, CVE-2026-12087, CVE-2026-12390, CVE-2026-20253, CVE-2026-32174, CVE-2026-32208, CVE-2026-40624, CVE-2026-42014, CVE-2026-42055, CVE-2026-42530, CVE-2026-42895, CVE-2026-42945, CVE-2026-43966, CVE-2026-44967, CVE-2026-47633, CV ...

    30 min

  3. 6d ago

    2026-06-18: FortiBleed exposes 73,000 Fortinet VPN credentials to a Russian-speaking threat group targeting

    Show Notes - 2026-06-18 Stories Covered: - June 18, 2026 - Today: - Joomla Content Editor Plugin Zero-Day (CVE-2026-48907) (https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-joomla-plugin-flaw-by-friday/) - FortiBleed: 73,000 Fortinet VPN Credentials Exposed (https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/) - Fortinet FortiSandbox Vulnerabilities Under Active Exploitation (https://cyberscoop.com/fortinet-fortisandbox-vulnerabilities-exploits/) - Microsoft Defender Zero-Day RoguePlanet (CVE-2026-50656) (https://thehackernews.com/2026/06/microsoft-confirms-rogueplanet-defender_02022423645.html) - INC Ransomware Reaches 800+ Victims Through Basic Tactics (https://www.darkreading.com/cyberattacks-data-breaches/inc-ransomware-thrives-by-mastering-the-basics) - DragonForce Ransomware Deploys Custom Backdoor Using Microsoft Teams Infrastructure (https://www.securityweek.com/microsoft-teams-relay-servers-abused-in-dragonforce-ransomware-attack/) - EdTech Sector Faces Escalating Ransomware and Data Breach Activity (https://databreaches.net/2026/06/17/cybercriminals-are-targeting-edtech-data-breaches-and-ransomware-attacks-on-the-rise/?pk_campaign=feed&pk_kwd=cybercriminals-are-targeting-edtech-data-breaches-and-ransomware-attacks-on-the-rise) - Mastra npm Supply Chain Attack Poisons 140+ Packages (https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/) - Account Takeover Attacks Rising Through Session Hijacking and MFA Bypass (https://www.bleepingcomputer.com/news/security/why-account-takeovers-are-rising-and-how-to-stop-them/) - CASB Blind Spot: QUIC Protocol Bypasses Web Traffic Inspection (https://isc.sans.edu/diary/rss/33084) - Crypto Clipper Malware Uses Tor and Worm-Like Propagation (https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/) - Office Apps Experiencing Launch Issues After June Updates (https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-office-apps-launch-issues-after-june-updates/) - Interpol: Cyber Offenses Account for One-Third of Crime in Asia-Pacific (https://www.theregister.com/cyber-crime/2026/06/18/cyber-offenses-now-account-for-around-a-third-of-all-crime-across-asia-and-south-pacific/5257716) - Junior Hacker Uses Tailscale and OpenSSH for Backup Persistence (https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html) - CVE-2026-48854: Elixir gRPC Unbounded Request Body Memory Exhaustion (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48854) - Coordinated SSH Brute Force Attacks Over Three Months (https://isc.sans.edu/diary/rss/33086) CVEs Referenced: CVE-2023-3519, CVE-2023-48788, CVE-2024-57727, CVE-2025-5777, CVE-2026-25089, CVE-2026-33825, CVE-2026-39808, CVE-2026-39813, CVE-2026-41091, CVE-2026-45498, CVE-2026-48854, CVE-2026-48907, CVE-2026-50656 Indicators of Compromise: IPs: 2.9.99.6 Full brief: https://carolinacleartech.com/brief/2026-06-18/

    32 min

  4. Jun 17

    2026-06-17: CISA gives federal agencies until tomorrow to patch an actively exploited cPanel plugin

    Show Notes - 2026-06-17 Stories Covered: - Today: - CISA Orders LiteSpeed cPanel Patch by June 18 (CVE-2026-54420) (https://www.bleepingcomputer.com/news/security/cisa-warns-of-another-actively-exploited-cpanel-plugin-flaw/) - Microsoft Working on RoguePlanet Defender Zero-Day Patch (CVE-2026-50656) (https://www.bleepingcomputer.com/news/microsoft/microsoft-working-on-defender-patch-for-rogueplanet-zero-day/) - Joomla JCE Plugin Flaw Under Active Exploitation (CVE-2026-48907) (https://thehackernews.com/2026/06/cisa-warns-of-actively-exploited-joomla.html) - Three Fortinet FortiSandbox Flaws Under Active Exploitation (https://www.securityweek.com/3-recently-patched-fortinet-fortisandbox-vulnerabilities-in-hacker-crosshairs/) - DragonForce Ransomware Abuses Microsoft Teams TURN Relays for Command-and-Control (https://www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/) - Kodak Confirms Data Breach, ShinyHunters Claims 2.2 Million Records (https://www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-claimed-by-shinyhunters-extortion-gang/) - Lorem Ipsum Malware Pivots to ClickFix Delivery, Likely Linked to Vice Society (https://www.darkreading.com/cyberattacks-data-breaches/lorem-ipsum-malware-clickfix-delivery) - Novo Nordisk Hit by Two Separate Threat Actors Demanding $50M and $25M (https://databreaches.net/2026/06/16/one-threat-actor-demanded-50-million-from-novo-nordisk-another-one-demanded-25-million-neither-got-paid/?pk_campaign=feed&pk_kwd=one-threat-actor-demanded-50-million-from-novo-nordisk-another-one-demanded-25-million-neither-got-paid) - 144 Mastra npm Packages Compromised via Hijacked Contributor Account (https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html) - 15 Malicious JetBrains Plugins Steal AI API Keys from 70,000 Developers (https://www.bleepingcomputer.com/news/security/malicious-jetbrains-marketplace-plugins-steal-ai-api-keys-from-developers/) - Steam Workshop Abused to Spread Malware via Wallpaper Engine (https://www.bleepingcomputer.com/news/security/steam-workshop-abused-to-spread-malware-via-wallpaper-engine-app/) - 30,000 Compromised Fortinet Firewalls Expose Corporate Networks (FortiBleed Campaign) (https://www.securityweek.com/3-recently-patched-fortinet-fortisandbox-vulnerabilities-in-hacker-crosshairs/) - ClickFix Campaigns Expand with BabaDeda, Lorem Ipsum, and Potemkin Loaders (https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html) - GhostTree Attack Abuses Recursive Windows Junctions to Hide Malware from EDR (https://www.bleepingcomputer.com/news/security/ghosttree-attack-abused-recursive-windows-junctions-to-hide-malware/) - Google Vertex AI SDK Flaw Allowed Cross-Tenant Model Hijacking (Pickle in the Middle) (https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/) - China Arrests 67 Suspects Linked to Silver Fox Cybercrime Group (https://news.risky.biz/risky-bulletin-china-arrests-members-of-silver-fox-cybercrime-group/) - Chrome Extensions Steal AI Conversations (PromptSnatcher Campaign) (https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html) - China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth (https://thehackernews.com/2026/06/china-linked-sprysocks-backdoor-expands.html) - New Rokarolla Android Malware Targets 217 Banking and Crypto Apps (https://www.bleepingcomputer.com/news/security/new-rokarolla-android-malware-targets-217-banking-crypto-apps/) - FTC Warns of Record $3.5 Billion Losses to Imposter Scams in 2025 (https://www.bleepingcomputer.com/news/security/ftc-warns-of-record-35-billion-losses-to-imposter-scams-in-2025/) - Rockwell Automation FLEX I/O EtherNet/IP Adapters (CVE-2026-0646, CVE-2026-0647) (https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05) - Rockwell Automation RSLinx Classic (CVE-2020-1 ...

    36 min

  5. Jun 16

    2026-06-16: Cisco patches its eighth SD-WAN zero-day of the year

    Show Notes - 2026-06-16 Stories Covered: - June 16, 2026 - Today: - Cisco Catalyst SD-WAN Manager Arbitrary File Write (CVE-2026-20262) (https://thehackernews.com/2026/06/cisco-releases-security-updates-for.html) - Google Chrome V8 Zero-Day (CVE-2026-11645) (https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html) - Oracle PeopleSoft Zero-Day Exploited by ShinyHunters (CVE-2026-35273) (https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html) - LiteSpeed cPanel Plugin Privilege Escalation (CVE-2026-54420) (https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html) - Mackay Sugar Ransomware Attack Shuts Down Mills (https://www.securityweek.com/ransomware-attack-shuts-down-mills-of-australias-second-largest-sugar-producer/) - FulcrumSec Leaks Novo Nordisk Data After $25M Demand Goes Unpaid (https://databreaches.net/2026/06/15/scoop-fulcrumsec-leaks-novo-nordisk-data-after-25m-demand-goes-unpaid/) - Conti Ransomware Developer Pleads Guilty (https://www.securityweek.com/ukrainian-man-pleads-guilty-in-us-to-conti-ransomware-charges/) - Microsoft 365 Copilot SearchLeak Vulnerability (CVE-2026-42824) (https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html) - 1,500+ Arch Linux Packages Compromised With Malware (https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html) - FBI Takes Down Outsider PhaaS Enterprise (https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html) - ShinyHunters Claims Council of Europe Hack (https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/) - North Korean Hackers Target Developers With Malicious Tools (https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html) - Chinese APT UNC6508 Targets US Medical and Academic Research (https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research/) - Jaguar Land Rover Ordered 30,000 Staff Password Resets After Cyberattack (https://databreaches.net/2026/06/15/jlr-ordered-30000-staff-to-reset-passwords-in-person-after-cyberattack/) - VHDX File Delivers Remcos RAT (https://isc.sans.edu/diary/rss/33080) - Linux-PAM Timing Attack (CVE-2026-54411) (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54411) - Microsoft Edge Chromium CVE Batch (https://msrc.microsoft.com/update-guide/) CVEs Referenced: CVE-2026-11640, CVE-2026-11645, CVE-2026-11662, CVE-2026-11668, CVE-2026-11677, CVE-2026-11684, CVE-2026-11685, CVE-2026-11688, CVE-2026-11693, CVE-2026-12010, CVE-2026-12012, CVE-2026-12016, CVE-2026-12019, CVE-2026-20262, CVE-2026-2441, CVE-2026-35273, CVE-2026-3909, CVE-2026-3910, CVE-2026-42824, CVE-2026-5281, CVE-2026-54411, CVE-2026-54420 Indicators of Compromise: IPs: 20.9.9.2, 20.12.7.2, 20.15.4.5, 20.15.5.3, 20.18.3.1, 26.1.1.2, 5.3.2.0 Full brief: https://carolinacleartech.com/brief/2026-06-16/

    17 min

  6. Jun 15

    2026-06-15: Palo Alto GlobalProtect VPN suffers active exploitation with CISA KEV deadline passed

    Show Notes - 2026-06-15 Stories Covered: - Today: - Palo Alto PAN-OS GlobalProtect VPN Authentication Bypass (CVE-2026-0257) (https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html) - Arch Linux Supply Chain Attack Hijacks 1,900+ AUR Packages (https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/) - FBI Dismantles Chinese Phishing-as-a-Service Platform (Outsider Enterprise) (https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/) - WordPress Plugin Supply Chain Attack (Awesome Motive) (https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/) - Maine Attorney General Disables Data Breach Portal Due to Fake Submissions (https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/) - Sniper Dz Phishing-as-a-Service Platform Targets MENA Region (https://thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html) - Hotel Chain Data Breach (BWH Hotels) (https://databreaches.net/2026/06/14/uk-hotel-guests-issued-urgent-check-alert-as-personal-details-stolen-from-major-chain/?pk_campaign=feed&pk_kwd=uk-hotel-guests-issued-urgent-check-alert-as-personal-details-stolen-from-major-chain) - Novo Nordisk Clinical Trial Patient Data Breach (https://databreaches.net/2026/06/14/novo-nordisk-reports-data-breach-tells-clinical-trial-patients-to-remain-vigilant/?pk_campaign=feed&pk_kwd=novo-nordisk-reports-data-breach-tells-clinical-trial-patients-to-remain-vigilant) - ShinyHunters Lists New Victims (https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/) - CVE-2026-11526 (Perl GD Library Command Injection) (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11526) CVEs Referenced: CVE-2026-0257, CVE-2026-11526 Indicators of Compromise: IPs: 23.128.228.6, 104.207.144.154, 146.19.216.119, 146.19.216.120, 146.19.216.125, 179.43.172.213, 185.195.232.139, 198.12.106.60, 202.144.192.47 Full brief: https://carolinacleartech.com/brief/2026-06-15/

    11 min

  7. Jun 14

    2026-06-14: Anthropic disabled its two most advanced AI models after a US government export control order over

    Show Notes - 2026-06-14 Stories Covered: - Today: - Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack (https://www.theregister.com/Security/Microsoft-patches-failed-to-fix-on-prem-SharePoint-which-is-now-under-zero-day-attack) - Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication (CVE-2026-20253) (https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html) - Chinese hackers hijack auth flow, spy on isolated network for a decade (https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/) - Ex-school district employee jailed for hacks on former employer (https://www.bleepingcomputer.com/news/security/ex-school-district-employee-jailed-for-hacks-on-former-employer/) - NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks (https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/) - US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos (https://www.bleepingcomputer.com/news/security/us-gov-asks-anthropic-to-ban-foreign-national-access-to-fable-mythos/) - Russians are posing as Signal support to launch phishing attacks (https://www.theregister.com/Security/Russians-are-posing-as-Signal-support-to-launch-phishing-attacks) - Google fires sueball at alleged Chinese phishers over AI-powered fraud ops (https://www.theregister.com/security/Google-fires-sueball-at-alleged-Chinese-phishers-over-AI-powered-fraud-ops) - DEF CON Franklin project enlists hackers to harden critical infrastructure (https://www.theregister.com/Black-Hat-and-DEF-CON/DEF-CON-Franklin-project-enlists-hackers-to-harden-critical-infrastructure) - Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight (https://www.theregister.com/Malware-Month/Ten-years-since-the-first-corp-ransomware-Mikko-Hyppönen-sees-no-end-in-sight) - EQT buys majority share in Swiss cybersecurity biz Acronis (https://www.theregister.com/Security/EQT-buys-majority-share-in-Swiss-cybersecurity-biz-Acronis) - South Korea Hands Coupang a Record-Breaking $409 Million Data Privacy Fine (https://databreaches.net/2026/06/13/south-korea-hands-coupang-a-record-breaking-409-million-data-privacy-fine/) CVEs Referenced: CVE-2026-20253 Full brief: https://carolinacleartech.com/brief/2026-06-14/

    13 min

  8. Jun 13

    2026-06-13: ShinyHunters exploited Oracle PeopleSoft zero-day CVE-2026-35273 for two weeks

    Show Notes - 2026-06-13 Stories Covered: - Today: - Oracle PeopleSoft Zero-Day Exploited (CVE-2026-35273) (https://www.darkreading.com/vulnerabilities-threats/shinyhunters-oracle-zero-day-higher-ed) - Conti Ransomware Member Pleads Guilty (https://www.bleepingcomputer.com/news/security/ukrainian-national-pleads-guilty-to-role-in-conti-ransomware-operation/) - Global Schools Foundation Ransomware Negotiation Failure (https://databreaches.net/2026/06/12/after-a-massive-hack-global-schools-groups-negotiator-acted-bizarrely-it-didnt-end-well-for-them/?pk_campaign=feed&pk_kwd=after-a-massive-hack-global-schools-groups-negotiator-acted-bizarrely-it-didnt-end-well-for-them) - China-Linked Group Backdoored Linux Login Systems for 9 Years (https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html) - Supply-Chain Attack Early Warning Signs on Dark Web (https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/) - Insider Threat: Iowa School IT Worker Sentenced for Sabotage (https://databreaches.net/2026/06/12/former-saydel-schools-it-worker-sentenced-for-iowa-cyber-sabotage/?pk_campaign=feed&pk_kwd=former-saydel-schools-it-worker-sentenced-for-iowa-cyber-sabotage) - Maine Data Breach Portal Disabled After Fake Disclosures (https://www.bleepingcomputer.com/news/security/maine-disables-data-breach-notification-portal-after-fake-disclosures/) - KPMG AI Report Demonstrates AI Hallucinations (https://www.theregister.com/ai-and-ml/2026/06/12/kpmgs-ai-report-turns-into-a-demo-of-ai-hallucinations/5255029) - New macOS Tahoe 26 Forensic Artifact Discovered (https://unit42.paloaltonetworks.com/new-macos-artifact-discovered/) - LabCorp Settles AMCA Breach for $35 Million (https://databreaches.net/2026/06/12/labcorp-reaches-35m-settlement-over-american-medical-collection-agency-breach/?pk_campaign=feed&pk_kwd=labcorp-reaches-35m-settlement-over-american-medical-collection-agency-breach) - DOJ: COVID-19 Relief Fraud Arrests (https://www.justice.gov/usao-nv/pr/coordinated-law-enforcement-actions-results-arrests-seven-men-connection-fraudulent) - phpBB Authentication Bypass (10 Years Old) (https://www.bleepingcomputer.com/news/security/phpbb-forum-fixes-auth-bypass-bug-lurking-for-a-decade/) - Microsoft Security Update Guide CVEs (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9076) CVEs Referenced: CVE-2023-5678, CVE-2024-20399, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-35273, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-44705, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447, CVE-2026-47162, CVE-2026-47167, CVE-2026-52859, CVE-2026-52860, CVE-2026-7383, CVE-2026-9076 Full brief: https://carolinacleartech.com/brief/2026-06-13/

    18 min
See All (90)

About

Your daily cybersecurity briefing. Vulnerabilities, ransomware, threat actors, and patches that matter, explained for IT professionals and business leaders protecting small and mid-sized organizations. From Carolina Clear Tech.

Information

  • Creator
    Carolina Clear Tech, LLC
  • Years Active
    2K
  • Episodes
    90
  • Rating
    Clean
  • Copyright
    © 2026 Carolina Clear Tech, LLC
  • Show Website
    Cyber Threat Brief