43AA 6E9A 54EE B550 D830 EF7A 36EE 72FB 8AD1 F5CC

Infosec bits for 2026 week 26

Heloise Meyer | June 26, 2026, 3:29 p.m.

Cybersecurity News:

  • What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks [Torsten George, SecurityWeek]
  • Residential proxy SDKs are hiding in LG and Samsung smart TV apps [Anamarija Pogorelec, HelpNetSecurity]
  • A closer look at Africa’s evolving cyberthreat landscape [Christine Barry, Barracuda]
  • Vulnerabilities and Patches:

  • Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet [Security Affairs]
  • GitLab Patches Code Execution, Information Disclosure Vulnerabilities [Ionut Arghire, SecurityWeek]
  • Critical libssh2 Vulnerabilities Allow Remote Code Execution and Denial of Service [Secure ISS, Secure ISS]
  • 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests [Swati Khandelwal, The Hacker News]
  • FFmpeg fixes PixelSmash flaw in widely used video decoder [Bill Toulas, BleepingComputer]
  • Update Chrome to patch critical browser security flaws [Pieter Arntz, Malwarebytes]
  • Cyberattacks and Breaches:

  • Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT [Ravie Lakshmanan, The Hacker News]
  • StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them [Microsoft, Microsoft]
  • Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager [Mandiant, Google Cloud]
  • FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation [Ravie Lakshmanan, The Hacker News]
  • Cordyceps: The Silent Parasite Consuming Your Supply Chain [Elad Meged, Novee]
  • BeyondTrust, LastPass Impacted by Klue-Salesforce Incident [Ionut Arghire, SecurityWeek]