Infosec bits for 2026 week 26
Heloise Meyer
| June 26, 2026, 3:29 p.m.
Cybersecurity News:
What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks [Torsten George, SecurityWeek]
Residential proxy SDKs are hiding in LG and Samsung smart TV apps [Anamarija Pogorelec, HelpNetSecurity]
A closer look at Africa’s evolving cyberthreat landscape [Christine Barry, Barracuda]
Vulnerabilities and Patches:
Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet [Security Affairs]
GitLab Patches Code Execution, Information Disclosure Vulnerabilities [Ionut Arghire, SecurityWeek]
Critical libssh2 Vulnerabilities Allow Remote Code Execution and Denial of Service [Secure ISS, Secure ISS]
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests [Swati Khandelwal, The Hacker News]
FFmpeg fixes PixelSmash flaw in widely used video decoder [Bill Toulas, BleepingComputer]
Update Chrome to patch critical browser security flaws [Pieter Arntz, Malwarebytes]
Cyberattacks and Breaches:
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT [Ravie Lakshmanan, The Hacker News]
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them [Microsoft, Microsoft]
Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager [Mandiant, Google Cloud]
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation [Ravie Lakshmanan, The Hacker News]
Cordyceps: The Silent Parasite Consuming Your Supply Chain [Elad Meged, Novee]
BeyondTrust, LastPass Impacted by Klue-Salesforce Incident [Ionut Arghire, SecurityWeek]