Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-16 03:00 PDT
- Critical Fortinet FortiSandbox flaws now exploited in attacks
BleepingComputer • 2026-06-16 02:19 • www.bleepingcomputer.com
Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. […]
https://www.bleepingcomputer.com/news/security/critical-fortinet-fortisandbox-flaws-now-exploited-in-attacks/ - Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
Securelist • 2026-06-16 02:00 • securelist.com
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia.
https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/ - Windows version of SprySOCKS Linux malware used to attack govt orgs
BleepingComputer • 2026-06-16 02:00 • www.bleepingcomputer.com
Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. […]
https://www.bleepingcomputer.com/news/security/windows-version-of-sprysocks-linux-malware-used-to-attack-govt-orgs/ - Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The Hacker News • 2026-06-16 01:14 • thehackernews.com
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.“The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible
https://thehackernews.com/2026/06/fake-microsoft-alerts-used-to-deploy.html - From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
SANS ISC Diary (full) • 2026-06-16 00:09 • isc.sans.eduYesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs):
- iRhythm discloses data breach, says hackers stole patient info
BleepingComputer • 2026-06-15 23:31 • www.bleepingcomputer.com
Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients’ personal and health information stored on third-party-hosted business applications. […]
https://www.bleepingcomputer.com/news/security/irhythm-discloses-data-breach-says-hackers-stole-patient-info/ - Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
The Hacker News • 2026-06-15 23:05 • thehackernews.com
Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild.The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0.
“A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or
https://thehackernews.com/2026/06/cisco-releases-security-updates-for.html - CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
The Hacker News • 2026-06-15 22:41 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026.The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege
https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
