EPISODE · Jun 16, 2026 · 4 MIN
Jun 16, 2026 · #82
from Security Brief Daily · host Security Brief Daily
Episode 82 — 16 Jun 2026 1. Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw Source: The Hacker News Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of... 2. New attack turned Microsoft 365 Copilot into 1-click data theft tool Source: Bleeping Computer A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. The exfiltrated information could be email content... 3. SimpleHelp bug lets hackers create rogue remote support accounts Source: Bleeping Computer A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. The flaw is tracked as CVE-2026-48558 and received a critical severity... 4. iRhythm discloses data breach, says hackers stole patient info Source: Bleeping Computer Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications. The company says its cardiac monitoring service has been used to analyze more than 2... 5. OptinMonster WordPress plugin hacked in CDN supply-chain attack Source: Bleeping Computer WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive's content distribution network (CDN). Of the three products, the OptinMonster lead-generation and conversion optimization platform is the most... 6. CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026.... 7. Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware Source: The Hacker News The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. "The attack email contained a message impersonating an MS... 8. LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers Source: The Hacker News A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model...
What this episode covers
Episode 82 — 16 Jun 2026 1. Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw Source: The Hacker News Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of... 2. New attack turned Microsoft 365 Copilot into 1-click data theft tool Source: Bleeping Computer A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. The exfiltrated information could be email content... 3. SimpleHelp bug lets hackers create rogue remote support accounts Source: Bleeping Computer A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. The flaw is tracked as CVE-2026-48558 and received a critical severity... 4. iRhythm discloses data breach, says hackers stole patient info Source: Bleeping Computer Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications. The company says its cardiac monitoring service has been used to analyze more than 2... 5. OptinMonster WordPress plugin hacked in CDN supply-chain attack Source: Bleeping Computer WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive's content distribution network (CDN). Of the three products, the OptinMonster lead-generation and conversion optimization platform is the most... 6. CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026.... 7. Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware Source: The Hacker News The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. "The attack email contained a message impersonating an MS... 8. LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers Source: The Hacker News A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model...
NOW PLAYING
Jun 16, 2026 · #82
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.