Jun 18, 2026 · #84 episode artwork

EPISODE · Jun 18, 2026 · 4 MIN

Jun 18, 2026 · #84

from Security Brief Daily · host Security Brief Daily

Episode 84 — 18 Jun 2026 1. FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. Source: Bleeping Computer Update: Added Fortinet's statement to the end of the article. A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. The exposed data was first... 2. CISA orders feds to patch max severity Joomla plugin flaw by Friday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. Tracked as CVE-2026-48907 , this vulnerability... 3. Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments Source: The Hacker News An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that... 4. Kodak confirms data breach claimed by ShinyHunters extortion gang Source: Bleeping Computer Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. Founded in 1880 as the Eastman Kodak Company and headquartered in Rochester, New York, Kodak has 79,000... 5. Steam Workshop abused to spread malware via Wallpaper Engine app Source: Bleeping Computer Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running... 6. CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The... 7. Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline Source: The Hacker News A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a... 8. New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Source: The Hacker News Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen...

Episode 84 — 18 Jun 2026 1. FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. Source: Bleeping Computer Update: Added Fortinet's statement to the end of the article. A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. The exposed data was first... 2. CISA orders feds to patch max severity Joomla plugin flaw by Friday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. Tracked as CVE-2026-48907 , this vulnerability... 3. Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments Source: The Hacker News An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that... 4. Kodak confirms data breach claimed by ShinyHunters extortion gang Source: Bleeping Computer Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. Founded in 1880 as the Eastman Kodak Company and headquartered in Rochester, New York, Kodak has 79,000... 5. Steam Workshop abused to spread malware via Wallpaper Engine app Source: Bleeping Computer Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running... 6. CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The... 7. Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline Source: The Hacker News A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a... 8. New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Source: The Hacker News Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen...

NOW PLAYING

Jun 18, 2026 · #84

0:00 4:00

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Security Brief Daily?

This episode is 4 minutes long.

When was this Security Brief Daily episode published?

This episode was published on June 18, 2026.

What is this episode about?

Episode 84 — 18 Jun 2026 1. FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. Source: Bleeping Computer Update: Added Fortinet's statement to the end of the article. A newly discovered data leak dubbed "FortiBleed" has...

Can I download this Security Brief Daily episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!