EPISODE · Jun 18, 2026 · 4 MIN
Jun 18, 2026 · #84
from Security Brief Daily · host Security Brief Daily
Episode 84 — 18 Jun 2026 1. FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. Source: Bleeping Computer Update: Added Fortinet's statement to the end of the article. A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. The exposed data was first... 2. CISA orders feds to patch max severity Joomla plugin flaw by Friday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. Tracked as CVE-2026-48907 , this vulnerability... 3. Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments Source: The Hacker News An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that... 4. Kodak confirms data breach claimed by ShinyHunters extortion gang Source: Bleeping Computer Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. Founded in 1880 as the Eastman Kodak Company and headquartered in Rochester, New York, Kodak has 79,000... 5. Steam Workshop abused to spread malware via Wallpaper Engine app Source: Bleeping Computer Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running... 6. CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The... 7. Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline Source: The Hacker News A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a... 8. New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Source: The Hacker News Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen...
What this episode covers
Episode 84 — 18 Jun 2026 1. FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. Source: Bleeping Computer Update: Added Fortinet's statement to the end of the article. A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. The exposed data was first... 2. CISA orders feds to patch max severity Joomla plugin flaw by Friday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. Tracked as CVE-2026-48907 , this vulnerability... 3. Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments Source: The Hacker News An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that... 4. Kodak confirms data breach claimed by ShinyHunters extortion gang Source: Bleeping Computer Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. Founded in 1880 as the Eastman Kodak Company and headquartered in Rochester, New York, Kodak has 79,000... 5. Steam Workshop abused to spread malware via Wallpaper Engine app Source: Bleeping Computer Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running... 6. CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The... 7. Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline Source: The Hacker News A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a... 8. New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Source: The Hacker News Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen...
NOW PLAYING
Jun 18, 2026 · #84
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.