TJS Cybersecurity News Center

Cybersecurity News Today: Threat Posture HIGH

The Tech Jacks Solutions Cybersecurity News Center is actively tracking 439 security intelligence items, including 79 critical threats, 151 flash alerts, and 0 CISA Known Exploited Vulnerabilities (KEV). 16 new items were published in the last 24 hours.

Cybersecurity News: Latest Threat Intelligence

• Microsoft ClickOnce Weaponized as Malware Delivery Channel, First In-Depth Abuse Analysis Published (Security News · Jun 20, 2026)
• ClickOnce Weaponized: How Attackers Turn Microsoft's Deployment Tool Into a Persistent Backdoor (Threat Campaign · Jun 20, 2026)
• Executive Order 14409 Mandates Federal AI Security Hardening with 30-60 Day Action Windows (Governance & Compliance · Jun 20, 2026)
• CVE-2026-35258: Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supp... (CVE Vulnerability · CVE-2026-35258 · Jun 20, 2026)
• ClickOnce Weaponization: Microsoft Deployment Tool Abused for Privilege-Free Malware Delivery and Persistence (Security News · Jun 20, 2026)
• No Patch Coming: Mitsubishi Electric FX5-ENET/IP Ethernet Module Permanently Exposed to Remote DoS (CVE Vulnerability · CVE-2026-8806 · Jun 20, 2026)
• Gravity SMTP Plugin Exposes Email Credentials at Scale: 17M Exploitation Attempts Signal Broad Unpatched Attack Surface (CVE Vulnerability · CVE-2026-4020, CVE-2026-8713 · Jun 20, 2026)
• CVE-2026-35275: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Shared Folder... (CVE Vulnerability · CVE-2026-35275 · Jun 20, 2026)
• ClickOnce Weaponized: Microsoft's Deployment Technology Becomes a Persistence and Initial Access Vector (Security News · Jun 20, 2026)
• CVE-2026-12348: Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain ... (CVE Vulnerability · CVE-2026-12348 · Jun 20, 2026)
• usbliter8: Unpatchable SecureROM Exploit Targets A12/A13 Apple Silicon via USB DMA Buffer Underflow (Security News · Jun 19, 2026)
• ClickOnce Weaponized: Microsoft's Low-Privilege Deployment Framework Becomes a Malware Delivery Channel (Security News · Jun 19, 2026)
• ClickOnce as a Weapon: How Attackers Use Microsoft's Deployment Tech to Install, Persist, and Update Malware Without Admin Rights (Threat Campaign · Jun 19, 2026)
• GentleKiller Framework: The Gentlemen RaaS Deploys Centralized EDR Destruction Targeting 400 Processes Across 48 Security Products (Threat Campaign · Jun 19, 2026)
• Texas Government and Third-Party Ecosystems Under Sustained Attack: 3M+ Records Exposed in Vendor Breach Pattern (Data Breach · Jun 19, 2026)
• FortiBleed: Mass Credential Compromise Campaign Targeting 86,644 FortiGate Devices Across 194 Countries (Threat Campaign · Jun 19, 2026)
• AI Agents Are the New Privileged Accounts: Why Shadow AI Is Now an Identity Crisis (Governance & Compliance · Jun 19, 2026)
• Apple A12/A13 BootROM Unpatchable Exploit and Beats Bluetooth Eavesdropping Flaw Expose Layered Hardware Attack Surface (CVE Vulnerability · CVE-2025-20701, CVE-2025-20700, CVE-2025-20702 · Jun 19, 2026)
• Gentlemen RaaS Operates Modular EDR-Killing Toolkit Targeting 48 Security Vendors with FortiGate Credential Exploitation (Threat Campaign · Jun 19, 2026)
• LatAm Threat Actor Blends Opportunistic Monetization with Intelligence Collection in Hybrid Operation (Threat Campaign · Jun 19, 2026)
• FortiBleed: 74,000 Fortinet Credentials Exposed as Russian-Linked Actors Target Global Infrastructure (Threat Campaign · Jun 19, 2026)
• CVE-2026-48768: Path Traversal Vulnerability in baptisteArno typebot.io (CVE Vulnerability · CVE-2026-48768 · Jun 19, 2026)
• CVE-2026-12515: Katello Missing Authorization Enables Repository Information Disclosure in Red Hat Satellite (CVE Vulnerability · CVE-2026-12515 · Jun 19, 2026)
• CVE-2026-45357: Uncontrolled Resource Consumption (DoS) in LiquidJS Template Engine (CVE Vulnerability · CVE-2026-45357 · Jun 19, 2026)
• CVE-2026-2467: Critical Heap-Based Buffer Overflow in RTI Connext Professional Core Libraries (CVE Vulnerability · CVE-2026-2467 · Jun 19, 2026)
• CVE-2026-35603: Privilege Escalation via Insecure ProgramData in AI Coding Tools (CVE Vulnerability · CVE-2026-35603 · Jun 19, 2026)
• CVE-2026-11395: Server-Side Request Forgery in CF7 to Webhook Plugin for WordPress (CVE Vulnerability · CVE-2026-11395 · Jun 19, 2026)
• CVE-2026-50268: Plaintext Password Storage in SteeltoeOSS Steeltoe.Configuration.Encryption (CVE Vulnerability · CVE-2026-50268 · Jun 19, 2026)
• F5 NGINX Critical RCE and DoS Vulnerabilities, Emergency Out-of-Band Patches Released (CVE Vulnerability · CVE-2026-42530, CVE-2026-42055, CVE-2026-11311, CVE-2026-50107 · Jun 19, 2026)
• CVE-2026-48764: Server-Side Request Forgery in baptisteArno typebot.io (CVE Vulnerability · CVE-2026-48764 · Jun 19, 2026)

Cybersecurity News Mapped to Compliance Frameworks

Every intelligence item is mapped to industry-standard compliance frameworks. Current coverage includes:

• NIST 800-53
• MITRE ATT&CK
• CIS Controls v8
• ISO 27001:2022
• NIST CSF 2.0
• HIPAA Security Rule
• SOC 2 Trust Services
• OWASP Top 10

Cybersecurity News Briefings: Weekly Intelligence Reports

• Weekly Security Intelligence Briefing -- Week of 2026-06-15 (Jun 15, 2026)
• Weekly Security Intelligence Briefing -- Week of 2026-06-08 (Jun 8, 2026)
• Weekly Security Intelligence Briefing -- Week of 2026-06-01 (Jun 1, 2026)
• Weekly Security Intelligence Briefing -- Week of 2026-05-25 (May 25, 2026)
• Weekly Security Intelligence Briefing -- Week of 2026-05-18 (May 18, 2026)

About This Cybersecurity News Dashboard

The Tech Jacks Solutions Cybersecurity News Center is an AI-powered threat intelligence platform that delivers real-time security analysis, CVE tracking, CISA KEV monitoring, and MITRE ATT&CK framework mapping. Our automated pipeline processes intelligence from NVD, CISA, vendor advisories, and security research feeds three times daily, producing executive briefings, IOC feeds, and prioritized action packs for security teams, CISOs, and compliance officers.

Features include:

• Real-time threat posture monitoring and flash alerts
• CVE vulnerability tracking with CVSS and EPSS scoring
• CISA Known Exploited Vulnerabilities (KEV) deadline tracking
• MITRE ATT&CK kill chain mapping across all intelligence items
• Compliance framework mapping: NIST 800-53, CIS v8, ISO 27001, HIPAA, SOC 2
• Executive briefings with downloadable PDF action packs
• Weekly security intelligence briefings
• Indicators of Compromise (IOC) feeds for SOC teams

Explore More from Tech Jacks Solutions

Dive deeper into cybersecurity, AI governance, risk management, and career development across our resource hubs.

• Information Security Hub — GRC, incident response, and compliance frameworks
• AI News — Latest AI developments, regulation, and market trends
• Job Displacement Tracker — AI workforce impact, layoff data, and industry analysis
• AI Knowledge Hub — Chatbots, generative AI, agentic AI, MCP, and RAG
• AI Governance Hub — EU AI Act, NIST AI RMF, ISO 42001, and risk management
• AI Risk Management Hub — Risk assessment guides, vendor risk, and threat landscape
• AI Tools Hub — AI tools directory, comparisons, and enterprise solutions
• IT Certifications Hub — CISSP, CISM, CEH, Azure, Google Cloud career paths

Vendor Vulnerability Rollups

Aggregated vulnerability intelligence by vendor, including CVE counts, severity distribution, and remediation timelines.

• Gravity SMTP (WordPress Plugin) — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• Microsoft — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• U.S. Federal Government / CrowdStrike (AI Governance) — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• University of Nottingham (Sector: Higher Education) — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• The Browser Company (Arc Search) — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• Gravity SMTP / WordPress — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• Oracle — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• npm / Open Source Ecosystem (Axios) — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• Salesforce / Klue — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• Splunk — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• Cisco — Vulnerability Rollup (2026-06-20) (Jun 20, 2026)
• Third-Party / Supply Chain (Texas TPWD Vendor Breach Pattern) — Vulnerability Rollup (2026-06-19) (Jun 19, 2026)
• Apple — Vulnerability Rollup (2026-06-19) (Jun 19, 2026)
• Multiple Vendors (GentleKiller Campaign — CrowdStrike Falcon, BeyondTrust, UEFI Vendors) — Vulnerability Rollup (2026-06-19) (Jun 19, 2026)
• Fortinet — Vulnerability Rollup (2026-06-19) (Jun 19, 2026)

Executive Intelligence Briefs

Concise threat posture assessments with key items, IR lifecycle guidance, and board-ready risk analysis.

• SCC Executive Brief - 2026-06-20 (Jun 20, 2026)

Situation Reports (SitReps)

Multi-item intelligence synthesis reports grouping related threats by actor, vendor, sector, or technique.

• Authentication Dead Zones: Supply Chain Poisoning, OAuth Bypass, and Kernel Privilege Escalation Converge Against Technology Sector Infrastructure (May 2, 2026)
• Technology Sector Under Sustained Multi-Vector Attack: Supply Chain Compromise, Critical Infrastructure Vulnerabilities, and Expanding Social Engineering Surface Converge in May 2026 (May 2, 2026)
• Technology Sector Under Siege: Credential Theft, Supply Chain Compromise, and AI-Accelerated Exploitation Converge in a Multi-Vector Assault (May 2, 2026)
• Technology Sector Under Coordinated Pressure: Supply Chain Poisoning, Developer Infrastructure Exploitation, and AI Governance Failures Converge (May 1, 2026)
• AI-Era Attack Surface Expansion: Perimeter Implants, Browser Credential Theft, and Governance Blind Spots Converge Across Technology and Government Sectors (May 1, 2026)