TJS Cybersecurity News Center

Cybersecurity News Today: Threat Posture CRITICAL

The Tech Jacks Solutions Cybersecurity News Center is actively tracking 426 security intelligence items, including 87 critical threats, 158 flash alerts, and 0 CISA Known Exploited Vulnerabilities (KEV). 25 new items were published in the last 24 hours.

Cybersecurity News: Latest Threat Intelligence

• CVE-2026-50656: Public PoC for Unpatched Microsoft Defender SYSTEM Escalation Demands Immediate Attention (CVE Vulnerability · CVE-2026-50656 · Jun 18, 2026)
• NIST National Vulnerability Database (NVD) Expands to Include SSVC and "Affected" Information (Governance & Compliance · Jun 18, 2026)
• Data Breach at Crime Stoppers of Hamilton via Navigate360 Software (Data Breach · Jun 18, 2026)
• University of Nottingham Data Breach, Expert Analysis Published (Data Breach · Jun 18, 2026)
• CrowdStrike Builds Continuous Authorization Layer for AI Agents Using SPIFFE and Zero Standing Privileges (Security News · Jun 18, 2026)
• USB-Borne Crypto Clipper Weaponizes Tor Routing and EVAL-Based RCE to Drain Wallets and Maintain Persistent Backdoor Access (Threat Campaign · Jun 18, 2026)
• China and DPRK Drive 2025-2026 Technology Sector Targeting Wave: Supply Chains, AI Assets, and IT Worker Fraud at the Core (Threat Campaign · Jun 18, 2026)
• UK Cyber Chief: Nation-States Now Drive 75% of Critical Infrastructure Attacks, AI Will Accelerate Exploitation by 2028 (Security News · Jun 18, 2026)
• Mastra npm Supply Chain Compromise: Account Takeover Enables 140+ Package Poisoning via easy-day-js Postinstall Dropper (Threat Campaign · Jun 18, 2026)
• AWS Continuum: Security at Machine Speed and Amazon Bedrock AgentCore Harness Generally Available (Security News · Jun 17, 2026)
• Cisco ISE Carries a Two-Vector Risk: Unauthenticated Credential Exposure Feeds Authenticated RCE, No Full Patch Until August (CVE Vulnerability · CVE-2026-20181, CVE-2026-20190 · Jun 17, 2026)
• Parallel Persistence: How a Low-Skill Attacker Survived C2 Takedown Using Tailscale and OpenSSH (Threat Campaign · Jun 17, 2026)
• Large-Scale Credential Harvesting Campaign Compromises 30,000+ Fortinet Devices Across 196 Countries (Threat Campaign · Jun 17, 2026)
• Reputation Poisoning at Scale: Rust Clipboard Hijacker Weaponizes Platform Trust Signals Across Six Channels (Threat Campaign · Jun 17, 2026)
• FortiBleed: ~73,000 FortiGate Credentials Exposed Across Half the Internet-Facing Fortinet Population (Data Breach · Jun 17, 2026)
• CVE-2026-25089: Fortinet FortiSandbox Critical OS Command Injection Vulnerability Immediate Action Required (CVE Vulnerability · CVE-2026-25089 · Jun 17, 2026)
• ShinyHunters Breaches Kodak in Ongoing Enterprise Platform Campaign Targeting Third-Party Integrations (Data Breach · Jun 17, 2026)
• AI Agents Need Identity Too: CrowdStrike's Continuous Authorization Model Targets Non-Human Privilege Risk (Security News · Jun 17, 2026)
• Dual AI Credential Theft Campaign: JetBrains Plugin Supply Chain and Chrome Extension Interception Target Developer Secrets and Chatbot Data (Threat Campaign · Jun 17, 2026)
• Hijacked Contributor Account Used to Poison 144 Mastra npm Packages With Cross-Platform Infostealer (Threat Campaign · Jun 17, 2026)
• CVE-2026-54413: driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read i... (CVE Vulnerability · CVE-2026-54413 · Jun 17, 2026)
• CVE-2026-11526: GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of... (CVE Vulnerability · CVE-2026-11526 · Jun 17, 2026)
• CVE-2026-54412: LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underfl... (CVE Vulnerability · CVE-2026-54412 · Jun 17, 2026)
• Oracle PeopleSoft Critical Vulnerability Actively Exploited by ShinyHunters Ransomware Group (Security News · Jun 17, 2026)
• CVE-2026-12186: A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_co... (CVE Vulnerability · CVE-2026-12186 · Jun 17, 2026)
• CVE-2026-54410: nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function ... (CVE Vulnerability · CVE-2026-54410 · Jun 17, 2026)
• Vertex AI SDK Bucket Squatting Enables Cross-Tenant RCE via Pickle Deserialization (CVE Vulnerability · Jun 17, 2026)
• AI Agents Expose a Standing Privilege Gap: CrowdStrike's Continuous Identity Model Signals an Architecture Shift (Security News · Jun 17, 2026)
• Phantom Stealer Runs Entirely in Memory to Harvest Browser Credentials While Evading Analysis (Threat Campaign · Jun 17, 2026)
• Coordinated JetBrains Marketplace Plugin Campaign Steals AI API Keys from ~70,000 Developer Installs (Threat Campaign · Jun 17, 2026)

Cybersecurity News Mapped to Compliance Frameworks

Every intelligence item is mapped to industry-standard compliance frameworks. Current coverage includes:

• NIST 800-53
• MITRE ATT&CK
• CIS Controls v8
• ISO 27001:2022
• NIST CSF 2.0
• HIPAA Security Rule
• SOC 2 Trust Services
• OWASP Top 10

Cybersecurity News Briefings: Weekly Intelligence Reports

• Weekly Security Intelligence Briefing -- Week of 2026-06-15 (Jun 15, 2026)
• Weekly Security Intelligence Briefing -- Week of 2026-06-08 (Jun 8, 2026)
• Weekly Security Intelligence Briefing -- Week of 2026-06-01 (Jun 1, 2026)
• Weekly Security Intelligence Briefing -- Week of 2026-05-25 (May 25, 2026)
• Weekly Security Intelligence Briefing -- Week of 2026-05-18 (May 18, 2026)

About This Cybersecurity News Dashboard

The Tech Jacks Solutions Cybersecurity News Center is an AI-powered threat intelligence platform that delivers real-time security analysis, CVE tracking, CISA KEV monitoring, and MITRE ATT&CK framework mapping. Our automated pipeline processes intelligence from NVD, CISA, vendor advisories, and security research feeds three times daily, producing executive briefings, IOC feeds, and prioritized action packs for security teams, CISOs, and compliance officers.

Features include:

• Real-time threat posture monitoring and flash alerts
• CVE vulnerability tracking with CVSS and EPSS scoring
• CISA Known Exploited Vulnerabilities (KEV) deadline tracking
• MITRE ATT&CK kill chain mapping across all intelligence items
• Compliance framework mapping: NIST 800-53, CIS v8, ISO 27001, HIPAA, SOC 2
• Executive briefings with downloadable PDF action packs
• Weekly security intelligence briefings
• Indicators of Compromise (IOC) feeds for SOC teams

Explore More from Tech Jacks Solutions

Dive deeper into cybersecurity, AI governance, risk management, and career development across our resource hubs.

• Information Security Hub — GRC, incident response, and compliance frameworks
• AI News — Latest AI developments, regulation, and market trends
• Job Displacement Tracker — AI workforce impact, layoff data, and industry analysis
• AI Knowledge Hub — Chatbots, generative AI, agentic AI, MCP, and RAG
• AI Governance Hub — EU AI Act, NIST AI RMF, ISO 42001, and risk management
• AI Risk Management Hub — Risk assessment guides, vendor risk, and threat landscape
• AI Tools Hub — AI tools directory, comparisons, and enterprise solutions
• IT Certifications Hub — CISSP, CISM, CEH, Azure, Google Cloud career paths

Vendor Vulnerability Rollups

Aggregated vulnerability intelligence by vendor, including CVE counts, severity distribution, and remediation timelines.

• NIST / NVD (Operational Infrastructure) — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• Navigate360 (Third-Party Software Breach) — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• University of Nottingham (Third-Party Breach) — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• CrowdStrike — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• NCSC / UK Government (Strategic Intelligence) — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• Widget Factory (Joomla JCE Plugin) — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• npm Ecosystem / Axios — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• npm Ecosystem / Mastra Framework — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• Cisco — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• Microsoft — Vulnerability Rollup (2026-06-18) (Jun 18, 2026)
• Amazon Web Services (AWS) — Vulnerability Rollup (2026-06-17) (Jun 17, 2026)
• Cross-Platform / Campaign (Living-off-the-Land Persistence via Tailscale and OpenSSH) — Vulnerability Rollup (2026-06-17) (Jun 17, 2026)
• Cross-Platform / Campaign (Rust Clipboard Hijacker) — Vulnerability Rollup (2026-06-17) (Jun 17, 2026)
• Fortinet — Vulnerability Rollup (2026-06-17) (Jun 17, 2026)
• Multiple Platforms (ShinyHunters / SaaS Integration Campaign) — Vulnerability Rollup (2026-06-17) (Jun 17, 2026)

Executive Intelligence Briefs

Concise threat posture assessments with key items, IR lifecycle guidance, and board-ready risk analysis.

• SCC Executive Brief - 2026-06-18 (Jun 18, 2026)

Situation Reports (SitReps)

Multi-item intelligence synthesis reports grouping related threats by actor, vendor, sector, or technique.

• Authentication Dead Zones: Supply Chain Poisoning, OAuth Bypass, and Kernel Privilege Escalation Converge Against Technology Sector Infrastructure (May 2, 2026)
• Technology Sector Under Sustained Multi-Vector Attack: Supply Chain Compromise, Critical Infrastructure Vulnerabilities, and Expanding Social Engineering Surface Converge in May 2026 (May 2, 2026)
• Technology Sector Under Siege: Credential Theft, Supply Chain Compromise, and AI-Accelerated Exploitation Converge in a Multi-Vector Assault (May 2, 2026)
• Technology Sector Under Coordinated Pressure: Supply Chain Poisoning, Developer Infrastructure Exploitation, and AI Governance Failures Converge (May 1, 2026)
• AI-Era Attack Surface Expansion: Perimeter Implants, Browser Credential Theft, and Governance Blind Spots Converge Across Technology and Government Sectors (May 1, 2026)