Episode 85 — 19 Jun 2026
1. F5 issues out-of-band patches for critical NGINX vulnerabilities
Source: Bleeping Computer
Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. The two critical vulnerabilities were found in the...
2. Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
Source: Bleeping Computer
Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. Sources told BleepingComputer of the attack yesterday, telling us that numerous...
3. Gentlemen ransomware uses multiple EDR killers to disable defenses
Source: Bleeping Computer
The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. The gang employs a collection of EDR-killing tools, most notably a utility that...
4. Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp
Source: Bleeping Computer
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group. This joint action (supported by Europol and Eurojust) was part of...
5. Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Source: The Hacker News
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation...
6. Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Source: The Hacker News
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. "The clipper in this...
7. DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Source: The Hacker News
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings from...
8. INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Source: The Hacker News
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. "The disruption of LockBit and the shutdown of...
