CTI Daily Brief — 2026-06-20

Typedaily

Date2026-06-20

GeneratorAnthropic Claude (specific model not determined) (`unknown`)

ClassificationTLP:CLEAR

LanguageEnglish

Promptv2.60

Items9

CVEs8

On this page

0. TL;DR
1. Active Threats, Trending Actors, Notable Incidents & Disclosures
2. Trending Vulnerabilities
3. Research & Investigative Reporting
4. Updates to Prior Coverage
5. Deep Dive — PTC Windchill CVE-2026-12569: unauthenticated Java deserialization to RCE on the PLM management plane
6. Action Items
7. Verification Notes

References (24)

0. TL;DR

PTC Windchill / FlexPLM CVE-2026-12569 (CVSS 10.0) is under active exploitation — backdoors being deployed. An unauthenticated Java-deserialization flaw in the Windchill/FlexPLM web login interface yields pre-auth RCE; Germany's BSI took the unusual step of phoning administrators after-hours and NCSC-CH lists the status as actively exploited (Heise Security, 2026-06-19). PLM platforms are pervasive in DACH manufacturing, aerospace and the defence-industrial base. Patch released 2026-06-15. See § 5 deep dive.
AVer PTC-series conference cameras CVE-2026-40624 (CVSS 9.8) — unauthenticated RCE via the management web interface. CISA ICS advisory ICSA-26-169-01; these PTZ cameras sit in government meeting rooms and legislative chambers, directly on the public-sector attack surface (CISA, 2026-06-18).
usbliter8 — a permanent, unpatchable SecureROM boot-chain exploit for Apple A12/A13 silicon. Working RP2350-based PoC published; a checkm8-class hardware bug (DWC2 USB DMA underflow) affecting iPhone XS through 11. Physical-access only, but it defeats Secure Enclave protections on affected devices — an MDM/device-retirement question for high-security estates (Paradigm Shift, 2026-06-18).
FortiBleed escalates to 86,644 compromised FortiGate devices; CISA issues emergency hardening guidance. Up from 73,932 (covered 2026-06-18); attackers are cracking SSL VPN password hashes and pivoting into Active Directory (§ 4).
Splunk Enterprise CVE-2026-20253 (pre-auth RCE) now under confirmed limited targeted exploitation per Splunk PSIRT and NCSC-NL — patch urgency for SOC SIEM platforms jumps from routine to emergency (§ 4).

Immediate Action — Patch internet-reachable PTC Windchill / FlexPLM now. CVE-2026-12569 is an unauthenticated Java-deserialization remote code execution flaw (CVSS 3.1 10.0 / CVSS 4.0 9.3) in the Windchill and FlexPLM web login interface; network access to the login endpoint is the only prerequisite. Exploitation is confirmed in the wild with backdoors being deployed on vulnerable systems, and Germany's BSI escalated to direct after-hours phone calls to operators (Heise Security, 2026-06-19; NCSC-CH, 2026-06-19). Apply PTC's 2026-06-15 patch immediately, block external access to Windchill/FlexPLM login endpoints at the perimeter, and hunt for Java deserialization exceptions and unexpected child processes spawned by the Windchill application-server (JBoss/WildFly) process.

1. Active Threats, Trending Actors, Notable Incidents & Disclosures

Nintendo employee data stolen from third-party HR-survey SaaS (TinyPulse), not Nintendo's own systems

Nintendo of America confirmed that the extortion group Shadowbyt3$ stole a trove of employee data — not from Nintendo's perimeter, but from TinyPulse, an employee-engagement / pulse-survey SaaS owned by WebMD Health Services (BleepingComputer, 2026-06-18). The exfiltrated dataset (2016–early 2026) reportedly includes employee names, email addresses, W-9 tax forms, bank-statement PDFs and HR analytics (TechNadu, 2026-06-18). The actors demanded USD 2 million from Nintendo on 12 June with a 48-hour deadline; when Nintendo refused, they redirected extortion to TinyPulse directly and began releasing samples. Nintendo characterised the exposure as "internal survey content" for a small subset of employees — narrower than the attacker's claims.

Kodak confirms breach after ShinyHunters leak-site listing; June 18 deadline passed without publication

Eastman Kodak acknowledged on 17 June 2026 that "an unauthorized third party illegally gained access to a limited amount of company data," after ShinyHunters listed it on their dark-web leak site on 15 June claiming 2.2 million PII records and set an 18 June contact deadline (SecurityWeek, 2026-06-18; BleepingComputer, 2026-06-17). As of the deadline ShinyHunters had not published samples — consistent with the group's pattern of withholding proof to maximise leverage. Kodak did not disclose the access vector; ShinyHunters' 2026 campaign has leaned on misconfigured Salesforce Experience/Aura guest-user access, Oracle PeopleSoft (CVE-2026-35273) and Snowflake credential stuffing across 100+ victims, with the group claiming a 1.5-billion-record Salesforce corpus (BleepingComputer, 2026-06-17).

2. Trending Vulnerabilities

CVE-2026-40624 — AVer PTC-series conference cameras: unauthenticated RCE via the management web interface

CVE-2026-40624 (CVSS 3.1 9.8; CISA classes it CWE-552, files or directories accessible to external parties) lets a remote, unauthenticated attacker execute arbitrary code on AVer PTC500S, PTC115, PTC500+ and PTC115+ PTZ cameras by sending a crafted request to the web-based management interface (CISA ICS advisory ICSA-26-169-01, 2026-06-18). NCSC-CH echoed the advisory the following day and lists exploitation status as unknown (NCSC-CH, 2026-06-19). These cameras are common in government meeting rooms, lecture halls and legislative-chamber hybrid-meeting setups — placed adjacent to meeting infrastructure on frequently flat networks, they offer device takeover plus a lateral-movement foothold. AVer has shipped firmware fixes; interim mitigation is to put cameras on an isolated VLAN with no internet egress and restrict the management interface to trusted admin hosts. Hunt for unexpected HTTP requests to the camera management interface from non-admin subnets and any outbound connections initiated by camera IP ranges (cameras should never initiate arbitrary egress).

CVE-2026-52806 — Gogs self-hosted Git server: argument injection to OS command execution (BSI critical batch)

BSI advisory WID-SEC-2026-2013 (rated kritisch, 2026-06-19) consolidates a batch of more than 20 CVEs in the Gogs self-hosted Git server (BSI CERT-Bund, 2026-06-19). The most severe, CVE-2026-52806 (CWE-77 command injection; CVSS 4.0 9.4 per BSI, CVSS 3.1 9.9 per the GitHub advisory), lets a user craft a branch name containing a --exec Git flag that Gogs passes unsanitised to git rebase, yielding arbitrary OS command execution as the Gogs process owner when a rebase is triggered. Because Gogs ships with open self-registration enabled and no repository-count limit by default, the "authenticated" prerequisite is effectively eliminated on default-configured internet-exposed instances (GitHub Security Advisory GHSA-qf6p-p7ww-cwr9). All issues are fixed in Gogs 0.14.3 (released 2026-06-07; the BSI consolidation followed a May 2026 disclosure that the bugs were then unpatched). Gogs is common in EU research institutions, universities and smaller public-sector IT teams as a lightweight Git host. Upgrade to 0.14.3, set [service] DISABLE_REGISTRATION = true if registration is not required, run the Gogs process under a minimal-privilege shell-less user, and hunt for git child processes carrying --exec arguments.

CVE Summary Table

CVE	Product	CVSS	EPSS	KEV	Exploited	Patch	Source
CVE-2026-12569	PTC Windchill / FlexPLM	10.0 (v3.1) / 9.3 (v4.0)	n/a	No	Yes (BSI/NCSC-CH confirmed)	12.1.2.27 / 13.0.2.12 / 13.1.2.8 / 13.1.3.4 (2026-06-15)	Heise
CVE-2026-40624	AVer PTC500S/PTC115/PTC500+/PTC115+ cameras	9.8 (v3.1)	n/a	No	Unknown	Firmware update (all models)	CISA
CVE-2026-52806	Gogs self-hosted Git server	9.4 (v4.0)	n/a	No	Not observed	0.14.3 (2026-06-07)	BSI

Changes since first coverage(1 prior appearance)

2026-06-142026-W24

3. Research & Investigative Reporting

usbliter8 — a permanent SecureROM boot-chain exploit for Apple A12/A13 silicon

Paradigm Shift Technology published usbliter8 on 2026-06-18 with a full technical write-up and a working RP2350-based proof-of-concept: a software-unpatchable bootrom exploit for Apple A12 and A13 (and S4/S5) SoCs, conceptually the successor to 2019's checkm8 (Paradigm Shift, 2026-06-18). The root cause is a buffer underflow in the Synopsys DWC2 USB controller's DMA path that Apple's DART IOMMU does not block while the device is in DFU mode, allowing arbitrary SRAM overwrites; on A13 the chain additionally bypasses Pointer Authentication via heap corruption before booting unsigned iBoot images and fully subverting the chain of trust (The Hacker News, 2026-06-19). Exploitation requires physical access to a device in DFU mode connected over USB to the attacker's microcontroller and completes in under two seconds. Affected hardware spans iPhone XS/XR through the iPhone 11 line, several iPad and Apple Watch generations and the HomePod mini; A14 and later are unaffected. Because the flaw is in mask-ROM, no OS update can remediate it (MITRE ATT&CK T1542.003 Pre-OS Boot: Bootkit).

Why it matters to us: This is a physical-access risk, not a network threat, but it defeats every OS-level control — including Secure Enclave credential protections — on affected hardware. For high-security estates the practical questions are MDM supervised-mode enforcement (which can detect unmanaged DFU connections), physical custody of devices, and retiring A12/A13 hardware where physical control cannot be guaranteed.

AutoJack — Microsoft shows a single web page can drive host RCE through an AI agent's local MCP server

Microsoft Security researchers disclosed AutoJack on 2026-06-18, a three-weakness chain against AutoGen Studio's Model Context Protocol (MCP) WebSocket surface that lets a malicious web page rendered by a local AI browsing agent execute arbitrary commands on the host (Microsoft Security Blog, 2026-06-18). The chain: (1) the WebSocket origin allowlist accepts a locally-running browsing agent's localhost identity (CWE-1385 missing origin validation); (2) the auth middleware exempts all /api/mcp/* paths (CWE-306 missing authentication); (3) the MCP handler base64-decodes a server_params URL query parameter and passes it to OS process execution (CWE-78 OS command injection). The flaw existed only in pre-release PyPI builds 0.4.3.dev1/0.4.3.dev2 — the stable 0.4.2.2 was never affected — and was fixed before public release; no in-the-wild exploitation was observed (The Hacker News, 2026-06-19).

Why it matters to us: The specific package never shipped, but the pattern — origin-bypass → unauthenticated local API → executable parameter — generalises to any agentic framework exposing a local WebSocket/MCP endpoint to browsing agents. Teams piloting MCP-based tooling should validate Origin headers on all localhost WebSocket servers, require authentication on every path, refuse executable parameters via URL query strings, and run agent frameworks in sandboxes rather than on developer workstations.

4. Updates to Prior Coverage

UPDATE: FortiBleed reaches 86,644 compromised FortiGate devices; CISA issues emergency hardening guidance

UPDATE (originally covered 2026-06-18): The FortiBleed SSL VPN credential-harvesting campaign has grown from the 73,932 internet-facing FortiGate devices reported on 2026-06-18 to 86,644 confirmed compromised credentials across 194 countries, and CISA has published an emergency hardening advisory (SecurityWeek, 2026-06-19; CISA, 2026-06-18).

The new detail is methodology and impact: a Russian-speaking actor cracked SSL VPN password hashes with a 45-GPU Hashtopolis cluster, after which the actors pivot into internal Active Directory using harvested service and admin accounts (BleepingComputer, 2026-06-19). CISA's guidance mandates immediate SSL VPN session termination, full credential resets, enforcement of PBKDF2 (replacing the older MD5-crypt admin-hash scheme), and phishing-resistant MFA on all remote access. Defenders should cross-reference SSL VPN session logs against the Shadowserver notification feed and hunt for sequential VPN authentication failures from rotating residential IP ranges followed by a success and immediate internal RDP/SMB/LDAP reconnaissance.

UPDATE: Splunk CVE-2026-20253 now under confirmed limited targeted exploitation

UPDATE (originally covered 2026-06-14): Splunk PSIRT and NCSC-NL have confirmed that CVE-2026-20253 (CVSS 9.8) — the Splunk Enterprise pre-auth RCE first covered on 2026-06-14 — is now under limited targeted exploitation in the wild, and CISA added it to the Known Exploited Vulnerabilities catalog on 2026-06-18, moving it from "disclosed, no known exploitation" to active-exploitation status (Splunk PSIRT SVD-2026-0603, 2026-06-18; SecurityWeek, 2026-06-19).

The vulnerability is an unauthenticated arbitrary file-creation/truncation flaw in a PostgreSQL sidecar service endpoint that chains to remote code execution; it affects the 10.0.x and 10.2.x branches and is fixed in Splunk Enterprise 10.4.0 / 10.2.4 / 10.0.7, available since 2026-06-14. The exploitation confirmation plus KEV listing raises this from a routine patch-cycle item to emergency priority, particularly because Splunk is a standard SIEM platform inside CH/EU public-sector SOC environments — a compromised search head sits at the centre of detection and log visibility. Restrict search-job submission to authorised analyst accounts and verify indexer/search-head network segmentation while patching.

Changes since first coverage(1 prior appearance)

2026-06-142026-06-14Deep dive + § 2. Sidecar PostgreSQL Go REST API (loopback 5435) proxied via /en-US/splunkd/__raw/v1/postgres/ with empty Basic creds -> SQL injection in backup/restore -> RCE. Splunk-on-AWS default-vulnerable. T1190/T1059. No ITW yet. Fixed 10.4.0/10.2.4/10.0.7.

UPDATE: The Gentlemen (Storm-2697) claims OT-adjacent Mackay Sugar attack; operator attributed to a Russian national

UPDATE (originally covered 2026-06-19): Following ESET's 2026-06-19 documentation of the group's GentleKiller EDR-killer framework, The Gentlemen ransomware group has claimed an OT-adjacent attack on Mackay Sugar (Australia's second-largest sugar producer), which confirmed on 2026-06-18 that an external party accessed its IT environment around 10 June, halting milling at two of three mills (The Record, 2026-06-18).

Separately, KrebsOnSecurity reported OSINT attribution identifying the group's administrator — operating as "Hastalamuerte" / "Zeta88" — as Alexander Andreevich Yapaev, a 36-year-old from Izhevsk, Russia, cross-matched across ProtonMail addresses, Telegram IDs and Russian breach corpora (KrebsOnSecurity, 2026-06-10). Krebs reports the administrator uses AI tooling to develop ransomware and assist post-exploitation. The attribution is Krebs's analytical claim, not a confirmed indictment; for defenders the operational signal remains the group's 90%-affiliate RaaS model and its BYOVD EDR-kill tradecraft documented on 2026-06-19.

5. Deep Dive — PTC Windchill CVE-2026-12569: unauthenticated Java deserialization to RCE on the PLM management plane

Context. PTC Windchill and the FlexPLM apparel/retail variant are dominant product-lifecycle-management platforms across DACH manufacturing, aerospace, automotive and the defence-industrial base — systems that hold the engineering crown jewels (CAD, BOMs, supplier data) and increasingly sit behind internet-reachable web front-ends to support distributed engineering and supplier portals. That combination — high-value data and a network-exposed login surface — is what makes CVE-2026-12569 an emergency rather than a routine critical.

The flaw. CVE-2026-12569 (CVSS 3.1 10.0; CVSS 4.0 9.3) is an unsafe deserialization of untrusted data reachable on the web-based Windchill/FlexPLM login interface before authentication (NCSC-CH, 2026-06-19). A deserialization sink consumes attacker-controlled serialized data at the network edge; the only prerequisite is network access to the login endpoint, with no valid credentials, no prior foothold and no user interaction. PTC released fixes on 2026-06-15 and auto-patched cloud-hosted tenants (PTC PSIRT). Affected on-premises builds span the 11.x, 12.0.x, 12.1.x, 13.0.x and 13.1.0.0–13.1.3.0 lines as well as releases prior to 11.0 M030 — verify exact fixed-build numbers against the PTC advisory for your release train.

Exploitation status. Both BSI (Germany) and NCSC-CH treat this as actively exploited: Heise reported active exploitation deploying backdoors on vulnerable systems, and the BSI escalated to direct after-hours phone calls to known Windchill operators — a step reserved for the highest-urgency advisories (Heise Security, 2026-06-19).

Kill chain (mapped to MITRE ATT&CK).

Initial access / execution — pre-auth deserialization RCE against the public-facing login interface (T1190 Exploit Public-Facing Application). The deserialization gadget executes in the context of the Windchill Java application server.
Persistence — the sources report follow-on backdoor deployment on compromised hosts; this is consistent with installing a server-side implant or web component on the application server (T1505.003 Server Software Component: Web Shell), though the specific implant class was not detailed publicly.
Discovery / collection — a foothold on a PLM server places the attacker adjacent to engineering IP, supplier records and integration credentials to ERP/CAD systems.

Hunt and detection concepts (no IOCs). Watch Windchill application-server logs for Java deserialization exception bursts and class-resolution errors around the login path; alert on unexpected child processes spawned by the Windchill application-server process (JBoss/WildFly/WebLogic parent), which should not normally fork shells or scripting interpreters; flag anomalous inbound connections to Windchill HTTP/HTTPS ports from CIDR ranges that never legitimately reach the login surface; and treat any new outbound connections initiated by a PLM server as suspect, since these servers should have tightly-bounded egress.

Hardening / mitigation. Apply the 2026-06-15 patch on every on-premises instance and confirm cloud tenants were auto-patched. Until patched, remove the login interface from direct internet exposure — front it with VPN or an authenticating reverse proxy and segment the PLM tier so it cannot be reached from untrusted networks. Constrain the application-server service account to least privilege and restrict its outbound network paths so a successful deserialization yields the smallest possible blast radius.

6. Action Items

Patch internet-reachable PTC Windchill / FlexPLM today (CVE-2026-12569, actively exploited). Apply the 2026-06-15 fix, remove the login interface from direct internet exposure behind VPN/authenticating proxy, and hunt for Java deserialization exceptions and unexpected application-server child processes. See § 5 and the § 0 Immediate Action.
Treat Splunk CVE-2026-20253 (CVSS 9.8, now CISA KEV) as emergency, not routine — confirmed limited targeted exploitation of a pre-auth RCE on the SIEM platform itself. Patch to Splunk Enterprise 10.4.0 / 10.2.4 / 10.0.7, restrict search-job submission to analyst accounts, verify search-head/indexer segmentation. See § 4.
For FortiGate estates, act on the FortiBleed escalation: terminate SSL VPN sessions, reset all device and VPN credentials, enforce PBKDF2 admin hashing and phishing-resistant MFA, and reconcile session logs against the Shadowserver notification feed. See § 4.
Isolate and patch AVer PTC-series cameras (CVE-2026-40624): apply firmware, move cameras to a no-egress VLAN, restrict the management interface to admin hosts. See § 2.
Upgrade self-hosted Gogs to 0.14.3 (CVE-2026-52806) and disable open self-registration (DISABLE_REGISTRATION = true) on internet-exposed instances. See § 2.
Audit HR/engagement SaaS tenants for bulk data exports and the actual data classes they retain (financial onboarding docs, not just survey content); review SSO integrations that maintain a separate credential store. See § 1.

7. Verification Notes

Items dropped (already covered): SocGholish / Operation Endgame disruption (covered 2026-06-19; only minor delta — Shadowserver's 14,971 sites-cleaned figure); DragonForce Backdoor.Turn Teams-TURN C2 (2026-06-17 deep dive); Mastra / Sapphire Sleet npm supply-chain compromise (2026-06-18 deep dive — the DPRK/Sapphire Sleet attribution falls within that coverage); standalone GentleKiller EDR-killer framework write-up (2026-06-19 — superseded here by the § 4 Gentlemen UPDATE).
Items dropped (relevance / recency): INC ransomware RaaS evolution report (Acronis, 2026-06-17 — primary source outside the 36 h window; retrospective victim-count rollup with limited fresh defender delta); UK NCSC CEO RUSI lecture (strategic commentary anchored on aggregate incident statistics; no in-window defender action); Popa Android TV-box botnet investigation (Krebs/Qurium, 2026-06-18 — substantive reporting but consumer-IoT focused with only indirect public-sector nexus).
§ 2 inclusion notes: CVE-2026-40624 (AVer) included on CVSS 9.8 + CISA ICS advisory + direct public-sector attack surface; exploitation status is unknown (no confirmed in-the-wild activity). CVE-2026-52806 (Gogs) included on the BSI kritisch advisory + effectively-unauthenticated RCE on default open-registration instances; no confirmed in-the-wild exploitation observed.
Reduced-confidence: Kodak breach (§ 1) — reduced confidence, only aggregator/news sources available (BleepingComputer, SecurityWeek, Malwarebytes); no vendor/regulator primary (no SEC 8-K filed in window). It is a ShinyHunters leak-site listing with only limited Kodak confirmation of access to "a limited amount of company data" — the 2.2-million-record figure is the attacker's unverified claim. The Gentlemen operator attribution (§ 4) is KrebsOnSecurity's OSINT analytical claim, not a confirmed indictment.
Verification correction: the S2 research sub-agent initially mis-cited the Splunk advisory as SVD-2026-0601 (which is actually CVE-2026-20251, an authenticated Secure Gateway flaw, CVSS 8.8) and carried that CVE's CVSS and version numbers. Verification (iteration 1) corrected the § 4 item to SVD-2026-0603 / CVE-2026-20253 — the unauthenticated PostgreSQL-sidecar file-creation/truncation flaw (CWE-306, CVSS 9.8) chaining to pre-auth RCE, fixed in 10.4.0 / 10.2.4 / 10.0.7 and added to CISA KEV on 2026-06-18 — which aligns with the 2026-06-14 first coverage. No outstanding contradiction.
AutoJack (§ 3): The Hacker News mentions CVE-2026-26030 and CVE-2026-25592 in the context of Microsoft's separate Semantic Kernel RCE research, not the AutoJack/AutoGen Studio chain — which carries no assigned CVE (Microsoft's primary frames it via CWE-1385/306/78, and the flaw existed only in pre-release dev builds). No CVE field added.
Single-source items: none — all items carry ≥2 independent sources or a national-CERT primary plus corroboration.
Sub-agents: S1–S4 all returned within the 30-minute cap (all Claude Sonnet 4.6).
Verification: 5 iterations run (cap reached), rotating Opus (1, 3, 5) and Sonnet (2, 4). The passes progressively corrected a chain of source-precision defects introduced by the research sub-agents — a mis-cited Splunk advisory (SVD-0601→SVD-0603) with its wrong CVSS/version numbers, several CWE-number mismatches (AVer CWE-20→552; Gogs CWE-88→77), an unsourced 63.3% FortiBleed figure, a mis-attributed Kodak citation, an unconfirmed Nintendo data-size, and a dead NCSC-NL URL (replaced with SecurityWeek). The final iteration flagged one residual — the "first Splunk CVE ever added to KEV" framing, independently true but not carried by either cited source — remediated by softening to the source-supported "added to CISA KEV on 2026-06-18". verification_residual_count records 1 per the cap-exit convention.
Coverage gaps: inside-it-ch (Cloudflare 403, recurring 6/7 runs — no Wayback snapshot); databreaches-net (HTTP 403, no usable Wayback snapshot); heise-sec (DE articles TollBit-gated — used English edition); sec-disclosures-edgar (0 Item 1.05 8-K filings in window); cnil-fr (no in-window enforcement actions); ico-uk (no in-window enforcement actions); edpb (breach-notification-template event outside window); dragos, greynoise, elastic-seclabs, recordedfuture-insikt (no in-window primary publications); chrome-releases (RSS 302 — covered via alternates); cisa-advisories (HTML/JS shell only — content recovered via NCSC-CH Security Hub mirror).