01CVE-2026-48558 — SimpleHelp RMM: OIDC SSO authentication bypass, actively exploited. SimpleHelp RMM OIDC authentication bypass (CVE-2026-48558, CVSS 10.0) is being actively exploited to deploy the new Djinn infostealer. The server accepts forged OIDC identity tokens without verifying their signature (CWE-347), yielding a full Technician session and bypassing MFA on first OIDC login; Horizon3.ai measured ~14,000 internet-exposed instances with ~1,000 carrying a vulnerable OIDC configuration (Horizon3.ai, 2026-06-12). See the Immediate Action callout below. →
02Public PoC released for the libssh2 pre-auth heap write (CVE-2026-55200). Two previously-covered critical CVEs now have public PoCs: libssh2 pre-auth heap write (CVE-2026-55200) and the DirtyClone Linux kernel LPE (CVE-2026-43503), the latter with a confirmed working exploit on default Debian/Fedora. Separately, the US posted a $10M bounty on the Russia-nexus Signal/WhatsApp phishing crews and added Signal Backup Recovery Key theft to the advisory — a persistent-access tactic Swiss federal officials using Signal should act on. →
03CVE-2026-8037 — Progress Kemp LoadMaster: pre-auth RCE via uninitialized heap in the /accessv2 API. Progress Kemp LoadMaster pre-auth RCE (CVE-2026-8037, CVSS 9.8) — uninitialized-malloc heap corruption in the /accessv2 API reaches code execution as root. watchTowr published the full mechanics; Progress reports no known exploitation; patch is in v7.2.63.2. →
04CERT Polska discloses a JAR parser-confusion RCE in the SzafirHost e-signature client (CVE-2026-13165). A Polish e-signature client, SzafirHost from Krajowa Izba Rozliczeniowa (CVE-2026-13165), carries a JAR parser-confusion RCE that smuggles a malicious native library past signature verification (CERT Polska, 2026-06-29); and China-nexus Mustang Panda is abusing Zoho WorkDrive as a dead-drop C2 channel against government and energy targets — both with directly transferable lessons for EU public-sector defenders (qualified e-signature tooling; SaaS-as-C2). →
CERT Polska disclosed CVE-2026-13165 in SzafirHost, a Java-based e-signature and trusted-timestamping client developed by Krajowa Izba Rozliczeniowa (KIR) (CERT Polska, 2026-06-29). The bug — assigned CWE-434 (Unrestricted Upload of File with Dangerous Type) — is a Java parser-confusion leading to remote code execution: SzafirHost verifies a JAR's signature with JarFile (which reads the ZIP Central Directory at the end of the archive) but extracts with JarInputStream (which walks local file headers sequentially). An attacker who can deliver a crafted JAR — for example a tampered update package or document — embeds a malicious native library between the last legitimate entry and the Central Directory; the signature walk never sees the injected entry (and archive-size validation still passes), but extraction writes the library to disk without hash verification, where it is then loaded and executed. CERT-PL is the disclosing authority and reports no in-the-wild exploitation; the fix is SzafirHost v1.2.2.
Why it matters to us: Qualified e-signature clients like SzafirHost sit in eIDAS-regulated document workflows used across EU public administration and finance, and they routinely process externally-supplied signed files — exactly the delivery path this bug needs. Inventory SzafirHost versions on signing workstations and push v1.2.2; the underlying JarFile-vs-JarInputStream confusion is a transferable hunting pattern for any Java signature-verification tooling. Detection concept: watch for unexpected native-library creation in Java temp directories during SzafirHost invocation, and JVM startup arguments referencing unexpected library paths.
threat30 Jun 05:10Zsingle-source · national CERTOpen finding ↗
Acronis Threat Research Unit documented two coordinated June 12–22 campaigns by China-aligned Mustang Panda (also tracked TA416 / HIVE0154 / BRONZE PRESIDENT) against Indian government bodies and hydropower-sector entities (Acronis TRU, 2026-06-29 · The Hacker News, 2026-06-29). Initial access is spear-phishing with ZIP-delivered lures (a hydropower cooperation proposal; an India–Taiwan memorandum of understanding). The toolkit introduces SHARDLOADER (DLL side-loading through a legitimate Solid PDF Creator / Citrix Receiver binary, loading shellcode from fragmented files to defeat static scanning — T1574.002), MINIRECON (a reworked Toneshell variant beaconing over wss://), and ZOHOMURK, which carries hardcoded Zoho OAuth credentials to drive an attacker-controlled WorkDrive account as a dead-drop resolver (T1102.001) — reading operator commands from an "inbox" folder and writing exfiltrated output to an "outbox", blending all C2 with legitimate workdrive.zoho.com API traffic.
Why it matters to us: Abusing a legitimate SaaS platform's API for C2 defeats egress controls that allowlist well-known cloud providers — the traffic blends with sanctioned workdrive.zoho.com calls. EU public-sector SOCs should extend CASB/DLP allowlisting to less-obvious SaaS such as Zoho WorkDrive and alert on OAuth token grants for cloud apps that are not sanctioned business tools.
JFrog Security Research disclosed two compromised npm packages (html-to-gutenberg v4.2.11, fetch-page-assets v1.2.9, uploaded 2026-05-25) plus 16 malicious Go packages carrying an identical chain (JFrog Security Research, 2026-06-24 · The Hacker News, 2026-06-29). A hidden eslint-check task in .vscode/tasks.json is configured with runOn: "folderOpen", so opening the project as a trusted workspace in VS Code or Cursor auto-executes the payload — deliberately sidestepping npm v12's lifecycle-script hardening that blocked preinstall/postinstall scripts by default. The payload (disguised as a fa-solid-400.woff2 font) pulls AES-encrypted stages from blockchain transaction data via TronGrid and Aptos APIs (a takedown-resilient dead-drop), then runs a cross-platform Python infostealer targeting browser stores, password managers, crypto wallets, and cloud-provider configs (AWS/Azure/GCP). Mapped to T1195.001, T1059.006, T1020.
Why it matters to us: Detection teams that added EDR coverage for node.exe→python chains under npm install will miss this — the parent is code.exe→python triggered by opening a folder. Add a CI/CD repository-scan rule for .vscode/tasks.json containing runOn: "folderOpen", and treat dependency-shipped .vscode/ directories as untrusted; enforce VS Code Workspace Trust so untrusted folders cannot auto-run tasks.
CVE-2026-48558 (CVSS 10.0) is an OIDC SSO authentication bypass in SimpleHelp Remote Monitoring and Management. The OIDC callback handler accepts an identity token without verifying its cryptographic signature (CWE-347), so an attacker can forge an arbitrary token and obtain a full Technician-level session; MFA is also bypassed on first OIDC login (Horizon3.ai, 2026-06-12). Exploitation requires the instance to have an OIDC provider configured, a TechnicianGroup bound to it, and "Allow group authenticated logins" enabled — Horizon3.ai measured ~14,000 internet-exposed servers, ~7.2% (~1,000) with a vulnerable OIDC configuration. CISA added it to the KEV catalog on 2026-06-29; the listing flag confirms active exploitation in the wild. Patched in v5.5.16 / v6.0 RC2 (vendor advisory issued May 2026). Observed follow-on: deployment of the new cross-platform Djinn infostealer via a "TaskWeaver" loader persisting through scheduled tasks (schtasks.exe) / launchd plists (BleepingComputer, 2026-06-29). Hunt: Technician logins not correlated with MFA/VPN events; SimpleHelpServer.exe/SimpleHelp.exe spawning powershell.exe/cmd.exe/wscript.exe (Sysmon EID 1, parent-image filter).
Hackers exploit critical SimpleHelp flaw to deploy new Djinn infostealer and TaskWeaver malware
CVE-2026-8037 (CVSS 9.8) is a pre-authentication RCE in Progress Kemp LoadMaster, an edge load balancer (watchTowr Labs, 2026-06-29 · Trend Micro ZDI, 2026-06-09). The escape_quotes() function in the access executable allocates buffers via uninitialized malloc() without null-terminating escaped strings; a sprayed JSON payload to /accessv2 (four single-quotes expanding to 16 bytes) overwrites heap metadata in adjacent freed chunks, and the subsequent __sprintf_chk() reads out-of-bounds into attacker-controlled data, reaching code execution as root with no authentication. watchTowr published the full mechanics. Affected: GA ≤ 7.2.63.1 and LTSF ≤ 7.2.54.17; fixed in v7.2.63.2 (which switches to calloc() with proper null termination). A second bulletin CVE, CVE-2026-33691, bypasses file-upload extension checks via OWASP CRS whitespace padding. Progress reports no known active exploitation. Hardening: patch to v7.2.63.2 and restrict the management interface to a dedicated admin VLAN; perimeter anomaly detection for unusual character sequences in JSON POSTs to /accessv2.
Microsoft Defender researchers found a malicious Chrome extension ("Search for perplexity ai") that abused Chrome's search-settings override API — specifically the suggest_url parameter — to exfiltrate every character typed into the address bar in real time before redirecting to legitimate results (Microsoft Security Blog, 2026-06-29 · The Hacker News, 2026-06-30). It used declarativeNetRequest rules for a two-hop redirect: the first hop shipped the query plus live autocomplete keystrokes to attacker infrastructure (server-side Node.js logging full headers, UA, and source IP), the second returned real results so the user noticed nothing. Google pulled the extension after disclosure. It is part of a broader AI-brand-impersonation trend Microsoft is tracking.
Why it matters to us: AI-brand impersonation is an easy lure for staff reaching for popular assistant tools. Enforce an enterprise extension allowlist via Group Policy / Intune, and monitor Chromium policy for unexpected changes to DefaultSearchProviderSuggestURL on endpoints with access to sensitive systems.
Microsoft's Edge security team detailed and disrupted StegoAd, 119 malicious extensions across 90+ developer accounts with a combined ~2.6M installs, masquerading as ad blockers, VPNs, translators, and downloaders (Microsoft Edge Security, 2026-06-16 · Risky Biz News, 2026-06-29). The core trick hides executable payloads after the IEND marker of PNG icon files (later WebP images and WOFF2 fonts), passing standard scanner analysis; extensions stay dormant 3–5 days, detect DevTools, and validate requests server-side to dodge sandboxes. Payloads ranged from Google/WordPress credential theft and cookie collection to affiliate-commission hijack, ad fraud, and an RCE backdoor, with failover C2 across 10+ domains fronted by Cloudflare Workers and Google Analytics properties used as a covert channel. The Hacker News reports overlap with the China-linked DarkSpectre operation (prior ShadyPanda / GhostPoster extension campaigns) (The Hacker News, 2026-06-29); the Microsoft Edge write-up itself does not name DarkSpectre. Hunt: extensions with multi-day activation delays; data after IEND in PNGs or at unusual WOFF2 offsets; browser-process requests to Cloudflare Workers domains not matching the installed manifest origin.
The US Department of State's Rewards for Justice program posted a $10 million reward on 2026-06-29 for information on members of UNC5792 (assessed associated with Russia's FSB) and UNC4221 (assessed associated with the GRU), and the FBI/CISA advisory was updated with a newly observed tactic — theft of Signal Backup Recovery Keys (Rewards for Justice, 2026-06-29 · BleepingComputer, 2026-06-29).
The recovery-key tactic is the operationally material change: a stolen backup recovery key is persistent — even after the victim rotates their phone number or reinstalls, the attacker can restore the full message backup, including prior history and group content, so access survives the initial social-engineering window (SecurityWeek, 2026-06-29). Targets are current/former government and military officials, political figures, journalists, and Ukraine-based officials across Europe and the US. Swiss federal and cantonal officials using Signal should treat backup-recovery-key protection (and re-checking the NCSC-CH Signal guidance covered 2026-06-25) as an action item, not a watch item.
A public proof-of-concept scaffold for CVE-2026-55200 (CVSS 9.2) appeared on 2026-06-29, and no official libssh2 release carrying the fix has been tagged yet — the patch commit was merged to mainline on 2026-06-12 but downstream consumers must build from source or pin manually (The Hacker News, 2026-06-29).
The flaw is in ssh2_transport_read() in transport.c, which fails to bound the attacker-controlled packet_length field during the SSH transport handshake; a 0xffffffff value triggers an integer overflow so malloc allocates a tiny buffer while the subsequent write fills the full oversized packet, corrupting the heap before authentication (VulnCheck, 2026-06-17). Because libssh2 is the client linked into git, curl, PHP, and many CI/CD runners, a malicious or compromised SSH server can corrupt memory in connecting clients — the supply-chain/CI-CD direction is the realistic risk. Pin or rebuild libssh2 from the patched commit in pipeline images now, and surface libssh2 versions through SBOM tooling.
__pskb_copy_fclone() drops the SKBFL_SHARED_FRAG flag that marks memory as file-backed during packet cloning; an attacker with CAP_NET_ADMIN (reachable on Debian/Fedora via unprivileged user namespaces by default) wires a privileged binary's pages into a cloned packet, then routes it through an attacker-controlled IPsec tunnel so in-place decryption overwrites in-kernel login checks — granting root with no file-system trace. Mainline is fixed (commit since 2026-05-21); distribution backports are rolling. Until backports land: set kernel.unprivileged_userns_clone=0 on Debian/Ubuntu and blacklist the esp4/esp6 modules to remove the IPsec in-place-decryption primitive. Hunt namespace-creation events granting CAP_NET_ADMIN and su/sudo spawned from non-privileged parents without a TTY.
The DFIR Report published (2026-06-29) the full reconstruction of an intrusion that began with SEO poisoning and ended in Akira ransomware in under three days. The report notes the case was first shared in a 2025 threat brief and flash alert produced with Swisscom B2B CSIRT, which observed a parallel intrusion tied to the same campaign — a Swiss-nexus thread (from that 2025 collaboration) that makes the now-public full reconstruction worth the day's deep dive (The DFIR Report, 2026-06-29). It also features the open-source AdaptixC2 post-exploitation framework as the Cobalt-Strike-equivalent in an Akira chain. Akira itself was deep-dived on 2026-06-23 via the SonicWall vector; this is a distinct initial-access path against the same end-stage operator.
Initial access and loader. A poisoned Bing result for "ManageEngine OpManager" led to a trojanized MSI installer (T1608.006 SEO poisoning → T1204.002 Malicious File). The Bumblebee loader established first C2 via DLL search-order hijacking (T1574.001) — a legitimate signed binary loading a same-directory msimg32.dll through consent.exe. Within ~5 hours, AdaptixC2 shellcode was injected into a renamed legitimate Windows Address Book utility, giving persistent interactive C2.
Escalation, discovery, lateral movement. The actor created domain accounts with Enterprise Admin privileges using RSAT (T1136.002 Create Account: Domain Account), enumerated the network with SoftPerfect Network Scanner, Zenmap, and RVTools (T1046), and moved laterally over RDP (T1021.001). A legitimate RustDesk remote-access tool was installed as a redundant access channel (T1219 Remote Access Software).
Credential access and collection. Credentials were harvested by extracting NTDS.dit via wbadmin.exe (T1003.003) and by dumping the Veeam backup database — the latter a recurring Akira-affiliate move that doubles as recovery sabotage. Roughly 77 GB was staged and exfiltrated over ~44 hours via FileZilla/SFTP to an external server (T1048/T1567).
Detection concepts (no IOCs). Per stage: Sysmon EID 1 for a signed binary / consent.exe side-loading msimg32.dll from a user-writable path; EID 11 for new executables written into AppData; EID 4104 for PowerShell carrying credential-access tradecraft; EID 4663 on NTDS.dit handle access; WMI-driven remote process creation (EID 4648 plus network logon type 3) from non-admin hosts; EID 4698 scheduled-task creation from unusual parents; and DLP/file-server alerts on large outbound SFTP staging. Treat any RustDesk install you did not deploy as a finding.
Hardening. Category-block software-download SEO traps at the SWG and require signed, hash-verified installers for IT-admin tooling; constrain who can create domain accounts and alert on new Enterprise Admin members; protect NTDS.dit / enable Credential Guard; restrict remote WMI to tiered admin hosts; harden Veeam service-account credentials and isolate the backup plane; and alert on unsanctioned remote-access tools (RustDesk/AnyDesk) at the proxy and EDR.
On Debian/Ubuntu, set kernel.unprivileged_userns_clone=0 and blacklist esp4/esp6 until DirtyClone (CVE-2026-43503) backports land — working root exploit confirmed (§ 4).
2026-06-30-9aaa1114· Claude Opus 4.8 (1M context) · 12 entries published
Items dropped (already covered, no fresh in-window delta): Operation Endgame II (Amadey/StealC/SocGholish takedown) — covered 2026-06-25; the 2026-06-24 announcement carries no new delta. Turla STOCKSTAY — covered 2026-06-27 (that day's deep dive). The Gentlemen RaaS (new Kaspersky technical analysis, 2026-06-29) — actor covered 2026-06-27 and in the W26 weekly long-running list; a new vendor write-up does not meet the long-running-campaign "critical change" bar for a second UPDATE inside one week.
Items dropped (relevance / lens): Germany NIS2UmsG "30 June compliance milestone" — the date is legal/advisory-firm commentary, not a formal BSI deadline (formal obligations: registration March 2026, external audits December 2028); strategic/policy-horizon framing belongs to the weekly, not the daily's 1–7-day operational lens. AssuranceAmerica MGA breach (1.1M) — US-only, no CH/EU nexus, routine single-employee phishing breach with no novel TTP or transferable lesson beyond a 90-day notification gap. Fox Rothschild / Silent Ransom Group (Luna Moth) law-firm breach — US-only with no CH/EU nexus; the only in-window source (DataBreaches.net, 2026-06-29) is a persistent 403 the verifier could not corroborate, and the verifiable corroboration (Bloomberg Law) is dated 2026-06-09, outside the 36 h window. Dropped on recency + relevance; the SRG law-firm targeting wave was already covered 2026-05-28. Malicious "Perplexity AI" extension was retained in § 3 alongside StegoAd as a fresh in-window (2026-06-29/30) browser-extension research pair.
Citation-date corrections this run (verifier-driven): Horizon3.ai's SimpleHelp disclosure page is dated 2026-06-12 (the technical analysis); the in-the-wild exploitation / Djinn deployment / CISA KEV listing is the 2026-06-29 development cited to BleepingComputer and CISA KEV. The npm lifecycle-script-hardening month was dropped (sources disagreed). The Mustang Panda prior-SaaS-C2 history (Dropbox/Google Drive) was removed as it was not in the fetchable cited sources.
Held for the weekly's strategic lens: Swiss BACS CYRA Aargau resilience pilot (25 organisations; Inside IT, 2026-06-29) — single-source, self-reported governance/resilience finding; strong CH public-sector relevance but off the daily's operational lens. Flag for weekly pickup if a BACS primary appears on bacs.admin.ch.
Single-source / national-CERT primary (PD-5 carve-out): SzafirHost CVE-2026-13165 rests on CERT Polska as the disclosing authority (carve-out applies). The § 5 deep dive rests on a single primary research report (The DFIR Report), standard for incident reconstructions; the Swisscom B2B CSIRT parallel-intrusion claim is sourced from within that report (no usable standalone Swisscom URL — only a generic service page existed, which was deliberately not cited).
§ 2 inclusion notes: CVE-2026-54305/54307 (n8n) included on CVSS 8.9/8.5 plus unauthenticated trigger-execution exposure on internet-exposed instances — no public PoC or ITW exploitation reported. CVE-2026-8037 (LoadMaster) included on pre-auth RCE plus watchTowr's public technical analysis — no ITW exploitation. CVE-2026-33691 (LoadMaster file-upload extension bypass) noted as the second bulletin CVE; lower severity, no exploitation, not given its own § 2 entry.
KEV-deadline handling (PD-13): CVE-2026-48558 carries a CISA KEV remediation deadline (2026-07-02). That US FCEB compliance date is not the operational driver — the Immediate Action callout and § 2 entry lead on active exploitation and the ~1,000 vulnerable internet-exposed instances; the cisa-kev tag reflects only the exploitation-confirmation flag.
Contradiction: Operation Endgame II seizure figure — Europol stated €41M in crypto seized while Risky Biz News reported "$47M"; the item was dropped as already-covered, so the discrepancy is not carried into the brief body.
Coverage gaps (carry forward): rapid7-research (a sub-agent fetched the wrong endpoint https://www.rapid7.com/blog/feed/ → HTTP 404; the documented healthy feed is https://www.rapid7.com/rss.xml — source is fine, clarifying note added to sources.json); cert-fr-actu / anssi-fr (feed stale, latest entries Nov 2025 / 2026-06-19); databreaches-net (per-article 403 persistent — covered via RSS + alternate publishers); acronis-tru (article 403 — covered via The Hacker News); mandiant-gtig (Feedburner IncompleteRead — covered via Google TI blog); inside-it-ch (article body behind Cloudflare Managed Challenge); cert-eu (no in-window advisories; latest 2026-06-10); ncsc-ch-security-hub, bsi-de, dragos, claroty-team82, ico-uk, cnil-fr, sec-disclosures-edgar, us-treasury-ofac — no new in-window items.
Unmatched action items (migrated)
Patch or de-internet SimpleHelp RMM today if you run an OIDC-enabled, internet-exposed instance — pre-auth bypass actively exploited to drop the Djinn infostealer (see § 0 Immediate Action and § 2). Upgrade to v5.5.16 / v6.0 RC2; review Technician session logs for logins not matched to MFA/VPN events.
Patch Progress Kemp LoadMaster to v7.2.63.2 and move the management interface to a dedicated admin VLAN — pre-auth RCE to root, full mechanics public (§ 2).
Add .vscode/tasks.json with runOn: "folderOpen" to CI/CD repo scanning and enforce VS Code Workspace Trust — the npm/Go supply-chain implant executes on folder-open, not on install (§ 1).
Rotate / protect Signal Backup Recovery Keys for officials in scope and re-verify the NCSC-CH Signal guidance — the Russia-nexus crews now steal recovery keys for persistent backup access (§ 4).
Pin or rebuild libssh2 from the patched commit in CI/CD images (no release tagged yet) and surface versions via SBOM — public PoC out for the pre-auth heap write (§ 4).
Inventory and update SzafirHost to v1.2.2 on document-signing workstations interoperating with Polish public services (§ 1).
Extend CASB/egress allowlisting to Zoho WorkDrive and alert on OAuth grants for non-sanctioned cloud apps — Mustang Panda's dead-drop C2 hides in legitimate SaaS API traffic (§ 1).