SecurityWeek’s cybersecurity information roundup offers a concise compilation of noteworthy tales which may have slipped underneath the radar.
We offer a beneficial abstract of tales that won’t warrant a whole article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the newest vulnerability discoveries and rising assault strategies to vital coverage modifications and business studies.
Listed below are this week’s tales:
vBulletin vulnerability
Researcher Egidio Romano has printed particulars on a vulnerability affecting variations 4.x of the vBulletin discussion board software program. In accordance with the researcher, a flawed safety patch created in 2014 launched a brand new post-authentication PHP object injection vector, doubtlessly permitting distant code execution. Romano lately detailed a vBulletin vulnerability that ended up being exploited within the wild.
Chinese language hackers possible hit information heart and residential ISPs
Digital Realty, a significant information heart supplier, and Comcast had been possible focused by Salt Hurricane, the China-linked risk group recognized for hacking into the programs of main US telecom companies, Nextgov discovered from unnamed sources. The NSA decided that Comcast was possible hit, whereas the potential Digital Realty compromise was decided by CISA. Commercial. Scroll to proceed studying.
New merchandise from Cisco and Honeywell
Cisco this week introduced new merchandise within the Hybrid Mesh Firewall portfolio, together with new Common Zero Belief Community Entry (ZTNA) options that present id administration throughout customers, gadgets, and AI brokers.
Honeywell launched AI-powered safety options for operational know-how (OT) environments and expanded the Honeywell Digital Prime platform with engineering mission testing capabilities.
CISA funds minimize
The Home Appropriations Subcommittee on Homeland Safety has accepted a fiscal 2026 funding invoice that may minimize the funds of the cybersecurity company CISA by $135 million from fiscal 2025, CyberScoop reported. The funds minimize is considerably lower than the practically half a billion beforehand proposed by the White Home. CISA would get $2.7 billion.
ConnectWise rotates certificates
ConnectWise has up to date the digital signing certificates for ScreenConnect, ConnectWise Automate, and RMM, as a result of safety issues, and introduced ScreenConnect updates to enhance configuration information administration. The rotation is to be accomplished by June 13 at 8:00 p.m. ET (June 14, 12:00 a.m. UTC).
Cracked.io customers recognized by Dutch police
Dutch police introduced that they’ve recognized 126 customers of the cybercrime discussion board Cracked, which was taken down in a world regulation enforcement operation in early 2025. A lot of the recognized suspects have solely acquired notifications from the police, however some face prosecution or have already been convicted. The typical age of the Cracked customers recognized within the Netherlands is 20, and the youngest is 11 years previous.
Cyber incident places a $10 million dent in Victoria’s Secret working revenue
The Could 28 cyber incident that compelled Victoria’s Secret to take its web site offline is predicted to place a $10 million dent within the Ohio-based retailer’s Q2 working revenue, RetailDive studies. The lingerie retailer held its Q1 earnings name on June 11, after suspending it because of the information incident.
Darkish advert tech business analysis
Brian Krebs has detailed what he describes as a darkish advert tech empire involving compromised web sites, site visitors distribution programs, and malicious advertisers. One attention-grabbing facet of those operations is the usage of faux CAPTCHAs to trick customers into enabling web site notifications of their browsers.
Coordinated brute pressure assaults in opposition to Apache Tomcat Supervisor
GreyNoise warns of a coordinated spike in malicious exercise in opposition to Apache Tomcat Supervisor interfaces between June 2 and June 9, doubtlessly indicating recent threats. Roughly 400 distinctive IPs had been engaged in brute pressure and login makes an attempt, most of them categorised as malicious.
No cyberattack behind Cloudflare outage
Cloudflare says that the June 12 outage that lasted for roughly two and a half hours and impacted 10 crucial companies and their clients was not attributable to a cyberattack. The online safety and efficiency firm blames the incident on a third-party vendor failure, saying that no information was misplaced within the incident.
Associated: In Different Information: PoC for Fortinet Bug, AI Mannequin Subverts Shutdown, RAT Supply Code Leaked
Associated: In Different Information: FBI Warns of BadBox 2, NSO Disputes WhatsApp Advantageous, 1,000 Go away CISA
