#PaloAlto: if you are using Palo Alto #GlobalProtect VPN be aware that CVE-2026-0257 vulnerability allowing attackers to bypass authentication and establish VPN connections is now under active exploitation. Check your logs for IOCs:
👇
https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect portals that allows attackers to establish unauthorized VPN connections. Organizations are urged to patch their systems or apply recommended mitigations immediately to prevent potential network access by threat actors.
https://securityaffairs.com/193638/security/palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw.html

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw https://securityaffairs.com/193638/security/palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw.html

En las últimas 24 horas se han detectado explotaciones críticas en PAN-OS GlobalProtect VPN que permiten accesos no autorizados, un malware NarwhalRAT avanzado de APT37 que usa scripts LNK y PowerShell para infiltrarse, y una vulnerabilidad en MacOS que eleva privilegios vía Python, además de técnicas para identificar empresas fantasma y evitar fraudes. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 15/06/26 📆 |====

🔐 ALERTA POR EXPLOTACIÓN ACTIVA DE VULNERABILIDAD EN PAN-OS GLOBALPROTECT VPN

Palo Alto Networks ha detectado una explotación activa de la vulnerabilidad CVE-2026-0257 en su sistema PAN-OS GlobalProtect VPN. Esta falla permite evadir la autenticación estándar y crear sesiones VPN no autorizadas, poniendo en riesgo la red corporativa. Es fundamental actualizar y reforzar las configuraciones de seguridad para evitar accesos indebidos y posibles brechas de datos.

Descubre cómo proteger tu infraestructura ante esta amenaza crítica aquí 👉 https://djar.co/m4Ku5

🦈 ANÁLISIS PROFUNDO DEL MALWARE NARWHALRAT DE APT37

El grupo APT37 utiliza un sofisticado malware basado en Python llamado NarwhalRAT que se propaga mediante archivos LNK maliciosos que ejecutan scripts de PowerShell y comandos por lotes. Esta campaña combina técnicas avanzadas de phishing temático, comandos C2 en modo sigiloso y persistencia, afectando a múltiples entornos empresariales. Comprender su modus operandi es clave para implementar defensas efectivas.

Consulta el informe completo con indicadores de compromiso y estrategias de mitigación aquí 👉 https://djar.co/nEUM

🐍 NUEVA VULNERABILIDAD EN MACOS PERMITE ESCALAR PRIVILEGIOS USANDO PYTHON

La vulnerabilidad CVE-2026-28840 detectada en MacOS permite a atacantes con acceso limitado elevar sus privilegios mediante scripts en Python, comprometiendo la integridad del sistema operativo. Este fallo representa un riesgo crítico para usuarios y organizaciones que dependen de entornos Mac, especialmente en sectores sensibles. Actualizar y aplicar parches es urgente para cerrar esta brecha.

Infórmate sobre los detalles técnicos y pasos para proteger tus equipos Mac aquí 👉 https://djar.co/LMnK

🔍 CÓMO IDENTIFICAR UNA EMPRESA FANTASMA EN 2026: 7 SEÑALES CLAVE

En el entorno empresarial actual, distinguir compañías legítimas de empresas ficticias es vital para evitar fraudes y malas inversiones. Esta guía práctica expone 7 señales basadas en técnicas OSINT y herramientas gratuitas que te ayudarán a verificar la autenticidad de cualquier empresa. Incluye un análisis detallado de un caso real, paso a paso, para que puedas aplicar estos métodos de inmediato.

Aprende a detectar riesgos ocultos y proteger tus decisiones comerciales aquí 👉 https://djar.co/3pU6

The most interesting thing about the new SearchLeak attack on Microsoft 365 Copilot isn't any single bug. It's that none of the three pieces was dangerous on its own. Varonis combined a prompt injection via a URL parameter, an HTML rendering race condition, and a server-side request forgery in Bing's image search. Each of these is a common bug that security teams usually consider minor. But when you put them together with a Copilot that can access your mailbox, OneDrive, and SharePoint, they create a critical flaw. Microsoft has since patched this issue (CVE-2026-42824).

This is how the attack worked:

* The victim clicks a link. That's the whole interaction. They type nothing.

* The link instructs Copilot to search the mailbox, find sensitive information such as access codes, and place it into an image URL.

* Bing retrieves that image, which sends the stolen data to the attacker's server. Bing serves as the delivery service, allowing the attack to bypass the content security policy intended to stop it.

From the user's perspective, Copilot just pauses for a moment. There is no visible sign that any data has been taken.

In the past, we've spent years rating bugs by their severity on their own. An SSRF here, an HTML injection there—each seemed minor. But when an AI assistant can follow instructions from untrusted input and access your real data, those minor bugs become much more serious. Old types of vulnerabilities become important again in this new context.

If your company uses Copilot or any AI assistant that can access company data, it is important to ask your team how they are rating bugs that affect it. The way we judge what is low risk has changed.

https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/

#AI #Cybersecurity #InfoSec #security #privacy #cloud #AttackChain

🚨 In this week’s newsletter, we cover CVE-2026-10520, a critical pre-authentication OS command injection vulnerability in Ivanti Sentry now under active exploitation. We break down how attackers can achieve root-level remote code execution without valid credentials and what defenders should do next.

Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-10520-ivanti-sentry-os-command-injection

The VPN Authentication Bypass That Let Ransomware Actors Walk Right In: A Deep Dive into CVE-2026-50751

https://thecybersecguru.com/news/cve-2026-50751-check-point-vpn-zero-day-qilin-ransomware/

🚨 New Critical Vulnerability Analysis: CVE-2026-20253 🚨

Splunk’s June 2026 security advisory revealed a severe 9.8 CVSS flaw affecting Splunk Enterprise and Cloud platforms.

Read the technical deep-dive and remediation guide here:
👉 https://denizhalil.com/2026/06/15/cve-2026-20253-splunk-unauthenticated-rce-analysis/

#Cybersecurity #ThreatIntel #Splunk #RCE #VulnerabilityAnalysis

🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution.

Tracked as CVE-2026-20253, the bug carries a 9.8 CVSS score and affects vulnerable Splunk Enterprise servers through exposed PostgreSQL sidecar endpoints.

The exploit chain is now public.

Read the full story: https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html

:picklerick: LibreOffice: Schwachstelle ermöglicht nicht spezifizierten Angriff

:cannabis: Ein für LibreOffice herausgegebener Sicherheitshinweis hat vom BSI ein Update erhalten. Welche Betriebssysteme und Produkte von der Sicherheitslücke betroffen sind, lesen Sie hier auf news.de.

https://www.news.de/technik/859595854/libreoffice-gefaehrdet-it-sicherheitshinweis-vom-bsi-und-bug-report-update-zur-sicherheitsluecke-cve-2026-4430-vom-01-06-2026/1/

Trawling recent CVEs to make my brain stfu, stumbled across these:
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-wertheim-safecontroller-hardware-for-vault-rooms-safe-deposit-locker-system-microcontroller/ / https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-wertheim-safecontroller-software-for-vault-rooms-safe-deposit-locker-system/ / https://db.gcve.eu/search?vendor=Wertheim+GmbH&sort_sources%5B%5D=cvelistv5

I dont know much about safes & stuff so I won't comment on impact but a few things stood out to me:

• Disclosure timeline: Man, this is fucked, this shit ran for 3 years?
• CVE-2026-34022: "The Safecontroller Family 65000 is secured with weak and custom cryptographic algorithms with hard-coded keys." "Cannot be fixed due to missing hardware support." "Proof of concept removed because no patch will be provided" :eyes_squint:
• RCE on the server: This is actually a quite neat chaining of vulnerabilities/"features" being used in the second advisory to get from Arbitrary File read & Directory Traversal Upload to RCE :blobcatsurprised: