Security Operations Archives - Nogosee Intelligence

June 27, 2026 AI Security Incidents & Breaches Security Operations Vulnerability Intelligence

Cisco Unified CM Exploit Analysis: CVE-2026-20230 File-Write Flaw Drives Federal Patch Mandate

Active exploitation of CVE-2026-20230, a critical SSRF vulnerability in Cisco Unified CM enabling unauthenticated file writes and potential root access via the WebDialer service, has prompted CISA to add the flaw to its KEV catalog with a June 28, 2026 deadline for federal agencies. Despite WebDialer being disabled by default, misconfigurations in enterprise deployments are exposing systems to attack, highlighting the critical need for configuration validation alongside patching. Read more

June 26, 2026 Identity & Governance Incidents & Breaches Security Operations Vulnerability Intelligence

CISA Alert: Active Exploitation of Critical Lantronix EDS5000 Flaw Demands Immediate Patching

CISA has warned of active exploitation of CVE-2025-67038, a critical code injection vulnerability in Lantronix EDS5000 Series devices, requiring Federal Civilian Executive Branch agencies to apply patches by June 26, 2026. The flaw allows unauthenticated remote command execution with root privileges via the HTTP RPC module, posing significant risks to network integrity and device security. Read more

June 25, 2026 AI Security Identity & Governance Incidents & Breaches Security Operations

Research Digest: Explainable ML Framework Reveals Moral Condemnation as Dominant Tactic in Korean Foreign Influence Operations

A two-decade analysis of 112 million South Korean news comments identifies 23,998 accounts showing coordinated manipulation behavior, with moral condemnation of domestic political figures driving higher engagement than direct foreign narrative promotion, informing platform defense prioritization. Read more

June 20, 2026 AI Security Cloud Security Security Operations Vulnerability Intelligence

ThreatsDay Bulletin Reveals Systemic Abuse of Trusted Platforms in Cyber Threat Landscape

The June 18, 2026 ThreatsDay Bulletin exposes coordinated abuse of legitimate services—including AI chat platforms, browser extensions, and cloud agents—to deliver malware and harvest credentials, highlighting how attackers exploit design features rather than zero-days, with significant impact in the Asia-Pacific region and implications for enterprise security posture. Read more

June 20, 2026 AI Security Identity & Governance Incidents & Breaches Security Operations

Research Digest: China’s ‘Airport’ Censorship Circumvention Ecosystem Reveals New Security and Operational Risks

A study of China's underground 'airport' proxy market finds over half of 1,667 surveyed users rely on these subscription services to bypass the Great Firewall, citing performance and access to global platforms like ChatGPT. Researchers identified 3,431 active airports and tested 35, noting superior speeds via multi-hop routing but also risks including Alipay payments, frequent takedowns, client misconfiguration, and private censorship enforcement. Read more

June 20, 2026 AI Security Incidents & Breaches Security Operations Vulnerability Intelligence

Crypto Clipper Campaign Exploits Fake Reviews and AI Narrators to Hijack Wallets

Check Point Research uncovered a global crypto-clipper campaign using paid news posts, fake GitHub/SourceForge accounts, AI-narrated YouTube tutorials, and VirusTotal comment manipulation to distribute Rust-based malware that steals cryptocurrency by replacing wallet addresses in the clipboard. Read more

June 19, 2026 AI Security Cloud Security Incidents & Breaches Security Operations

FinRED Framework Advances Financial LLM Safety Evaluation with Expert-Guided Red-Teaming

FinRED is a new expert-guided benchmark framework for evaluating financial LLMs, designed to detect finance-specific risks like regulatory evasion and fraud by mapping global standards to threats and using real financial documents to generate realistic test prompts. It reduces critical false negatives in safety evaluations by over half and is deployed in South Korea’s Financial Security Institute sandbox for generative AI security testing. Read more

June 19, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Security Operations

Converging Ransomware and Data Leak Threats Target South Korea’s Critical Sectors in June 2026

In Week 3 of June 2026, South Korea faced a multi-vector cyber threat landscape as Qilin ransomware struck a big data solution provider, Anubis ransomware targeted a semiconductor equipment parts manufacturer, and confidential defense industry documents appeared for sale on the dark web forum Spear Forums, highlighting coordinated risks to national technological and security assets. Read more

June 19, 2026 AI Security Identity & Governance Incidents & Breaches Security Operations

Malicious JetBrains Plugins and Chrome Extensions Steal AI API Keys and Chat Data

Researchers uncovered 15 malicious JetBrains plugins posing as AI coding assistants that exfiltrate API keys for OpenAI, DeepSeek, and other LLMs, alongside two Chrome extensions stealing AI chat conversations from major platforms, highlighting supply chain risks in developer tools and browser extensions. Read more

June 18, 2026 Cloud Security Identity & Governance Incidents & Breaches Security Operations

Malicious LNK Files Disguised as Privacy Consent Forms Target South Korean Users via Fileless PowerShell and Task Scheduler Abuse

AhnLab identifies a campaign distributing malicious LNK files masquerading as personal information consent forms to execute fileless PowerShell scripts, establish persistence via Windows Task Scheduler, deploy info-stealers and backdoors, and use decoy documents to evade detection, with observed TTP overlaps to Kimsuky-like activity. Read more