Cybersecurity Update June 26, 2026: Signal Phishing, Linux Exploits, Miasma Supply Chain Attack

CybersecFriday, June 26, 2026

50 articles analyzed by AI / 241 total

Key points

Audio player

0:00 / 0:00

•Russian intelligence-backed hackers have targeted Signal users by employing phishing schemes to obtain Signal Backup Recovery Keys, as warned by FBI and CISA on June 26, 2026. This aims to gain unauthorized access to encrypted messaging accounts, indicating ongoing state-sponsored cyber espionage threats.[The Hacker News RSS]
•A sophisticated malware campaign named StrikeShark leverages SharkLoader to deploy Cobalt Strike Beacon, compromising targeted systems with advanced malware tactics, as detailed by Kaspersky on June 26, 2026. This reflects a growing trend of complex cyberattack toolkits used by threat actors.[The Hacker News RSS]
•Cybersecurity firms face a surge in social engineering attacks from fraudulent entities impersonating OpenAI, sending malicious invitations aimed at deceiving professionals. This incident, reported on June 26, 2026, underlines the increasing exploitation of AI industry trust to conduct phishing.[BleepingComputer]
•Espionage concerns intensified after Japan's Ground Self-Defense Force's USB drives were found infected with China-linked malware, reported by Nikkei on June 26, 2026. This incident raises critical supply chain and national security risks involving military data and connectivity.[CyberSecurityNews]
•Two significant Linux kernel vulnerabilities, CVE-2026-46331 and CVE-2026-43503, were disclosed on June 26, 2026, permitting local privilege escalations to root access. These high-severity flaws, including the pedit COW and DirtyClone exploits, are publicly known and pose urgent risks to Linux system security.[The Hacker News RSS][The Hacker News RSS]
•State-sponsored cyber threats continue in Southeast Asia with a Chinese-speaking APT deploying the new TinyRCT backdoor targeting government and critical infrastructure sectors, including energy, emphasizing ongoing geopolitical cyber conflict dynamics revealed on June 26, 2026.[The Hacker News RSS]
•Cloud and software supply chains suffer critical attacks including a high-severity Amazon Q Developer vulnerability (CVE-2026-12957) and Miasma malware infections on npm packages and GitHub Actions, impacting developers and cloud security on June 26, 2026. These incidents highlight heightened risks of software supply chain compromises.[The Hacker News RSS][The Hacker News]
•CISA added a remote code execution vulnerability in PTC Windchill to its Known Exploited Vulnerabilities catalog amid ongoing web shell attacks, underscoring continued exploitation of enterprise software flaws reported on June 26, 2026. This stresses the persistent nature of targeted attacks on critical software platforms.[The Hacker News]

Relevant articles

FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys

9/10

The FBI and CISA issued a warning on June 26, 2026, about Russian intelligence hackers targeting Signal users by phishing for Signal Backup Recovery Keys. This attack risks unauthorized access to Signal accounts, emphasizing the threat of state-backed cyber espionage.

The Hacker News RSS · 6/26/2026, 7:38:29 PM

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

9/10

Kaspersky reported a new cyberattack campaign called StrikeShark on June 26, 2026, which uses SharkLoader malware to deploy Cobalt Strike Beacon on compromised systems. This reflects a trend of increasingly sophisticated malware delivery tactics targeting enterprises.

The Hacker News RSS · 6/26/2026, 6:17:46 PM

Cybersecurity firms targeted by fraudulent OpenAI organization invites - BleepingComputer

9/10

Several cybersecurity firms have been targeted by malicious fake invitations from a fraudulent OpenAI organization on June 26, 2026, demonstrating ongoing social engineering risks within the AI and cybersecurity industries.

BleepingComputer · 6/26/2026, 5:49:07 PM

Nikkei Warns of Japan's Ground Self-Defense Force Used USB Drives Infected with a China-linked Malware - CyberSecurityNews

9/10

Nikkei reported on June 26, 2026, that USB drives used by Japan's Ground Self-Defense Force were infected with China-linked malware. This revelation raises concerns about espionage, supply chain security, and the vulnerability of military data.

CyberSecurityNews · 6/26/2026, 11:52:32 AM

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

9/10

On June 26, 2026, a critical Linux kernel vulnerability (CVE-2026-46331) was disclosed allowing local privilege escalation to root by poisoning cached binaries through a buffer overflow in the packet editing subsystem. The exploit is publicly available, posing a significant risk to Linux systems.

The Hacker News RSS · 6/26/2026, 1:00:41 PM

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

8/10

A Chinese-speaking advanced persistent threat (APT) group deployed a new backdoor called TinyRCT in Southeast Asia, targeting government and critical infrastructure sectors including energy on June 26, 2026. This highlights continuing state-sponsored cyber espionage in the region.

The Hacker News RSS · 6/26/2026, 4:21:25 PM

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

8/10

A high-severity security flaw in Amazon Q Developer (CVE-2026-12957) was patched on June 26, 2026. The vulnerability, with a CVSS score of 8.5, could have allowed malicious repositories to execute code and steal cloud credentials, underscoring cloud supply chain risks.

The Hacker News RSS · 6/26/2026, 1:53:00 PM

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack - The Hacker News

8/10

The Miasma malware was found exploiting vulnerabilities in npm packages and GitHub Actions in a supply chain attack reported on June 26, 2026. This attack affected software developers and projects, emphasizing the increasing threat of supply chain compromises.

The Hacker News · 6/26/2026, 11:05:00 AM

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue - The Hacker News

8/10

CISA added an exploited remote code execution (RCE) vulnerability in PTC Windchill to its Known Exploited Vulnerabilities catalog on June 26, 2026. Ongoing web shell attacks continue exploiting this flaw, illustrating persistent threat actor activity.

The Hacker News · 6/26/2026, 12:31:00 PM

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

8/10

A Linux kernel vulnerability (CVE-2026-43503) known as DirtyClone was disclosed on June 26, 2026, allowing local users to escalate privileges to root via cloned packets. JFrog Security Research detailed the exploit, which carries a high CVSS score of 8.8.

The Hacker News RSS · 6/26/2026, 11:51:35 AM