{"vulnerability": "cve-2026-2023", "sightings": [{"uuid": "b4705ab1-3dd9-4e8c-89d0-b68db469857c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20238", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmcle4nvvp2h", "content": "CVE-2026-20238 - Improper Access Control through Role Inheritance in Splunk AI Toolkit app\nCVE ID : CVE-2026-20238\n \n Published : May 20, 2026, 4:32 p.m. | 1\u00a0hour, 43\u00a0minutes ago\n \n Description : In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not ho...", "creation_timestamp": "2026-05-20T18:54:44.310009Z"}, {"uuid": "cd2d8cb0-c8fc-46f4-94e5-35adb634bb1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20239", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmcliz4jmo2i", "content": "CVE-2026-20239 - Sensitive Information Disclosure through Log Files in Splunk Enterprise\nCVE ID : CVE-2026-20239\n \n Published : May 20, 2026, 4:32 p.m. | 1\u00a0hour, 43\u00a0minutes ago\n \n Description : In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform ve...", "creation_timestamp": "2026-05-20T18:57:28.892116Z"}, {"uuid": "60c7fbfb-a437-4f6b-a036-ea739896afd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20239", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmclojfyjp2c", "content": "\ud83d\udfe0 CVE-2026-20239 - High (7.5)\n\nIn Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 1...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-20239/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-20T19:00:34.288253Z"}, {"uuid": "d1f85a86-4f3d-40bf-88ee-34be482372ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20239", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmcpbi66md2a", "content": "Splunk Enterprise/Cloud Platform\u3067`_internal`\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u6a29\u9650\u3092\u6301\u3064\u30e6\u30fc\u30b6\u30fc\u304c\u3001\u30bb\u30c3\u30b7\u30e7\u30f3Cookie\u3084\u6a5f\u5bc6\u60c5\u5831\u3092\u542b\u3080\u30ec\u30b9\u30dd\u30f3\u30b9\u30dc\u30c7\u30a3\u3092\u95b2\u89a7\u3067\u304d\u2026\nCVE-2026-20239 CVSS 7.5 | HIGH", "creation_timestamp": "2026-05-20T20:04:50.890022Z"}, {"uuid": "4746fb81-de25-4866-aebb-56388ebab167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-547", "content": "", "creation_timestamp": "2026-06-03T12:22:10.000000Z"}, {"uuid": "e3e69360-49ae-4d61-b7db-d3be7fd7e917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mng7rwuf3i2c", "content": "CVE-2026-20230 - SSRF in Cisco Unified CM &amp; Unified CM SME. Improper HTTP input validation. CVSS 8.6. Unpatched. No workaround available. Monitor for updates. #CVE #Cisco #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-20230/", "creation_timestamp": "2026-06-03T23:03:34.158889Z"}, {"uuid": "6002d201-cbc9-4587-9ccb-3ff2dcd8fb8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnhan2l7ls2n", "content": "Cisco released patches for CVE-2026-20230 in Unified CM and Unified CM SME, where improper HTTP input validation enables SSRF and potential root escalation.\n", "creation_timestamp": "2026-06-04T08:51:23.804102Z"}, {"uuid": "5e7617eb-cac8-4548-b6ee-275c0488d685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mnhb5genbz23", "content": "Cisco Unified CM &amp; SME face a CRITICAL SSRF flaw (CVE-2026-20230). Only systems with WebDialer enabled are at risk. Patch to 14SU6 ASAP \u2014 PoC is public, no live attacks yet. https://radar.offseq.com/threat/cisco-warns-of-available-poc-for-critical-unified--c947124b #OffSeq #Cisco #SecurityAlert", "creation_timestamp": "2026-06-04T09:00:33.661242Z"}, {"uuid": "2de60f3c-c759-4a27-9ade-b5b5ed15a650", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116691018083283672", "content": "\u26a0\ufe0f CRITICAL: Cisco Unified CM/SME hit by SSRF vuln (CVE-2026-20230). Unauthenticated remote attackers can write files &amp; escalate to root if WebDialer is enabled. Patch to 14SU6 ASAP. PoC out, no active exploitation. https://radar.offseq.com/threat/cisco-warns-of-available-poc-for-critical-unified--c947124b #OffSeq #Cisco #SSRF #Vuln", "creation_timestamp": "2026-06-04T09:00:43.736581Z"}, {"uuid": "029b88fa-a1ea-474a-b464-0596bf10c059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1899", "content": "", "creation_timestamp": "2026-06-03T21:00:00.000000Z"}, {"uuid": "74677dba-4642-42c5-8708-e0b18e9c3fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.acn.gov.it/portale/w/cisco-cucm-disponibile-poc-per-lo-sfruttamento-di-vulnerabilita", "content": "Disponibile un Proof of Concept (PoC) per la CVE-2026-20230 \u2013 gi\u00e0 sanata dal vendor \u2013 presente in Cisco Unified Communications Manager (CUCM) e Cisco Unified CM Session Management Edition (CUCM SME), note soluzioni Cisco per la gestione delle comunicazioni VoIP aziendali. Tale vulnerabilit\u00e0, qualora sfruttata, potrebbe consentire ad un utente malintenzionato di scrivere file arbitrari sul filesystem dei sistemi interessati", "creation_timestamp": "2026-06-04T07:04:00.000000Z"}, {"uuid": "e66c0d24-d6df-4caf-9398-17f1beb4aa98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnhfdb677x2l", "content": "Cisco patched CVE-2026-20230 in Unified CM and Unified CM SME after PoC code surfaced. The flaw could enable SSRF via crafted HTTP requests and may lead to root access on affected systems. #Cisco #UnifiedCM #CVE202620230", "creation_timestamp": "2026-06-04T10:15:23.706928Z"}, {"uuid": "66b30a01-b4f7-4e6a-b475-cb8737b93c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mnhg43zcy32h", "content": "CVE-2026-20230: Critical Cisco Unified CM SSRF Flaw Exposes Enterprises to Root-Level Takeover via Public Exploit Code +\u00a0Video\n\nBreaking Security Reality: A Hidden Door Inside Enterprise Voice Infrastructure A newly disclosed vulnerability in Cisco Unified Communications Manager (Unified CM) has\u2026", "creation_timestamp": "2026-06-04T10:29:17.638797Z"}, {"uuid": "24fbf84e-df9d-4cd2-a351-9f90749b2eb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mnhicayvz62k", "content": "CVE-2026-20230: Public PoC for Cisco Unified CM Vulnerability Risks Remote Root Access", "creation_timestamp": "2026-06-04T11:08:31.175249Z"}, {"uuid": "374e14f8-41a3-41cc-855a-d8e791863593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnhpnko23r2d", "content": "\ud83d\udd17 CVE : CVE-2026-20230", "creation_timestamp": "2026-06-04T13:20:06.817392Z"}, {"uuid": "714049c5-130a-46c7-8f2d-b06dd9aa900c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnhnpk4ruz2r", "content": "Cisco fixed CVE-2026-20230, a critical Unified CM flaw that could let remote attackers gain root via SSRF. Systems with WebDialer enabled are affected. Upgrade to 14SU6 or 15SU5. #Cisco #UnifiedCM #WebDialer", "creation_timestamp": "2026-06-04T12:45:25.997344Z"}, {"uuid": "ca67fac9-7d06-4f9f-9cff-9e4ab49c5895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://gist.github.com/alon710/820db5e55816f217153b6bb6b1bd693c", "content": "# CVE-2026-20230: CVE-2026-20230: Server-Side Request Forgery in Cisco Unified Communications Manager WebDialer Service\n\n&gt; **CVSS Score:** 8.6\n&gt; **Published:** 2026-06-03\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-20230\n\n## Summary\nCVE-2026-20230 is a critical Server-Side Request Forgery (SSRF) vulnerability in the WebDialer service of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). The flaw arises from improper validation of input parameters within WebDialer HTTP requests. Unauthenticated remote attackers can exploit this vulnerability to force the application to make HTTP requests to internal administrative services bound to the loopback interface. In the Cisco Voice Operating System (VOS) environment, these local services trust loopback traffic inherently, permitting unauthorized file writes. By writing malicious files to specific system directories, the attacker can execute arbitrary commands with root privileges.\n\n## TL;DR\nImproper input validation in the WebDialer service of Cisco Unified CM enables unauthenticated remote attackers to execute a Server-Side Request Forgery (SSRF). This vulnerability allows attackers to query internal loopback APIs, write malicious files to the filesystem, and escalate privileges to root.\n\n## Technical Details\n\n- **Vulnerability ID**: CVE-2026-20230\n- **CWE ID**: CWE-918\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 8.6 (Critical Severity Impact Rating)\n- **Exploit Status**: None (No public exploit code or active exploitation detected)\n- **CISA KEV Status**: No\n\n## Affected Systems\n\n- Cisco Unified Communications Manager (Unified CM)\n- Cisco Unified Communications Manager Session Management Edition (Unified CM SME)\n- **Cisco Unified Communications Manager**: All versions where WebDialer is active and unpatched (Fixed in: `Refer to cisco-sa-cucm-ssrf-cXPnHcW`)\n- **Cisco Unified Communications Manager SME**: All versions where WebDialer is active and unpatched (Fixed in: `Refer to cisco-sa-cucm-ssrf-cXPnHcW`)\n\n## Mitigation\n\n- Disable the WebDialer service if it is not actively required for telephony operations.\n- Apply network-level firewall rules to restrict access to Unified CM administrative and application interfaces.\n- Upgrade Cisco Unified CM and Unified CM SME to a supported software version containing the security patch.\n\n**Remediation Steps:**\n1. Log in to the Cisco Unified Serviceability page on the target node.\n2. Go to Tools -&gt; Service Activation and check the status of Cisco WebDialer. If active and unnecessary, deactivate the service.\n3. Download the authorized system update package from the official Cisco Software Download Portal.\n4. Apply the patch or software update during a scheduled maintenance window in accordance with Cisco's deployment guidelines.\n5. Verify that the vulnerability is remediated by checking the software build version against the advisory's fixed releases list.\n\n## References\n\n- [Cisco Unified Communications Manager SSRF Security Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW)\n- [CVE-2026-20230 on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-20230)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-20230) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-04T13:01:07.000000Z"}, {"uuid": "0e6dcd96-31d1-4deb-baa4-8631e856afeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116692107541218445", "content": "Attention, elevated activities detected targeting Cisco Unified Communications Manager (CVE-2026-20230) https://vuldb.com/vuln/368153/cti", "creation_timestamp": "2026-06-04T13:37:37.783646Z"}, {"uuid": "e6484097-7e07-43b5-b0c0-d57b0043d51a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mnhqnbo2uh2e", "content": "\ud83d\udcf0 Cisco Rilis Tambalan Darurat untuk Kerentanan Kritis Unified CM, Kode PoC Telah Beredar Publik\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/04/cisco-peringatan-kerentanan-kritis-unified-cm-poc-eksploitasi/\n\n#beritaTeknologi #bugServer #cisco #ciscoUnifiedCm #cve-2026-20230 ", "creation_timestamp": "2026-06-04T13:37:50.586162Z"}, {"uuid": "849aa712-9164-4ae3-85b7-2185a403246f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/cybersecurity0001.bsky.social/post/3mni46dedyx2n", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public", "creation_timestamp": "2026-06-04T17:04:15.410940Z"}, {"uuid": "2898d5c2-ed25-4871-8102-e4a6d414f072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mni4sov4ydn2", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public TheHackerNews Cisco patched a Unified CM flaw allowing unauthenticated network attackers to write files and escalate to root.\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-06-04T17:16:02.085321Z"}, {"uuid": "508e8cad-5a1b-4467-9c54-c4e6c34412c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mni5qpf5uw2i", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public", "creation_timestamp": "2026-06-04T17:32:24.953399Z"}, {"uuid": "88b945be-77ee-42a8-a0a7-f1b3c1f7fa7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://t.me/cibsecurity/89626", "content": "\ud83d\udd8b\ufe0f Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public \ud83d\udd8b\ufe0f\n\nCisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.  It is tracked as CVE202620230, and proofofconcept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.  The flaw is a serverside request forgery.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2026-06-04T17:15:06.000000Z"}, {"uuid": "feeb52e9-c6a0-4967-91d3-af15747f4a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://t.me/ctinow/251316", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public\nhttps://ift.tt/PuWjc4e", "creation_timestamp": "2026-06-04T17:14:06.000000Z"}, {"uuid": "3ac7168e-0a98-4af6-a282-ca39f55209e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mni7ld6zkg2g", "content": "Cisco has patched a critical server-side request forgery vulnerability, CVE-2026-20230, in its Unified Communications Manager and Session Management Edition. The [\u2026]", "creation_timestamp": "2026-06-04T18:05:11.825207Z"}, {"uuid": "51531889-0424-4f6e-9fc3-84884cf12355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://thehackernews.com/2026/06/cisco-patches-cve-2026-20230-in-unified.html", "content": "Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.\n\nIt is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.\n\nThe flaw is a server-side request forgery.", "creation_timestamp": "2026-06-04T14:55:51.000000Z"}, {"uuid": "6956abfa-aaa5-41eb-a5d0-f97966b280d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnisdwfqru2p", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-20230\n\n\u2022 CVE ID: CVE-2026-20230\n\u2022 CVSS Score: 8.6 (High)\n\u2022 Affected: Unified CM as Expl\n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-04T23:41:06.267816Z"}, {"uuid": "eb13c2a2-0f00-4458-81d4-8ff7ec17c3f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/8281", "content": "Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Unified Communications Manager (Unified CM), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root.\n\nCisco Unified CM (\u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Cisco CallManager) \u0441\u043b\u0443\u0436\u0438\u0442 \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0438 Cisco, \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0435\u0439 \u0437\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438, \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044e \u0432\u044b\u0437\u043e\u0432\u043e\u0432 \u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-20230 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043b\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF) \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e. \u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f  \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0432 \u0431\u0430\u0437\u043e\u0432\u0443\u044e \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0430\u0432 root.\n\nCisco (PSIRT) \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0434\u043b\u044f CVE-2026-20230, \u043d\u043e \u043f\u043e\u043a\u0430 \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0446\u0435\u043b\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0436\u0431\u0430 WebDialer \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d).\n\n\n\u041e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442, \u043d\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c Cisco Unified CM \u0432\u0435\u0440\u0441\u0438\u0439 14SU6 \u0438\u043b\u0438 15SU5 (\u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c 2026 \u0433. \u0438\u043b\u0438 COP), \u0438\u043b\u0438 \u0436\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u0443 WebDialer \u0434\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u0430\u0442\u0447\u0430, \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0449\u0435\u0433\u043e \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 CVE-2026-20230.", "creation_timestamp": "2026-06-04T18:30:06.000000Z"}, {"uuid": "9307e032-9271-4295-816a-82206ac78715", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/happeningnow.news/post/3mnijgs47mj2b", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public\nCisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked\u2026\n\n\ud83d\udd17 https://hnow.live/a/b7de2431", "creation_timestamp": "2026-06-04T21:01:36.806016Z"}, {"uuid": "6186b18b-5cbd-43e8-a724-96e810f34968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10920", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public \u2013 thehackernews.com\n\nFri, 05 Jun 2026 00:55:51", "creation_timestamp": "2026-06-04T20:03:10.000000Z"}, {"uuid": "667547be-c520-40ef-bce6-2990d4537c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mnimu3fpbx2h", "content": "\ud83d\udd12 Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public\n\nCisco has patched a bug in Unified Communications Manager...\n\nhttps://thehackernews.com/2026/06/cisco-patches-cve-2026-20230-in-unified.html #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-06-04T22:02:43.993092Z"}, {"uuid": "c6090c2e-f26e-4087-b0f2-9a9590387bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mninkr3kmr2z", "content": "Cisco patched CVE-2026-20230 in Unified CM and Session Management Edition, a SSRF flaw that can allow arbitrary file writes and potential root escalation. PoC code is public. #Cisco #UnifiedCM #WebDialer", "creation_timestamp": "2026-06-04T22:15:25.111221Z"}, {"uuid": "8feb7018-34ce-4fbe-9e96-f8fc0860904f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/blindthoughts.bsky.social/post/3mninnc7brp2r", "content": "Cisco Unified CM Exploit Goes Public \u2014 Unauthenticated Root Access via CVE-2026-20230\n\nhttps://blindthoughts.com/cisco-unified-cm-cve-2026-20230-root-exploit\n\n#cisco #vulnerability #exploit #unifiedcommunications #patchnow", "creation_timestamp": "2026-06-04T22:16:49.796604Z"}, {"uuid": "c7046b06-583a-4c40-b642-dfc4abe00753", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mnirknuaxb27", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...", "creation_timestamp": "2026-06-04T23:26:59.954352Z"}, {"uuid": "a8d9f986-aa29-4f86-b781-fc0677e08dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnithbuash2p", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-20230\n\n\u2022 CVE ID: CVE-2026-20230\n\u2022 CVSS Score: 8.6 (High)\n\u2022 Affected: ThreatsDay Bulleti\n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-05T00:00:50.303617Z"}, {"uuid": "8b6f7970-4a2c-44c5-92e9-9a05be46eb57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mnj2biabcl27", "content": "Cisco\u306f\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u30b3\u30fc\u30c9\u304c\u516c\u958b\u3055\u308c\u305f\u3053\u3068\u3092\u53d7\u3051\u3001Unified CM\u306eCVE-2026-20230\u3092\u4fee\u6b63\u3057\u305f \n\nCisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public  #HackerNews (Jun 4)\n\nthehackernews.com/2026/06/cisc...", "creation_timestamp": "2026-06-05T02:02:52.623510Z"}, {"uuid": "133f8d26-2ae1-4061-bfaa-bada239c7452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnj3tf3oaw2f", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 136 interactions\nCVE-2026-0257: 43 interactions\nCVE-2026-48778: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-49858: 11 interactions\nCVE-2026-20230: 6 interactions\nCVE-2026-10737: 4 interactions\n", "creation_timestamp": "2026-06-05T02:30:47.822207Z"}, {"uuid": "9300b9f2-865e-4452-90b6-4b66768fc03a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mnjj6zwhfssm", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public https://thehackernews.com/2026/06/cisco-patches-cve-2026-20230-in-unified.html", "creation_timestamp": "2026-06-05T06:30:47.487671Z"}, {"uuid": "ba2dcaf3-4591-4065-b95d-ddb8c76898d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnjphtjbx62d", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-20230\n\n\u2022 CVE ID: CVE-2026-20230\n\u2022 CVSS Score: 8.6 (High)\n\u2022 Affected: Cisco Patches\n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-05T08:22:13.501961Z"}, {"uuid": "53c74f98-d8bc-4055-80ea-292a06fc255a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnjqb46v2j2p", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-20230\n\n\u2022 CVE ID: CVE-2026-20230\n\u2022 CVSS Score: 8.6 (High)\n\u2022 Affected: Cisco Patches\n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-05T08:36:21.453194Z"}, {"uuid": "9aff5da6-2966-427c-a2ee-a09a500059f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnjrjn2qm42f", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-20230\n\n\u2022 CVE ID: CVE-2026-20230\n\u2022 CVSS Score: 8.6 (High)\n\u2022 Affected: Unified CM\n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-05T08:59:01.320431Z"}, {"uuid": "f512d3a5-dfac-49b9-9766-13df03f2bfe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnjrjn2qm42f", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-20230\n\n\u2022 CVE ID: CVE-2026-20230\n\u2022 CVSS Score: 8.6 (High)\n\u2022 Affected: Unified CM\n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-05T08:59:01.326322Z"}, {"uuid": "acdb41ad-400f-4900-a4a3-1d9811bf01bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mnk356nsad2m", "content": "Critical Cisco Unified CM Vulnerability (CVE-2026-20230): Unauthenticated File-Write Leads to Root \u2013 Patch Immediately +\u00a0Video\n\nIntroduction A newly disclosed critical vulnerability in Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to exploit a\u2026", "creation_timestamp": "2026-06-05T11:51:02.380940Z"}, {"uuid": "6ea4fa9e-6b69-430d-a42d-de758e32a119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mnksgo2gzc2h", "content": "Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public\n\nCisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.\n\nIt is tracked as CVE-2026-20230, and proof\u2026\n#hackernews #news", "creation_timestamp": "2026-06-05T18:47:55.871401Z"}, {"uuid": "9cdef3d5-88cd-4ac5-8180-474fd040a30f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://t.me/true_secator/8286", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0438 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043f\u043e\u0434\u0431\u043e\u0440\u043a\u0430 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 0x12 Dark Development \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043d\u043e\u0432\u043e\u0439 \u0442\u0435\u0445\u043d\u0438\u043a\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Bring Your Own RWX Region DLL (BYORWXDLL).\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0435\u0433\u043e \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u044d\u0442\u0430 \u0442\u0435\u0445\u043d\u0438\u043a\u0430 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0435 DLL \u0441 \u043f\u0440\u0435\u0434\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 RWX (\u0447\u0442\u0435\u043d\u0438\u0435+\u0437\u0430\u043f\u0438\u0441\u044c+\u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435) \u043e\u0431\u043b\u0430\u0441\u0442\u044f\u043c\u0438 \u043f\u0430\u043c\u044f\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0448\u0435\u043b\u043b\u043a\u043e\u0434\u0430.\n\n2. Manifold \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 n8n MCP, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c \u0434\u0440\u0443\u0433\u0438\u0445 \u0430\u0440\u0435\u043d\u0434\u0430\u0442\u043e\u0440\u043e\u0432 \u0432 \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 n8n.\n\n3. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 GitHub Action \u043e\u0442 Anthropic \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Claude Code, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u044d\u0442\u043e\u0442 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442, \u0438\u043c\u0435\u044f \u043f\u0440\u0438 \u0441\u0435\u0431\u0435 \u043b\u0438\u0448\u044c \u043e\u0434\u043d\u0443 \u043e\u0442\u043a\u0440\u044b\u0442\u0443\u044e \u0437\u0430\u0434\u0430\u0447\u0443 \u043d\u0430 GitHub.\u00a0\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439 Action \u043e\u0442 Anthropic \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0442\u043e\u0442 \u0436\u0435 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043c\u043e\u0433\u043b\u0430 \u0431\u044b \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0441\u0430\u043c Action \u0438 \u0432 \u043f\u0440\u043e\u0435\u043a\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442.\n\n\u041e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 GMO Flatt Security, \u0430 Anthropic\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0435\u0451 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0447\u0435\u0442\u044b\u0440\u0451\u0445 \u0434\u043d\u0435\u0439. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u043f\u0430\u043a\u0435\u0442 claude-code-action v1.0.94. Anthropic \u043e\u0446\u0435\u043d\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043d\u0430 7,8 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0443 CVSS v4.0 \u0438 \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b\u0430 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0435 \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438.\n\n4. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 SafeBreach \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0433\u043e\u043b\u043e\u0441\u043e\u0432\u043e\u043c \u043f\u043e\u043c\u043e\u0449\u043d\u0438\u043a\u0435 Google Gemini, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0418\u0418, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043a\u043e\u0441\u0432\u0435\u043d\u043d\u044b\u0435 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0438, \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u043e\u0431\u044b\u0447\u043d\u044b\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u0432 \u043c\u0435\u0441\u0441\u0435\u043d\u0434\u0436\u0435\u0440\u0430\u0445.\n\n\u041e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u0445, SafeBreach \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0432 \u0446\u0435\u043b\u043e\u043c \u043d\u043e\u0432\u044b\u0439 \u043a\u043b\u0430\u0441\u0441 \u0430\u0442\u0430\u043a, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u044b\u0439 Fake Context Alignment.\n\n5. \u0425\u0430\u043a\u0435\u0440\u044b \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress Everest Forms Pro \u0441 4000 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0430\u0439\u0442\u0430.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0451\u0442 \u043e CVE-2026-3300 (CVSS: 9.8), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0432\u043f\u043b\u043e\u0442\u044c \u0434\u043e 1.9.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e. \u041f\u0430\u0442\u0447 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d 18 \u043c\u0430\u0440\u0442\u0430 2026 \u0433\u043e\u0434\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.9.13.\n\n6. \u041f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043a\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 Cisco \u0442\u0430\u043a \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 CVE-2026-20230 \u0432 Unified Communications Manager, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432 \u0441\u0435\u0442\u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438 \u043e\u0442\u0442\u0443\u0434\u0430 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root. Cisco \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0430\u0442\u0430\u043a \u043f\u043e\u043a\u0430 \u043d\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e.\u00a0\n\n7. \u0412 Tier Zero Security \u043d\u0430\u0448\u043b\u0438 \u0441\u043f\u043e\u0441\u043e\u0431 \u043e\u0431\u043e\u0439\u0442\u0438 Mark of the Web, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434, \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0432 \u0444\u0430\u0439\u043b\u0430\u0445 .targets NuGet. \u0417\u0430\u0434\u0430\u0447\u0438 \u0432 \u044d\u0442\u0438\u0445 \u0444\u0430\u0439\u043b\u0430\u0445 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u0440\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a NuGet. MSRC \u043d\u0430\u0437\u0432\u0430\u043b\u0430 \u044d\u0442\u043e \u043d\u0435 \u043e\u0448\u0438\u0431\u043a\u043e\u0439, \u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u044c\u044e.\n\n8. \u0412 \u041f\u041e \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438 SOPlanning \u0437\u0430\u043a\u0440\u044b\u0442\u043e \u0441\u0435\u043c\u044c \u043e\u0448\u0438\u0431\u043e\u043a, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439, \u043a\u0440\u0430\u0436\u0438 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439, \u0430\u0442\u0430\u043a \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u043f\u0443\u0442\u0438 \u0438 \u043c\u043d\u043e\u0433\u043e\u0433\u043e \u0434\u0440\u0443\u0433\u043e\u0433\u043e.\n\n9. OpenSSL \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u043d\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 PatchTuesday. \u041d\u0438\u0447\u0435\u0433\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e, \u043d\u043e \u0435\u0441\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043e\u0448\u0438\u0431\u043e\u043a \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n10. \u0418\u0437\u0440\u0430\u0438\u043b\u044c\u0441\u043a\u0438\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0419\u0435\u043d\u0438 \u0428\u0435\u0440\u0435\u0437 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u043e\u0442\u0447\u0435\u0442 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 DarkReplica (CVE-2026-23631), RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Redis, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u043d \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e\u0434\u043d\u0435\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 ZeroDayCloud.\n\n11. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u043c \u044d\u043a\u0440\u0430\u043d\u0435 Comodo Internet Security \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0431\u043e\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u044b Windows \u0432\u0441\u0435\u0433\u043e \u043e\u0434\u043d\u0438\u043c \u043f\u0430\u043a\u0435\u0442\u043e\u043c \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 IP \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430. \u041e\u043d\u0430 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043d\u0435 \u043e\u0442\u0432\u0435\u0442\u0438\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u041c\u0430\u0440\u043a\u0443\u0441\u0443 \u0425\u0430\u0442\u0447\u0438\u043d\u0441\u0443. PoC \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0435\u0442\u0441\u044f.\n\n12. CISA \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-45247 (CVSS 9,8) \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0438 Mirasvit Full Page Cache Warmer \u0434\u043b\u044f Magento 2, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f RCE.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 Sansec, \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Mirasvit, \u0432\u043d\u0435\u0434\u0440\u044f\u044f \u0432 cookie-\u0444\u0430\u0439\u043b CacheWarmer \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 PHP-\u043e\u0431\u044a\u0435\u043a\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u0435\u0437 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u043a\u043b\u0430\u0441\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u044b.", "creation_timestamp": "2026-06-05T18:00:06.000000Z"}, {"uuid": "82ceb129-e0e8-4cbc-81ba-f51897153b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mnkavsxjq22h", "content": "Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges\n\nCisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, \u2026\n#hackernews #news", "creation_timestamp": "2026-06-05T13:34:16.549418Z"}, {"uuid": "d792da3c-1112-4d38-8e2a-d00d97c13821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "Telegram/2GKVzEdq0Q1GgXdde3R68qhjmtmEcsIfO4W2udc5u2OvA5M", "content": "", "creation_timestamp": "2026-06-05T09:00:04.000000Z"}, {"uuid": "345415e7-171c-4567-b8c3-6bf4672adf59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://t.me/bdufstecru/3221", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b WebDialer \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 Cisco Unified Communications Manager (Unified CM) \u0438 Cisco Unified Communications Manager Session Management Edition (Unified CM SME) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c SSRF-\u0430\u0442\u0430\u043a\u0443\n\nBDU:2026-07815\nCVE-2026-20230\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW", "creation_timestamp": "2026-06-05T13:10:08.000000Z"}, {"uuid": "bfcc178c-1b90-47c3-b796-8578889db305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mnkikfh42b26", "content": "Critical vulnerability CVE-2026-20230 in Cisco Unified CM allows unauthenticated SSRF attacks leading to root access. Patch immediately! #CyberSecurity #Cisco #Vulnerability #SSRF Link: thedailytechfeed.com/cisco-patche...", "creation_timestamp": "2026-06-05T15:51:04.280117Z"}, {"uuid": "ef09588c-5e17-4a4a-acf9-a08cc668f7cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnkyrzq5fo2b", "content": "CVE-2026-20230 \u2014 Cisco Unified CM SSRF to Potential Root Escalation", "creation_timestamp": "2026-06-05T20:41:39.706877Z"}, {"uuid": "bfb9e9bc-1a01-490a-af8c-6d097eca46ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mns2orxqel23", "content": "~Checkpoint~\nCheck Point's June 8th report highlights critical zero-days in Android, Cisco, and Windows Netlogon, alongside major breaches at DentaQuest and Dashlane.\n-\nIOCs: CVE-2025-48595, CVE-2026-20230, CVE-2026-41089\n-\n...", "creation_timestamp": "2026-06-08T16:04:16.092861Z"}, {"uuid": "bb47b435-2d64-46d7-a4a5-cb2fbd6cec04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mntglqiuw42k", "content": "Security Updates Released for CVE-2026-20230 and Other Vulnerabilities", "creation_timestamp": "2026-06-09T05:09:58.816049Z"}, {"uuid": "4885005f-9e26-4b57-8e4b-6f858f5eb351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.cert.se/2026/06/patchtisdag-juni-2026-samlad-information-om-manadens-sakerhetsuppdateringar.html", "content": "", "creation_timestamp": "2026-06-10T05:00:00.000000Z"}, {"uuid": "bbc5887a-a93c-4220-a138-c59b784a2767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mokbhbp2d72y", "content": "Every organization running Cisco $CSCO Unified Communications Manager should patch now. A flaw tracked as CVE-2026-20230 lets a crafted web request write arbitrary files onto the system, and proof-of-concept exploit code is already public. Cisco has released fixes. Source: Cisco.", "creation_timestamp": "2026-06-18T07:09:16.327791Z"}, {"uuid": "0af4aefa-23db-4baa-8cc1-21e3aa97601d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "published-proof-of-concept", "source": "Telegram/cFwSQ27uOrqZ96YGVM-ku7YiP0UftFdUhE6IZpDdkcLlq7k", "content": "", "creation_timestamp": "2026-06-13T03:00:05.000000Z"}, {"uuid": "3830422f-3897-4f04-a18e-a218982967a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "published-proof-of-concept", "source": "Telegram/RH2s8PeGGVhZpVJAgPxAefdwgWbZ17CHKO_8EzHYAqSoEvM", "content": "", "creation_timestamp": "2026-06-12T23:00:21.000000Z"}, {"uuid": "fb75db55-33ad-4df0-b925-6afa7d68e0a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "published-proof-of-concept", "source": "Telegram/5qW5gV7-qoBxzKDv9J2fDYEvV25ComYYg-PDvxq2HqqT9g", "content": "", "creation_timestamp": "2026-06-04T17:46:17.000000Z"}, {"uuid": "3a9f1fe6-339c-4059-b59a-a4cd2a405d78", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9a30df14-176b-450a-845b-42cd2768d79d", "content": "", "creation_timestamp": "2026-06-23T23:00:21.203946Z"}, {"uuid": "4854122c-2740-429c-a922-8556048031c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/bleepingcomputer.com/post/3moyewp7nhj2v", "content": "A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks.", "creation_timestamp": "2026-06-23T21:48:49.216058Z"}, {"uuid": "10460dee-e82f-44c2-adb9-fce6ad4b802c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3moyfvy23642d", "content": "Cisco Unified CM Under Fire: Critical CVE-2026-20230 Vulnerability Actively Exploited as Attackers Hunt for Root Access +\u00a0Video\n\nIntroduction: A Dangerous Shift From Disclosure to Active Exploitation Cybersecurity threats often follow a predictable lifecycle. A vulnerability is discovered, a patch\u2026", "creation_timestamp": "2026-06-23T22:06:21.709610Z"}, {"uuid": "6f3621c5-6df5-412a-967f-28ea59c3c63b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3moygchpn732d", "content": "Cisco Unified Communications Manager Server\u3067\u3001CVE-2026-20230\uff08SSRF\u8106\u5f31\u6027\uff09\u304c\u60aa\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002", "creation_timestamp": "2026-06-23T22:13:18.393992Z"}, {"uuid": "e3e8e49c-4454-486a-b930-2c943b975d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/thecircuitry.to/post/3moygf64tfe2p", "content": "Cisco Unified CM servers are now seeing live exploitation of a high-severity SSRF flaw.\nThe PoC writes one specific test file but full root details just dropped.\n\nRead the full report: https://thecircuitry.to/article/attackers-exploit-cisco-unified-cm-cve-2026-20230-in-the-wild-mqr6yztb", "creation_timestamp": "2026-06-23T22:14:48.252124Z"}, {"uuid": "a5be4a14-39ca-45eb-b73d-f0fdbd9e1dd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3moyifcppbvm2", "content": "Cisco Unified CM SME flaw CVE-2026-20230 now exploited in attacks BleepingComputer A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is n...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-06-23T22:50:45.681238Z"}, {"uuid": "f2f42c4f-ad6b-499d-bd5d-6d131c40310c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3moyjyfpgjb2u", "content": "\ud83e\udd16 CVE-2026-20230 (CVSS 8.6): SSRF in Cisco Unified CM exploited in wild. Allows access to internal systems. No patch \u2014 CISA KEV added.\n\nhttps://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/", "creation_timestamp": "2026-06-23T23:19:14.934459Z"}, {"uuid": "9ded9d00-cbd4-4c32-84c8-cbd126354073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/happeningnow.news/post/3moykwp5uvl2g", "content": "\ud83d\udea8 Breaking: Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks\nA high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. [...]\n\n\ud83d\udd17 https://hnow.live/a/d57975cb", "creation_timestamp": "2026-06-23T23:36:11.447850Z"}, {"uuid": "ed337679-5faa-4c7c-a582-846769381aa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mozjzedpm52p", "content": "CRITICAL CISCO SSRF FLAW (CVE-2026-20230): ROOT-LEVEL TAKEOVER THREATENS ENTERPRISE COMMUNICATION SYSTEMS\u00a0WORLDWIDE\n\nIntroduction: When Enterprise Communication Becomes an Attack Gateway A newly disclosed vulnerability in Cisco\u2019s Unified Communications Manager has raised serious alarms across\u2026", "creation_timestamp": "2026-06-24T08:52:27.551571Z"}, {"uuid": "4ece8289-b6f2-4647-a63c-bfe273f159c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/tugate.ch/post/3mozd2atp732r", "content": "Falha cr\u00edtica CVE-2026-20230 na Cisco j\u00e1 \u00e9 explorada globalmente. Admins em Portugal devem actualizar urgentemente os sistemas afectados \u26a0\ufe0f \n\n#falha ", "creation_timestamp": "2026-06-24T06:47:40.843771Z"}, {"uuid": "1eabb564-dd0a-43b8-aee1-8ed19222e805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mozfae4etov2", "content": "Hackers Exploiting Cisco Unified CM Vulnerability Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June. The post Hackers Exploiting Cisco Unified CM ...\n\n#Network #Security #Vulnerabilities #Cisco #exploited [\u2026] \n\n[Original post on securityweek.com]", "creation_timestamp": "2026-06-24T07:26:58.243627Z"}, {"uuid": "260d2024-4617-4519-8021-2c15e8a3cc90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mozgi437w5v2", "content": "Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root TheHackerNews Cisco Unified CM CVE-2026-20230 is under active exploitation, allowing file writes on WebDialer-enabled syste...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-06-24T07:49:29.564301Z"}, {"uuid": "434bc29b-2441-4756-89e8-8ca73aa50f6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3mozh65hfc22x", "content": "Cisco Unified CM CVE-2026-20230 \u304c\u60aa\u7528\u3055\u308c\u308b \u2014 \u30d5\u30a1\u30a4\u30eb\u66f8\u304d\u8fbc\u307f\u3067 root \u6a29\u9650\u7372\u5f97\n\nWebDialer \u6709\u52b9\u6642\u306e Cisco Unified CM \u3067 CVE-2026-20230 \u304c\u5b9f\u969b\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u3002PoC \u516c\u958b\u5f8c\u3001\u30d5\u30a1\u30a4\u30eb\u66f8\u304d\u8fbc\u307f\u3092\u7d4c\u7531\u3057\u305f root \u6a29\u9650\u7372\u5f97\u304c\u53ef\u80fd\u306b\u306a\u3063\u305f\u3002\u5bfe\u8c61\u7d44\u7e54\u306f\u7dca\u6025\u5bfe\u5fdc\u304c\u5fc5\u8981\u3002\n\n#CVE #\u8106\u5f31\u6027 #\u6a19\u7684\u578b\u653b\u6483", "creation_timestamp": "2026-06-24T08:01:26.479442Z"}, {"uuid": "62ce1d2e-6bfe-4ea1-8d95-59b38d0c9a76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mozhfac4lm25", "content": "CVE-2026-20230 enables unauthenticated remote SSRF via crafted HTTP requests against Cisco Unified CM and Unified CM SME, potentially leading to file writes and root escalation.\n", "creation_timestamp": "2026-06-24T08:05:24.555866Z"}, {"uuid": "d4ff0c00-8b80-4e62-b5f5-49b4ce7782e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mozhsneg4y2u", "content": "\ud83d\udd34 EXPLOITED\n\nCisco Unified CM can be exploited to root.\n\nBut only if WebDialer is on, and it ships off by default. Check before you panic-patch.\n\nThe \"active exploitation\" so far is one source dropping a test file. (CVE-2026-20230)", "creation_timestamp": "2026-06-24T08:12:54.302352Z"}, {"uuid": "d4e83f53-ff4d-49f8-9f81-932bb1b0151e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mozi54m2vc2u", "content": "Cisco Unified CM Under Active Attack: CVE-2026-20230 SSRF Exploit PoC Public \u2014 Patch Now or Get Rooted +\u00a0Video\n\nIntroduction: A critical server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) is currently\u2026", "creation_timestamp": "2026-06-24T08:18:45.920649Z"}, {"uuid": "d56cf3d5-33aa-4101-9b1a-bcefcc9c4ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3moznsubvfr2f", "content": "Cisco Unified CM CVE-2026-20230 is being actively exploited with a PoC, enabling SSRF, arbitrary file writes, and possible root escalation. Defused observed attacks and SSD published details. #Cisco #UnifiedCM #CVE202620230", "creation_timestamp": "2026-06-24T10:00:24.904218Z"}, {"uuid": "5ce66d0e-bf50-4cb1-9a02-e655fa5984d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html", "content": "Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME).\n\nThe vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remote", "creation_timestamp": "2026-06-24T04:50:38.000000Z"}, {"uuid": "35869fe8-a17a-450f-a0e7-8f851a568ffe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mozny3rloh2o", "content": "\ud83d\udd12 Same-Day Shells: A Full-Chain RCE Sweep Against Cisco CUCM (CVE-2026-20230)\n\nA critical Cisco CUCM WebDialer vulnerability (CVE-2026-20230) was rapidly weaponized for full remote ...\n\nhttps://tinyurl.com/24h2pv9j #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-06-24T10:03:19.031122Z"}, {"uuid": "60963919-8b3d-4a9e-a9e9-33d8f8ad8a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mozti7n5cs2p", "content": "Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)\n\n\ud83d\udcd6 Read more: www.helpnetsecurity.com/2026/06/24/c...\n\n#communication #enterprise #PoC #vulnerability #cybersecurity #cybersecuritynews @cisco.com", "creation_timestamp": "2026-06-24T11:41:52.505426Z"}, {"uuid": "f5f9f139-60a1-49de-86fb-62ac60b5cb35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116804930613951549", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel AttacksSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/Researchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel's process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.Mythos Discovers 'Squidbleed,' a Memory Leak That's Gone Undetected Since Clinton EraSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/A 29-year-old vulnerability dubbed \"Squidbleed\" (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic's Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.FortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s SuomessaSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessaThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.Source URL: https://isc.sans.edu/diary/rss/33094Despite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.New macOS ClickFix Attack Silently Mounts DMGs to Push InfostealerSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/A novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer WorkflowsSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflowsDubbed \"Cordyceps,\" a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data ExfiltrationSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/Palo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization's active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.LastPass Confirms Data Breach in Klue Supply Chain AttackSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/LastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.Tata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear OnlineSource URL: https://therecord.media/tata-electronics-confirms-cyberattackIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group \"World Leaks,\" who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.Payouts King Ransomware Initial Access Broker Deploys New Edgecution MalwareSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecutionZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed \"Edgecution,\" deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.AI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance WarnsSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/An international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDISource URL: https://www.nippon.com/en/news/yjj2026062301023/Japanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.Active Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level RiskSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/Threat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco's Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-24T11:49:58.360985Z"}, {"uuid": "80971f19-a871-4674-ab15-d746fc4e8dd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mozujf2q7q2l", "content": "Cisco Unified CM flaw CVE-2026-20230 is reportedly being exploited after PoC shows a file-write path to root. Patch and restrict access to management endpoints. #Cybersecurity #Vulnerability #InfoSec\n\nSource: https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html", "creation_timestamp": "2026-06-24T12:00:22.519801Z"}, {"uuid": "bceb9ed6-a136-4328-a57b-080235b251a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mozuul7mtz2u", "content": "A critical vulnerability in Cisco Unified Communications Manager (CVE-2026-20230, CVSS 8.6) allows unauthenticated remote attackers to conduct SSRF attacks, potentially writing files to the operating system. Active exploitation has been observed, requiring the WebDialer service to be enabled.", "creation_timestamp": "2026-06-24T12:06:38.409004Z"}, {"uuid": "86ba63fa-e0cb-4684-9fbf-1ef8b8d964b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/malwareobserver.bsky.social/post/3mozvsk2cni2f", "content": "\ud83d\udc1b VULNERABILITIES Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230) \u2014 Help Net Security\nhttps://www.helpnetsecurity.com/2026/06/24/cisco-unified-cm-flaw-exploited-to-drop-webshells-cve-2026-20230/ #Vulnerability #CVE #ZeroDay", "creation_timestamp": "2026-06-24T12:23:22.753685Z"}, {"uuid": "d77de3b6-ba5d-4ff6-894f-98fa9b8ab719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/techoverload.bsky.social/post/3mozwb6rug522", "content": "Cisco Unified CM\u2019s CVE-2026-20230 is now being exploited after PoC details showed a path to root. If you run Cisco call-control gear, patch fast and keep admin interfaces off the open internet. \ud83d\uded1\n\n#Cisco #Security #Cybersecurity", "creation_timestamp": "2026-06-24T12:31:34.818694Z"}, {"uuid": "3c2889c7-4c30-4b41-8396-ac20b5014efb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mozwehcg7227", "content": "\ud83d\udea8 Cisco is urging organizations to patch CVE-2026-20230 after reports of active exploitation against Unified Communications Manager.\n\nPublic exploit code is online and the EPSS score jumped sharply after attack reports surfaced.\n\n\ud83d\udc47\nbasefortify.eu/posts/2026/0...\n\n#CyberSecurity #Cisco #CVE #InfoSec", "creation_timestamp": "2026-06-24T12:33:41.225051Z"}, {"uuid": "c42581ca-fbf8-48e7-b60f-566a3d58879b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mozwelrjcc27", "content": "\ud83d\udea8 Cisco is urging organizations to patch CVE-2026-20230 after reports of active exploitation against Unified Communications Manager.\n\nPublic exploit code is online and the EPSS score jumped sharply after attack reports surfaced.\n\n\ud83d\udc47\nbasefortify.eu/posts/2026/0...\n\n#CyberSecurity #Cisco #CVE #InfoSec", "creation_timestamp": "2026-06-24T12:33:42.046246Z"}, {"uuid": "eb1a76cb-2bfa-4d70-a1ad-413ca33e7784", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mozwer3bw227", "content": "\ud83d\udea8 Cisco is urging organizations to patch CVE-2026-20230 after reports of active exploitation against Unified Communications Manager.\n\nPublic exploit code is online and the EPSS score jumped sharply after attack reports surfaced.\n\n\ud83d\udc47\nbasefortify.eu/posts/2026/0...\n\n#CyberSecurity #Cisco #CVE #InfoSec", "creation_timestamp": "2026-06-24T12:33:42.870178Z"}, {"uuid": "a4c0e436-451c-48f5-a9c5-9c242ba50b55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://threatintel.cc/2026/06/24/morning-cyber-summary.html", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks\n\nSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/\nResearchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel&rsquo;s process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.\n\nMythos Discovers &lsquo;Squidbleed,&rsquo; a Memory Leak That&rsquo;s Gone Undetected Since Clinton Era\n\nSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/\nA 29-year-old vulnerability dubbed &ldquo;Squidbleed&rdquo; (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic&rsquo;s Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.\n\nFortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s Suomessa\n\nSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa\nThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.\n\nCVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.\n\nSource URL: https://isc.sans.edu/diary/rss/33094\nDespite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.\n\nNew macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer\n\nSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/\nA novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.\n\n&lsquo;Cordyceps&rsquo;: Mushrooming Malicious Pull Requests Threaten Developer Workflows\n\nSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows\nDubbed &ldquo;Cordyceps,&rdquo; a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.\n\nThe Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration\n\nSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/\nPalo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization&rsquo;s active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.\n\nLastPass Confirms Data Breach in Klue Supply Chain Attack\n\nSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/\nLastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.\n\nTata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online\n\nSource URL: https://therecord.media/tata-electronics-confirms-cyberattack\nIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group &ldquo;World Leaks,&rdquo; who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.\n\nPayouts King Ransomware Initial Access Broker Deploys New Edgecution Malware\n\nSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution\nZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed &ldquo;Edgecution,&rdquo; deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.\n\nAI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns\n\nSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/\nAn international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.\n\n14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI\n\nSource URL: https://www.nippon.com/en/news/yjj2026062301023/\nJapanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.\n\nActive Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk\n\nSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/\nThreat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco&rsquo;s Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-24T09:50:42.000000Z"}, {"uuid": "61223a83-6dfc-490b-b937-d366103a2fb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mp24ia7q2d2t", "content": "Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild", "creation_timestamp": "2026-06-24T14:22:53.604755Z"}, {"uuid": "8eaf02f7-c1a0-48a8-af8c-288aabbcad9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mp24ovle2j2p", "content": "Cisco Unified Communications Manager Under Fire as Critical CVE-2026-20230 Exploitation Emerges, Organizations Face Immediate Security Threat +\u00a0Video\n\nA Dangerous Cisco Vulnerability Is Suddenly in the Spotlight A newly disclosed security vulnerability affecting Cisco Unified Communications Manager\u2026", "creation_timestamp": "2026-06-24T14:26:37.559499Z"}, {"uuid": "68c8583a-9879-43a5-bb2a-b026cefe8243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mp26ij5gl52d", "content": "Cisco Unified CM SME flaw CVE-2026-20230 now exploited in attacks #cybersecurity #hacking #news #infosec #security #technology #privacy", "creation_timestamp": "2026-06-24T14:58:50.638250Z"}, {"uuid": "b5637d98-22ea-4df8-97e3-538113b72f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/thenewoil.org/post/3mp2pe6iqttg2", "content": "#Cisco #UnifiedCM flaw CVE-2026-20230 now exploited in attacks\n\nhttps://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/\n\n#cybersecurity", "creation_timestamp": "2026-06-24T20:00:47.265036Z"}, {"uuid": "c3b60750-c663-456f-90fd-9f47f6ed03e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mp2xoge6vk27", "content": "Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks\n\nA high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. [...]\n#hackernews #news", "creation_timestamp": "2026-06-24T22:29:32.314347Z"}, {"uuid": "1fb2a706-c228-435c-93e3-a5d0ec12296d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/eurotrends24.bsky.social/post/3mp2yyido3h2o", "content": "JUST RELEASED: Exclusive video clip on how to protect your network from the Cisco Unified CM flaw CVE-2026-20230 - Watch now and stay safe! \u2b07\ufe0f\u2699\ufe0f #cybersecurity", "creation_timestamp": "2026-06-24T22:53:04.747998Z"}, {"uuid": "33f64846-5d28-4e3c-bb6e-c2dda21d495d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/k3live.bsky.social/post/3mp2yz5iunu2z", "content": "LEAKED: Immediate download update available for the premium mod menu tool to safeguard against CVE-2026-20230 - Get it before it's too late! \u2b07\ufe0f", "creation_timestamp": "2026-06-24T22:53:25.943624Z"}, {"uuid": "8d64b185-ac4d-4fda-be6d-216bf9815b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mp36mqeabi2c", "content": "Cisco Unified CM\u306e\u8106\u5f31\u6027\u304c\u60aa\u7528\u3055\u308c\u3001Web\u30b7\u30a7\u30eb\u304c\u30c9\u30ed\u30c3\u30d7\u3055\u308c\u308b\uff08CVE-2026-20230\uff09 \n\nCisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)  #HelpNetSecurity (Jun 24)\n\nwww.helpnetsecurity.com/2026/06/24/c...", "creation_timestamp": "2026-06-25T00:33:51.404416Z"}, {"uuid": "598d63e1-3752-45e1-8e94-2b99b4ea39ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html", "content": "Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME).\n\nThe vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remote", "creation_timestamp": "2026-06-25T01:00:40.690736Z"}, {"uuid": "04594e82-eede-410e-a059-8e9e0bfb0d88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://threatintel.cc/2026/06/24/morning-cyber-summary.html", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks\n\nSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/\nResearchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel&rsquo;s process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.\n\nMythos Discovers &lsquo;Squidbleed,&rsquo; a Memory Leak That&rsquo;s Gone Undetected Since Clinton Era\n\nSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/\nA 29-year-old vulnerability dubbed &ldquo;Squidbleed&rdquo; (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic&rsquo;s Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.\n\nFortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s Suomessa\n\nSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa\nThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.\n\nCVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.\n\nSource URL: https://isc.sans.edu/diary/rss/33094\nDespite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.\n\nNew macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer\n\nSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/\nA novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.\n\n&lsquo;Cordyceps&rsquo;: Mushrooming Malicious Pull Requests Threaten Developer Workflows\n\nSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows\nDubbed &ldquo;Cordyceps,&rdquo; a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.\n\nThe Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration\n\nSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/\nPalo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization&rsquo;s active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.\n\nLastPass Confirms Data Breach in Klue Supply Chain Attack\n\nSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/\nLastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.\n\nTata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online\n\nSource URL: https://therecord.media/tata-electronics-confirms-cyberattack\nIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group &ldquo;World Leaks,&rdquo; who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.\n\nPayouts King Ransomware Initial Access Broker Deploys New Edgecution Malware\n\nSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution\nZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed &ldquo;Edgecution,&rdquo; deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.\n\nAI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns\n\nSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/\nAn international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.\n\n14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI\n\nSource URL: https://www.nippon.com/en/news/yjj2026062301023/\nJapanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.\n\nActive Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk\n\nSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/\nThreat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco&rsquo;s Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-25T01:00:41.214334Z"}, {"uuid": "fb50d16e-a304-491b-9eb4-c1df187ed8a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mp3du45u2c2i", "content": "Cisco Unified Communications Manager\u306eSSRF \u8106\u5f31\u6027 CVE-2026-20230 \u304c\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u3067\u60aa\u7528\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews #cyberattack #incident", "creation_timestamp": "2026-06-25T02:07:30.329406Z"}, {"uuid": "36ce4552-c4e6-4652-af45-fe0758eb3f63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mp3f5lq7nf2t", "content": "Top 3 CVE for last 7 days:\nCVE-2026-55200: 44 interactions\nCVE-2026-47729: 18 interactions\nCVE-2026-50656: 17 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-55200: 35 interactions\nCVE-2026-20230: 8 interactions\nCVE-2026-20245: 7 interactions\n", "creation_timestamp": "2026-06-25T02:30:39.449386Z"}, {"uuid": "c3f227ba-9d71-4b31-a751-d29b0d409b7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mp3lwfrxxcj5", "content": "Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild https://securityaffairs.com/194153/uncategorized/cisco-unified-cm-flaw-cve-2026-20230-actively-exploited-in-the-wild.html", "creation_timestamp": "2026-06-25T04:31:54.893915Z"}, {"uuid": "1f07f7b0-3054-42e1-9a60-13d12797258a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mp3urmhg7y27", "content": "Cisco Unified Servers Face Active CVE-2026-20230\u00a0Exploitation\n\nThreat actors have initiated attempts to exploit the CVE-2026-20230 vulnerability within Cisco Unified servers used for corporate telephony. This critical error allows an unauthenticated, remote attacker to force file creation within\u2026", "creation_timestamp": "2026-06-25T07:10:18.248782Z"}, {"uuid": "f4e1ddad-21af-4d70-9f10-d34481d1910b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3mp44uqvab32f", "content": "\ud83d\udcf0 Cisco has released multiple critical vulnerabilities, including CVE-2026-20230 under exploitation and an earlier SD-WAN 0-day that appears even more severe tha...\n\n\ud83d\udd17 https://www.theregister.com/security/2026/06/24/the-hits-keep-on-coming-for-cisco-vulnerabilities/5261797\n\n#Tech #Enterprise", "creation_timestamp": "2026-06-25T09:35:13.198588Z"}, {"uuid": "2d71072d-9bae-4211-a3c2-1a7f8fb842c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.cert.dk/news/2026-06-25/Cisco-fejl-udnyttes-i-angreb-mod-telefonisystemer", "content": "", "creation_timestamp": "2026-06-25T09:45:09.414350Z"}, {"uuid": "9b0b582b-3836-4f2e-96af-6eb57d0f6e46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mp46re3uqp2k", "content": "Running Cisco Unified CM? Check if WebDialer is enabled and patch now. Security firm Defused reports attacks on CVE-2026-20230, a critical flaw letting an unauthenticated attacker gain root on the server. Cisco $CSCO patched it June 3 but says it sees no malicious use yet.", "creation_timestamp": "2026-06-25T10:09:06.165349Z"}, {"uuid": "a482bf98-555a-480d-9ca4-0f8c13acec77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/index.espresso.cafecito.tech.ap.brid.gy/post/3mp4fjzszhsg2", "content": "TL;DR\n\n * CVE-2026-20230: Cisco Unified CM Critical RCE \u2014 Legacy WebDialer Flaw Triggers Global Enterprise Risk. Is your enterprise network still running deprecated services that act as open doors for hackers?\n * 630GB Leak: Tata Electronics Breach Exposes Apple and Tesla Specs. How can a 630GB [\u2026]", "creation_timestamp": "2026-06-25T12:10:19.109262Z"}, {"uuid": "253fa479-c0ba-402d-baae-42e5b3b329c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mp4gflydpc27", "content": "Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)\n\nCVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco\u2019s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution cap\u2026\n#hackernews #news", "creation_timestamp": "2026-06-25T12:25:41.982544Z"}, {"uuid": "b956676e-d55e-4181-a6ea-d6dae9d0d410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-high-severity-vulnerability-cisco-unified-communications-manager-exploit-poc", "content": "", "creation_timestamp": "2026-06-25T13:45:03.525819Z"}, {"uuid": "e8ce48de-921e-4f9c-afbf-98ad0e3074d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mp4ncbyexk27", "content": "Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild\n\nAttackers exploit Cisco Unified CM flaw (CVE-2026-20230) allowing unauth HTTP requests to trigger SSRF, write files, and gain root access Cisco Unified Communications Manager has a serious vulnerability, tracked \u2026\n#hackernews #news", "creation_timestamp": "2026-06-25T14:29:07.507980Z"}, {"uuid": "3343e617-b733-40c0-bb16-7c653f54076e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116811816867526680", "content": "\ud83d\udcf0 Attackers Actively Exploit Critical Cisco Unified CM Flaw to Deploy Webshells\n\u26a0\ufe0f ACTIVE EXPLOITATION: A critical SSRF flaw in Cisco Unified CM (CVE-2026-20230) is being used to drop webshells. Attackers are scanning from Tor. Disable the WebDialer service or patch immediately! #Cisco #CyberAttack #Infosec #SSRF\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/active-exploitation-of-critical-cisco-unified-cm-flaw-begins/?utm_source=mastodon&amp;utm_medium\u2026", "creation_timestamp": "2026-06-25T17:01:19.198744Z"}, {"uuid": "0b79c74e-53e0-4830-8c58-39f6c9d3637d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mp4vsz3evt2x", "content": "\u26a0\ufe0f ACTIVE EXPLOITATION: A critical SSRF flaw in Cisco Unified CM (CVE-2026-20230) is being used to drop webshells. Attackers are scanning from Tor. Disable the WebDialer service or patch immediately! #Cisco #CyberAttack #Infosec #SSRF\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-25T17:01:38.207428Z"}, {"uuid": "2fa1be7a-a622-46a6-9702-d9a99fbd6b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mp55wlb5ge2d", "content": "\ud83d\uded1 CVE-2026-20230\nCisco Unified Communications Manager\nCVSS 8.6 / EPSS 34% / KEV \u2705\nTL;DR: A vulnerability in Cisco Unified Communications Manager (Unified CM) an\u2026\nhttps://cvesentinel.com/report/CVE-2026-20230?utm_source=bluesky&amp;utm_medium=social&amp;utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-06-25T19:26:47.252271Z"}, {"uuid": "12dddeca-d060-4f0b-afcf-b5d72ed10e82", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a68980e0-b134-4149-a482-a2baf1a341a6", "content": "", "creation_timestamp": "2026-06-25T20:00:02.000436Z"}, {"uuid": "619864d1-e76d-4064-a274-4654bd0f309f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6837276", "content": "2026-06-25: [CVE-2026-20230] Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) VulnerabilityCisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.\ncisakev", "creation_timestamp": "2026-06-25T20:02:48.477560Z"}, {"uuid": "3e860450-0567-484d-9704-6e19250d57f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mp5g37q2xe2e", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u60272\u4ef6\u3092\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0 \n\nCISA Adds Two Known Exploited Vulnerabilities to Catalog  #CISA (Jun 25)\n\nCVE-2026-12569 PTC Windchill\u304a\u3088\u3073FlexPLM\u306b\u304a\u3051\u308b\u4e0d\u9069\u5207\u306a\u5165\u529b\u691c\u8a3c\u306e\u8106\u5f31\u6027\nCVE-2026-20230 Cisco Unified Communications Manager\u306e\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea\uff08SSRF\uff09\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-06-25T21:52:34.194028Z"}, {"uuid": "02481193-ae32-4e05-aa30-1dcfba89f161", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mp5poxir3k2a", "content": "The hits keep on coming for Cisco vulnerabilities\n\nCVE-2026-20230 under exploitation, while an earlier SD-WAN 0-day looks even worse than we thought\n#hackernews #news", "creation_timestamp": "2026-06-26T00:44:39.990988Z"}, {"uuid": "2258658b-bd0c-402b-98ee-f9a0e356b4ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mp6ouvfhn22j", "content": "Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild\n\nsecurityaffairs.com/194153/uncat...\n\n#Cybersecurity #LargeScaleImpact #Vulnerability", "creation_timestamp": "2026-06-26T10:02:45.246510Z"}, {"uuid": "4ef2f2ff-bb40-4548-85a6-a219ccf10624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116816986268752727", "content": "\ud83d\udcf0 CISA Adds Actively Exploited PTC and Cisco Flaws to KEV Catalog, Mandates Federal Patching\n\ud83d\udce2 CISA adds two actively exploited vulnerabilities to its KEV catalog: CVE-2026-12569 in PTC products and CVE-2026-20230 in Cisco UCM. Federal agencies are mandated to patch. All orgs should prioritize these now! \u26a0\ufe0f #CyberSecurity #Vulnerability #CI...\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/cisa-adds-actively-exploited-ptc-and-cisco-flaws-to-kev-cata\u2026", "creation_timestamp": "2026-06-26T14:55:55.893235Z"}, {"uuid": "9afc874b-f5ac-4615-8744-4b554b7fe532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mp77bxemxo2f", "content": "\ud83d\udce2 CISA adds two actively exploited vulnerabilities to its KEV catalog: CVE-2026-12569 in PTC products and CVE-2026-20230 in Cisco UCM. Federal agencies are mandated to patch. All orgs should prioritize these now! \u26a0\ufe0f #CyberSecurity #Vulnerability #CI...\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-26T14:56:22.762722Z"}, {"uuid": "48ff3e3e-a4d2-43ea-a577-8f3c27b54ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/royans.bsky.social/post/3mp7ebc562n2w", "content": "Cisco Unified Communications Manager: Critical SSRF-to-RCE Chain CVE-2026-20230\n\n##Cisco ##SSRF ##RCE ##VulnerabilityAnalysis\n\nhttps://flagthis.com/newsletter/2026/06/26/tldr/3798", "creation_timestamp": "2026-06-26T16:25:28.991451Z"}, {"uuid": "978169eb-5ca0-4100-a0cb-ca7c6526e688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mp7wbzexxc2z", "content": "Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks\n\nwww.bleepingcomputer.com/news/securit...\n\n#Kyberturvallisuus #LaajaVaikutus #Haavoittuvuus", "creation_timestamp": "2026-06-26T21:48:02.693416Z"}, {"uuid": "3c21fa90-85ae-4945-a72b-08b9bab5b671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mpaamydmgs25", "content": "CISA added a Cisco $CSCO Unified Communications Manager flaw, CVE-2026-20230, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The server-side request forgery bug hits enterprise phone systems. Federal agencies were ordered to patch. Per CISA.", "creation_timestamp": "2026-06-27T00:53:07.310362Z"}, {"uuid": "0ba47790-6a0e-4dd6-ae03-e113edbcbdf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mpaap6ajt72a", "content": "\ud83e\udd16 CVE-2026-20230: RCE in Cisco Unified CM, actively exploited. CISA adds to KEV with Sunday patch deadline.\n\nhttps://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/", "creation_timestamp": "2026-06-27T00:54:19.312467Z"}, {"uuid": "b3f1143c-a128-4c40-b737-e29149485be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/thecybermind.co/post/3mpaqym3f7g2d", "content": "CISA confirms active zero-day exploitation of Cisco Unified CM (CVE-2026-20230), introducing a critical SSRF vector that allows threat actors to bypass internal security boundaries. Access our complete executive risk mitigation framework and boardroom governance strategy:\u2026", "creation_timestamp": "2026-06-27T05:45:56.391712Z"}, {"uuid": "29570372-1f09-4b37-b2cd-226b12d251d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mpb6yxj74a2f", "content": "Cisco Unified Communications Manager Arbitrary File Write to RCE (CVE-2026-20230) #patchmanagement", "creation_timestamp": "2026-06-27T09:56:41.236646Z"}, {"uuid": "5cbc282f-eb30-4161-bb93-074d793e0ba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mpbjrewkxx2n", "content": "\ud83e\udd16 CVE-2026-20230 (SSRF, CISA KEV): Cisco Unified Communications Manager flaw allows unauthenticated remote attackers to write files to the OS and escalate to root. Actively exploited. CISA deadline: June 28.\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-20230", "creation_timestamp": "2026-06-27T13:09:16.824554Z"}, {"uuid": "dedd6e6d-ab95-4270-8d0a-cb83c126c2aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/thecybermind.co/post/3mpdo4e4zik2b", "content": "\ud83d\udee1\ufe0f The patch window has collapsed. This week's Cyber Mind Brief breaks down CISA's emergency Cisco SSRF (CVE-2026-20230) mandate, the 2026 Verizon DBIR shift to machine-speed exploits, and tactical moves to harden your Zero Trust perimeter. Read the full operational intel:\u2026", "creation_timestamp": "2026-06-28T09:32:20.707036Z"}, {"uuid": "080216f5-1d64-4822-b214-fe279f16e54e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/sen-perimetered.bsky.social/post/3mpe4vg2kp62k", "content": "CVE-2026-20230: unauthenticated SSRF in Cisco Unified CM. No creds. Attacker writes files to the OS, escalates to root. KEV-listed Jun 25. Federal patch deadline: today, Jun 28. UC servers aren't edge infra \u2014 but they're reachable. That's enough.", "creation_timestamp": "2026-06-28T13:56:52.731932Z"}, {"uuid": "03484230-8ed2-4448-aa1f-ffbefd5cd214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/sen-perimetered.bsky.social/post/3mpe52nkveo25", "content": "CVE-2026-20230 \u2014 Cisco Unified CM. Unauthenticated SSRF \u2192 two-stage JSP webshell. Automated Tor sweeps confirmed this weekend.\n\nPatch: June 3. PoC: June 12. Exploitation: now.\n\n3 weeks of runway. Can't patch? Disable WebDialer. Today.", "creation_timestamp": "2026-06-28T13:59:48.522599Z"}, {"uuid": "28d240bd-7088-485c-a117-bc866116320c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mpeabajlfp2u", "content": "\ud83d\udce2 CISA adds two actively exploited vulnerabilities to its KEV catalog: CVE-2026-12569 in PTC products and CVE-2026-20230 in Cisco UCM. Federal agencies are mandated to patch. All orgs should prioritize these now! \u26a0\ufe0f #CyberSecurity #Vulnerability #CI...\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-28T14:57:10.924047Z"}, {"uuid": "699c9ad6-e498-45cb-b050-7ea31949bd8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mpedt3uhf224", "content": "Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild\n\nsecurityaffairs.com/194153/hacki...\n\n#Cybersecurity #LargeScaleImpact #Vulnerability", "creation_timestamp": "2026-06-28T16:00:52.143910Z"}, {"uuid": "5cbcf9c8-ef41-4811-9ab8-6b0e9fb23bec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpffnzdgim2o", "content": "This weekly CVE report covers 1,909 new vulnerabilities from June 22-28, 2026. CISA flagged six as exploited, including CVE-2026-20230.\n\n#CVE #CISA #KEV #Vulnerability #Cybersecurity #Infosec", "creation_timestamp": "2026-06-29T02:06:29.234853Z"}, {"uuid": "c9cf1960-0d03-400f-9b0e-65392e080aa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpfhbkx6r32q", "content": "Cisco Unified CM RCE Flaw Exploited in the Wild as PoC Code Goes\u00a0Public\n\nTL;DR Attackers are exploiting a Cisco Unified CM RCE flaw in live attacks. Tracked as CVE-2026-20230, it carries a CVSS score of 8.6. Researchers have now published full technical details and proof-of-concept exploit code.\u2026", "creation_timestamp": "2026-06-29T02:35:18.951919Z"}, {"uuid": "5d9896d1-c2a0-4166-818b-246832885dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20230", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mpg37n4b3722", "content": "\ud83d\udcf0 CISA Tetapkan Tenggat Waktu Darurat untuk Perbaiki Celah Keamanan Cisco dan PTC Windchill yang Dieksploitasi Peretas\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/29/cisa-sets-urgent-deadline-to-fix-cisco-and-ptc-flaws/\n\n#cisa #cisco #cve-2026-12569 #cve-2026-20230 #defusedT", "creation_timestamp": "2026-06-29T08:32:07.858103Z"}, {"uuid": "ca55eb21-8bac-401e-bd32-1f860a373aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/aegisbot.bsky.social/post/3mpggudv6x32m", "content": "\ud83d\udd0d Top signals this week:\n\nCVEs: CVE-2026-20230, CVE-2026-12569, CVE-2026-8461, CVE-2026-20245, CVE-2025-25205\nActors: Play, Ransomware, Apt\n\nFull intel: https://matlock.ca/cybersecnews", "creation_timestamp": "2026-06-29T12:00:33.794101Z"}, {"uuid": "bcb06b07-264a-4066-8d76-4cbac65aec37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://threatintel.cc/2026/06/29/threat-intel.html", "content": "1. FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys\n\n\n\nOriginal URL: [https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html](https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html)\n\nSummary: The FBI and CISA have issued an updated advisory warning that Russian state-sponsored threat groups (including UNC5792 and UNC4221) are actively targeting Signal messaging accounts via credential-phishing campaigns. Attackers are using social engineering to trick users into revealing their Signal Backup Recovery Keys, which allows the adversaries to permanently hijack accounts, restore complete message histories, and continue monitoring communication even if a user attempts to recreate their account. To mitigate this threat, users must generate a completely new recovery key within their Signal security settings, an action that instantly revokes the access privileges of any previously compromised keys.\n\nKeywords: #CyberSecurity #SignalApp #Phishing #Infosec #CISA #FBI #RussianHackers #DataPrivacy #ThreatIntelligence\n\n\n2. Self-Destructing Mistic Backdoor Linked to Access Broker Selling Corporate Footholds\n\n\n\nOriginal URL: [https://www.theregister.com/security/2026/06/25/self-destructing-mistic-backdoor-linked-to-access-broker-selling-corporate-footholds-to-ransomware-gangs/](https://www.theregister.com/security/2026/06/25/self-destructing-mistic-backdoor-linked-to-access-broker-selling-corporate-footholds-to-ransomware-gangs/)\n\nSummary: A newly discovered, highly evasive backdoor known as &ldquo;Mistic&rdquo; (or MLTBackdoor) is being deployed across multiple corporate networks, including organizations within the IT, insurance, and education sectors. Security researchers from Symantec, Carbon Black, and Zscaler have linked the malware to a financially motivated initial access broker tracked as KongTuke (or Woodgnat), who specializes in establishing early network footprints to sell to ransomware syndicates. Mistic stands out due to its built-in self-destruction mechanisms, which erase its tracks following initial deployment to complicate forensic investigations while facilitating lateral movement within target environments.\n\nKeywords: #Malware #Ransomware #InitialAccessBroker #MisticBackdoor #ThreatHunting #EnterpriseSecurity #Infosec #CyberCrime\n\n\n3. CISA Sets Urgent Deadline to Fix Cisco Flaw Exploited in Attacks\n\n\n\nOriginal URL: [https://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/](https://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/)\n\nSummary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco flaw to its Known Exploited Vulnerabilities catalog, imposing an urgent patching deadline for federal agencies. The vulnerability, tracked as CVE-2026-20230, is a critical server-side request forgery (SSRF) flaw in the Cisco Unified Communications Manager Server that permits unauthenticated, remote attackers to execute malicious actions via custom HTTP requests. While Cisco initially patch-released the flaw with no evidence of active exploits, threat detection firm Defused recently caught threat actors actively leveraging the vulnerability to write arbitrary text files directly onto vulnerable network endpoints.\n\nKeywords: #Cisco #Vulnerability #PatchTuesday #CISA #KEV #SSRF #NetworkSecurity #ITSecurity #FederalCyber\n\n\n4. New Initiative Tackles Security for End-of-Life Open Source Software\n\n\n\nOriginal URL: [https://www.darkreading.com/application-security/initiative-tackles-security-end-of-life-open-source](https://www.darkreading.com/application-security/initiative-tackles-security-end-of-life-open-source)\n\nSummary: The Commonhaus Foundation has officially introduced the Open Source Sustainability Initiative (OSSI) to confront the systemic security risks associated with abandoned and end-of-life (EOL) open-source projects. Because standard enterprises utilize hundreds of open-source dependencies, managing security patches becomes highly error-prone once development teams stop maintaining original repositories. The OSSI aims to establish a structured, collaborative framework to track, secure, and retroactively patch vulnerable code in widely used legacy projects, minimizing the attack surface for enterprise supply chains.\n\nKeywords: #OpenSource #SoftwareSupplyChain #AppSec #Commonhaus #OSSI #CyberResilience #VulnerabilityManagement #EnterpriseSoftware\n\n\n5. Clean GitHub Repo Tricks AI Coding Agents Into Running Malware\n\n\n\nOriginal URL: [https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/](https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/)\n\nSummary: Security researchers at Mozilla&rsquo;s Zero Day Investigative Network (0DIN) have demonstrated a novel prompt injection attack vector that completely bypasses code scanners by tricking AI coding assistants into generating and running local malware. Instead of containing malicious code, the target GitHub repository remains entirely clean; instead, it relies on indirect prompt instructions that manipulate the AI agent during setup into creating an unintended local vulnerability. Once executed by an automated tool like Claude Code, the attack grants the adversary a localized terminal shell functioning with the host developer&rsquo;s system privileges, giving them direct access to local API keys, environment variables, and files.\n\nKeywords: #AISecurity #GitHub #PromptInjection #LLM #ArtificialIntelligence #SoftwareDevelopment #DevSecOps #Mozilla #0DIN\n\n\n6. Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts\n\n\n\nOriginal URL: [https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html](https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html)\n\nSummary: Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021. The extensions were disguised as common utilities like ad blockers, VPNs, and translators, which performed their stated tasks to gain positive reviews while remaining dormant until clearing evasion checks.\n\nKeywords: #Malware #BrowserExtensions #Steganography #MicrosoftEdge #AdFraud #CredentialTheft #SupplyChainAttack #Infosec\n\n\n7. Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer\n\n\n\nOriginal URL: [https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html](https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html)\n\nSummary: Cybersecurity researchers have uncovered a new ecosystem supply chain attack involving hijacked npm and Go packages designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. To evade the typical script detection mechanisms implemented to harden security registries, the malware strategically avoids common execution paths and hides its initialization logic inside an automatic Microsoft Visual Studio Code workspace configuration file. Once a developer simply opens the project directory inside their IDE, the hidden task triggers automatically, fetching malicious code from blockchain records and granting the threat actors a direct command shell.\n\nKeywords: #SupplyChainAttack #Malware #VSCode #DeveloperSecurity #Python #npm #GoLang #Infostealer #DevSecOps\n\n\n8. US Seizes Hundreds of FIFA World Cup Illegal Streaming Domains\n\n\n\nOriginal URL: [https://www.bleepingcomputer.com/news/security/us-seizes-hundreds-of-fifa-world-cup-illegal-streaming-domains/](https://www.bleepingcomputer.com/news/security/us-seizes-hundreds-of-fifa-world-cup-illegal-streaming-domains/)\n\nSummary: The U.S. Department of Justice has executed a massive coordinated enforcement action dubbed &ldquo;Operation Offsides,&rdquo; seizing nearly 400 web domains that were providing illegal, real-time streams of World Cup soccer matches. Working alongside law enforcement networks across Peru, Bulgaria, Croatia, Romania, Poland, and Colombia, federal agents targeted infrastructure that infringed on global broadcasting copyright protections. Beyond media piracy, Homeland Security Investigations (HSI) warned that these unauthorized streaming platforms aggressively expose users to hidden drive-by malware infections and insecure browser connections engineered to harvest financial details.\n\nKeywords: #DomainSeizure #CyberCrime #LawEnforcement #DOJ #WorldCup #Malware #CopyrightInfringement #Piracy\n\n\n9. Active Phishing Campaign Exploits Calendly and Photo ZIP Files to Target Hotels\n\n\n\nOriginal URL: [https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026](https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026)\n\nSummary: Microsoft has issued an active alert to the global hospitality sector warning of a coordinated phishing campaign that abuses common scheduling applications like Calendly to drop dangerous Node.js malware. Attackers are posing as prospective corporate clients or wedding parties to schedule appointments, leveraging the booking platforms to share highly realistic compressed &ldquo;photo archives&rdquo; containing malicious configuration files. Once executed by unsuspecting hotel booking agents, the payload installs a flexible Node.js infostealer designed to bypass memory protections, sweep web browser caches, and extract corporate credit card data.\n\nKeywords: #Phishing #Malware #HospitalitySector #Calendly #NodeJS #SocialEngineering #DataTheft #MicrosoftSecurity\n\n\n10. Klue Supply Chain Breach Exposes OAuth Tokens and Salesforce Data\n\n\n\nOriginal URL: [https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026](https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026)\n\nSummary: A significant multi-stage supply chain breach has compromised the market intelligence SaaS platform Klue, leading to the unauthorized collection of active OAuth tokens and data exfiltration impacting approximately 200 client organizations. A threat group identified as Icarus gained initial entry by exploiting an inactive legacy administrative credential to inject malicious code directly into Klue&rsquo;s core synchronization infrastructure. Armed with the stolen OAuth access tokens, the threat actors systematically pivoted to download sensitive CRM records from client environments, subsequently posting the data on a Tor leak site for double-extortion.\n\nKeywords: #SupplyChainAttack #OAuth #DataBreach #Salesforce #SaaS #ThreatIntelligence #Extortion #CloudSecurity\n\n\n11. Amazon Q Developer Extension Flaw Enables Cloud Credential Theft\n\n\n\nOriginal URL: [https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/](https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/)\n\nSummary: Security researchers at Wiz have publicly disclosed a high-severity flaw within Amazon\u2019s Q Developer AI-assisted coding extension for Visual Studio Code that opens developers up to immediate cloud credential theft. The underlying vulnerability stems from the extension&rsquo;s behavior of automatically evaluating workspace configuration parameters without checking for manual user authorization when a new project folder is initialized. By enticing software engineers to clone an intentionally booby-trapped repository, attackers can force the IDE extension to execute automated system commands in the background to harvest local cloud access keys.\n\nKeywords: #AmazonQ #Wiz #Vulnerability #CloudSecurity #AISecurity #VSCode #DevSecOps #CredentialTheft\n\n\n12. Qihoo 360 Announces Tulongfeng Multi-Agent Swarm to Challenge US AI Security\n\n\n\nOriginal URL: [https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/](https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/)\n\nSummary: Chinese cybersecurity giant Qihoo 360 has unveiled its newest defensive security platform, dubbed &ldquo;Tulongfeng,&rdquo; engineered as an adversarial alternative to frontier American code evaluation tools like Anthropic&rsquo;s Claude Mythos. Presented at the Beijing Cybersecurity Conference, the platform leverages a highly specialized multi-agent swarm trained exclusively on Qihoo&rsquo;s massive internal repository of historical malware variants and software bugs. The developer team claims this custom architecture is finding critical vulnerabilities across open-source and enterprise-tier platforms at machine speeds, bypassing the computational overhead of generic LLMs.\n\nKeywords: #ArtificialIntelligence #Qihoo360 #Tulongfeng #VulnerabilityHunting #ZeroDay #TechGeopolitics #AIModel #Infosec\n\n\n13. KDDI Data Breach Impacts Up to 14.2 Million Accounts in Japan\n\n\n\nOriginal URL: [https://www.bleepingcomputer.com/news/security/data-breach-exposes-up-to-142-million-email-logins-at-six-isps/](https://www.bleepingcomputer.com/news/security/data-breach-exposes-up-to-142-million-email-logins-at-six-isps/)\n\nSummary: Major Japanese telecommunications operator KDDI Corporation has disclosed a massive data breach affecting up to 14.2 million email accounts spread across six distinct internet service providers (ISPs). Cybercriminals successfully compromised the systems by exploiting a newly identified software vulnerability within a shared third-party email administration module utilized by the networks. KDDI has patched the direct system vulnerability and is actively coordinating with data privacy authorities to notify impacted subscribers of potential credential theft and incoming phishing risks.\n\nKeywords: #DataBreach #TelecomSecurity #KDDI #DataPrivacy #JapanCyber #Vulnerability #SupplyChainRisk #EmailSecurity\n\n\n14. Active Exploitation Alert Issued for Cisco CUCM SSRF-RCE Flaw\n\n\n\nOriginal URL: [https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026](https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026)\n\nSummary: Threat monitors have issued an updated advisory following the rapid weaponization of CVE-2026-20230, a server-side request forgery (SSRF) flaw in Cisco&rsquo;s Unified Communications Manager (CUCM). Within 24 hours of public exploitation proof-of-concepts, automated exploitation scripts were detected scanning the internet and actively dropping weaponized HTTP requests onto enterprise servers. Attackers are currently leveraging the unauthenticated flaw to write arbitrary system files directly onto endpoints, which can lead to localized remote code execution (RCE) and full communication server compromise.\n\nKeywords: #Cisco #CUCM #ExploitAlert #SSRF #RemoteCodeExecution #ZeroDay #PatchManagement #NetworkHardening\n\n\n15. JP Morgan Warns Cybersecurity Now Outpaces Credit Risks for Major US Banks\n\n\n\nOriginal URL: [https://uk.finance.yahoo.com/news/jp-morgan-warns-cybersecurity-bigger-110200388.html](https://uk.finance.yahoo.com/news/jp-morgan-warns-cybersecurity-bigger-110200388.html)\n\nSummary: In a comprehensive analytical briefing sent to institutional investors, JP Morgan&rsquo;s European equity research group has warned that systemic cybersecurity threats now pose a fundamentally greater risk to banking stability than traditional credit default risks. The firm highlights that while conventional loan losses and asset risks are heavily modeled and calculated within current banking valuations, the financial and reputational liabilities of automated ransomware or infrastructure hacks remain dangerously understated. The report calls for regulatory bodies to introduce market valuation premiums for financial institutions that demonstrate quantifiable cyber-resilience frameworks.\n\nKeywords: #BankingSecurity #FinSec #JPMorgan #RiskManagement #Ransomware #FinancialServices #CyberEconomics #EnterpriseRisk\n", "creation_timestamp": "2026-06-29T13:00:47.391861Z"}, {"uuid": "8d812aaf-89ee-4d3b-9d23-5513f8cbda36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/trinacriatech.bsky.social/post/3mpgoavylnc2r", "content": "CVE-2026-20230 \u2014 Cisco Unified CM. SSRF WebDialer \u2192 file write arbitrario \u2192 RCE root. Unauthenticated, CVSS 8.6. PoC pubblico. CISA KEV, deadline FCEB scaduta ieri. Exploitation ancora attiva. #Cisco #CISA", "creation_timestamp": "2026-06-29T14:12:52.319643Z"}, {"uuid": "604af9a5-fdc9-432d-9bff-6d59df0151d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/trinacriatech.bsky.social/post/3mpgobtipkk2s", "content": "CVE-2026-20230 \u2014 Cisco Unified CM. SSRF WebDialer \u2192 file write arbitrario \u2192 RCE root. Unauthenticated, CVSS 8.6. PoC pubblico. CISA KEV, deadline FCEB scaduta ieri. Exploitation ancora attiva. #Cisco #CISA", "creation_timestamp": "2026-06-29T14:13:23.451228Z"}, {"uuid": "4d3a8d16-47b0-4eb8-b833-c2106341a193", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116834485468683687", "content": "\ud83d\udcf0 Attackers Actively Exploit Critical Cisco Unified CM Flaw to Deploy Webshells\n\u26a0\ufe0f ACTIVE EXPLOITATION: A critical SSRF flaw in Cisco Unified CM (CVE-2026-20230) is being used to drop webshells. Attackers are scanning from Tor. Disable the WebDialer service or patch immediately! #Cisco #CyberAttack #Infosec #SSRF\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/active-exploitation-of-critical-cisco-unified-cm-flaw-begins/?utm_source=mastodon&amp;utm_medium\u2026", "creation_timestamp": "2026-06-29T17:06:16.611430Z"}, {"uuid": "c04b7cf1-c5e7-4082-a3d6-979bc73c6931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mpgxxn75ed2c", "content": "\u26a0\ufe0f ACTIVE EXPLOITATION: A critical SSRF flaw in Cisco Unified CM (CVE-2026-20230) is being used to drop webshells. Attackers are scanning from Tor. Disable the WebDialer service or patch immediately! #Cisco #CyberAttack #Infosec #SSRF\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-29T17:06:37.707404Z"}, {"uuid": "6ddd624c-21de-45cc-8f73-30eaa26e5221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mphbse4y7c2f", "content": "\u300cCisco Unified CM\u300d\u306b\u30af\u30ea\u30c6\u30a3\u30ab\u30eb\u8106\u5f31\u6027 - \u5b9f\u8a3c\u30b3\u30fc\u30c9\u304c\u516c\u958b\u6e08\u307f\n\nCisco Systems\u306f\u3001IP\u96fb\u8a71\u3084\u30d3\u30c7\u30aa\u901a\u8a71\u306a\u3069\u3092\u7ba1\u7406\u3059\u308b\u4f01\u696d\u5411\u3051\u30b3\u30df\u30e5\u30cb\u30b1\u30fc\u30b7\u30e7\u30f3\u57fa\u76e4\u300cCisco Unified Communications Manager\u300d\u306b\u8106\u5f31\u6027\u304c\u5224\u660e\u3057\u305f\u3068\u3057\u3001\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u305f\u3002\u3059\u3067\u306b\u6982\u5ff5\u5b9f\u8a3c\u30b3\u30fc\u30c9\uff08PoC\uff09\u3082\u516c\u958b\u6e08\u307f\u3067\u3001\u91cd\u8981\u5ea6\u3092\u3082\u3063\u3068\u3082\u9ad8\u3044\u300c\u30af\u30ea\u30c6\u30a3\u30ab\u30eb\u300d\u3078\u30681\u6bb5\u968e\u5f15\u304d\u4e0a\u3052\u3001\u5229\u7528\u8005\u306b\u5bfe\u5fdc\u3092\u547c\u3073\u304b\u3051\u3066\u3044\u308b\u3002\n\n\u540c\u793e\u306f\u73fe\u5730\u6642\u95932026\u5e746\u67083\u65e5\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u3092\u516c\u958b\u3057\u3001\u30b5\u30fc\u30d0\u30b5\u30a4\u30c9\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea\uff08SSRF\uff09\u306e\u8106\u5f31\u6027\u300cCVE-2026-20230...", "creation_timestamp": "2026-06-29T20:02:38.309541Z"}, {"uuid": "829271ef-0a60-41da-81a8-db18bbc800c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mphc5mbw2k2f", "content": "Cisco\u3001Unified CM\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u6982\u5ff5\u5b9f\u8a3c\uff08PoC\uff09\u304c\u5229\u7528\u53ef\u80fd\u306b\u306a\u3063\u305f\u3068\u8b66\u544a\n\nCVE-2026-20230\uff08CVSS\u30b9\u30b3\u30a28.6\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b\u3053\u306e\u30d0\u30b0\u306f\u3001\u7279\u5b9a\u306eHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u304a\u3051\u308b\u5165\u529b\u304c\u9069\u5207\u306b\u691c\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u306b\u8d77\u56e0\u3057\u3001\u653b\u6483\u8005\u304c\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea\uff08SSRF\uff09\u653b\u6483\u3092\u5b9f\u884c\u3067\u304d\u308b\u3068\u3044\u3046\u3082\u306e\u3067\u3059\u3002\n\n\u300c\u653b\u6483\u8005\u306f\u3001\u7d30\u5de5\u3055\u308c\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30c7\u30d0\u30a4\u30b9\u306b\u9001\u4fe1\u3059\u308b\u3053\u3068\u3067\u3001\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u653b\u6483\u304c\u6210\u529f\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u306f\u57fa\u76e4\u3068\u306a\u308b\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u66f8\u304d\u8fbc\u3080\u3053\u3068\u304c\u3067\u304d\u3001\u5f8c\u3067\u305d\u308c\u3092\u4f7f\u7528\u3057\u3066root\u6a29\u9650\u306b\u6607...", "creation_timestamp": "2026-06-29T20:08:57.295680Z"}, {"uuid": "458ab812-da11-41f2-b21a-748619027509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://threatintel.cc/2026/06/29/threat-intel.html", "content": "1. FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys\n\n\n\nOriginal URL: [https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html](https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html)\n\nSummary: The FBI and CISA have issued an updated advisory warning that Russian state-sponsored threat groups (including UNC5792 and UNC4221) are actively targeting Signal messaging accounts via credential-phishing campaigns. Attackers are using social engineering to trick users into revealing their Signal Backup Recovery Keys, which allows the adversaries to permanently hijack accounts, restore complete message histories, and continue monitoring communication even if a user attempts to recreate their account. To mitigate this threat, users must generate a completely new recovery key within their Signal security settings, an action that instantly revokes the access privileges of any previously compromised keys.\n\nKeywords: #CyberSecurity #SignalApp #Phishing #Infosec #CISA #FBI #RussianHackers #DataPrivacy #ThreatIntelligence\n\n\n2. Self-Destructing Mistic Backdoor Linked to Access Broker Selling Corporate Footholds\n\n\n\nOriginal URL: [https://www.theregister.com/security/2026/06/25/self-destructing-mistic-backdoor-linked-to-access-broker-selling-corporate-footholds-to-ransomware-gangs/](https://www.theregister.com/security/2026/06/25/self-destructing-mistic-backdoor-linked-to-access-broker-selling-corporate-footholds-to-ransomware-gangs/)\n\nSummary: A newly discovered, highly evasive backdoor known as &ldquo;Mistic&rdquo; (or MLTBackdoor) is being deployed across multiple corporate networks, including organizations within the IT, insurance, and education sectors. Security researchers from Symantec, Carbon Black, and Zscaler have linked the malware to a financially motivated initial access broker tracked as KongTuke (or Woodgnat), who specializes in establishing early network footprints to sell to ransomware syndicates. Mistic stands out due to its built-in self-destruction mechanisms, which erase its tracks following initial deployment to complicate forensic investigations while facilitating lateral movement within target environments.\n\nKeywords: #Malware #Ransomware #InitialAccessBroker #MisticBackdoor #ThreatHunting #EnterpriseSecurity #Infosec #CyberCrime\n\n\n3. CISA Sets Urgent Deadline to Fix Cisco Flaw Exploited in Attacks\n\n\n\nOriginal URL: [https://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/](https://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/)\n\nSummary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco flaw to its Known Exploited Vulnerabilities catalog, imposing an urgent patching deadline for federal agencies. The vulnerability, tracked as CVE-2026-20230, is a critical server-side request forgery (SSRF) flaw in the Cisco Unified Communications Manager Server that permits unauthenticated, remote attackers to execute malicious actions via custom HTTP requests. While Cisco initially patch-released the flaw with no evidence of active exploits, threat detection firm Defused recently caught threat actors actively leveraging the vulnerability to write arbitrary text files directly onto vulnerable network endpoints.\n\nKeywords: #Cisco #Vulnerability #PatchTuesday #CISA #KEV #SSRF #NetworkSecurity #ITSecurity #FederalCyber\n\n\n4. New Initiative Tackles Security for End-of-Life Open Source Software\n\n\n\nOriginal URL: [https://www.darkreading.com/application-security/initiative-tackles-security-end-of-life-open-source](https://www.darkreading.com/application-security/initiative-tackles-security-end-of-life-open-source)\n\nSummary: The Commonhaus Foundation has officially introduced the Open Source Sustainability Initiative (OSSI) to confront the systemic security risks associated with abandoned and end-of-life (EOL) open-source projects. Because standard enterprises utilize hundreds of open-source dependencies, managing security patches becomes highly error-prone once development teams stop maintaining original repositories. The OSSI aims to establish a structured, collaborative framework to track, secure, and retroactively patch vulnerable code in widely used legacy projects, minimizing the attack surface for enterprise supply chains.\n\nKeywords: #OpenSource #SoftwareSupplyChain #AppSec #Commonhaus #OSSI #CyberResilience #VulnerabilityManagement #EnterpriseSoftware\n\n\n5. Clean GitHub Repo Tricks AI Coding Agents Into Running Malware\n\n\n\nOriginal URL: [https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/](https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/)\n\nSummary: Security researchers at Mozilla&rsquo;s Zero Day Investigative Network (0DIN) have demonstrated a novel prompt injection attack vector that completely bypasses code scanners by tricking AI coding assistants into generating and running local malware. Instead of containing malicious code, the target GitHub repository remains entirely clean; instead, it relies on indirect prompt instructions that manipulate the AI agent during setup into creating an unintended local vulnerability. Once executed by an automated tool like Claude Code, the attack grants the adversary a localized terminal shell functioning with the host developer&rsquo;s system privileges, giving them direct access to local API keys, environment variables, and files.\n\nKeywords: #AISecurity #GitHub #PromptInjection #LLM #ArtificialIntelligence #SoftwareDevelopment #DevSecOps #Mozilla #0DIN\n\n\n6. Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts\n\n\n\nOriginal URL: [https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html](https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html)\n\nSummary: Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021. The extensions were disguised as common utilities like ad blockers, VPNs, and translators, which performed their stated tasks to gain positive reviews while remaining dormant until clearing evasion checks.\n\nKeywords: #Malware #BrowserExtensions #Steganography #MicrosoftEdge #AdFraud #CredentialTheft #SupplyChainAttack #Infosec\n\n\n7. Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer\n\n\n\nOriginal URL: [https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html](https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html)\n\nSummary: Cybersecurity researchers have uncovered a new ecosystem supply chain attack involving hijacked npm and Go packages designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. To evade the typical script detection mechanisms implemented to harden security registries, the malware strategically avoids common execution paths and hides its initialization logic inside an automatic Microsoft Visual Studio Code workspace configuration file. Once a developer simply opens the project directory inside their IDE, the hidden task triggers automatically, fetching malicious code from blockchain records and granting the threat actors a direct command shell.\n\nKeywords: #SupplyChainAttack #Malware #VSCode #DeveloperSecurity #Python #npm #GoLang #Infostealer #DevSecOps\n\n\n8. US Seizes Hundreds of FIFA World Cup Illegal Streaming Domains\n\n\n\nOriginal URL: [https://www.bleepingcomputer.com/news/security/us-seizes-hundreds-of-fifa-world-cup-illegal-streaming-domains/](https://www.bleepingcomputer.com/news/security/us-seizes-hundreds-of-fifa-world-cup-illegal-streaming-domains/)\n\nSummary: The U.S. Department of Justice has executed a massive coordinated enforcement action dubbed &ldquo;Operation Offsides,&rdquo; seizing nearly 400 web domains that were providing illegal, real-time streams of World Cup soccer matches. Working alongside law enforcement networks across Peru, Bulgaria, Croatia, Romania, Poland, and Colombia, federal agents targeted infrastructure that infringed on global broadcasting copyright protections. Beyond media piracy, Homeland Security Investigations (HSI) warned that these unauthorized streaming platforms aggressively expose users to hidden drive-by malware infections and insecure browser connections engineered to harvest financial details.\n\nKeywords: #DomainSeizure #CyberCrime #LawEnforcement #DOJ #WorldCup #Malware #CopyrightInfringement #Piracy\n\n\n9. Active Phishing Campaign Exploits Calendly and Photo ZIP Files to Target Hotels\n\n\n\nOriginal URL: [https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026](https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026)\n\nSummary: Microsoft has issued an active alert to the global hospitality sector warning of a coordinated phishing campaign that abuses common scheduling applications like Calendly to drop dangerous Node.js malware. Attackers are posing as prospective corporate clients or wedding parties to schedule appointments, leveraging the booking platforms to share highly realistic compressed &ldquo;photo archives&rdquo; containing malicious configuration files. Once executed by unsuspecting hotel booking agents, the payload installs a flexible Node.js infostealer designed to bypass memory protections, sweep web browser caches, and extract corporate credit card data.\n\nKeywords: #Phishing #Malware #HospitalitySector #Calendly #NodeJS #SocialEngineering #DataTheft #MicrosoftSecurity\n\n\n10. Klue Supply Chain Breach Exposes OAuth Tokens and Salesforce Data\n\n\n\nOriginal URL: [https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026](https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026)\n\nSummary: A significant multi-stage supply chain breach has compromised the market intelligence SaaS platform Klue, leading to the unauthorized collection of active OAuth tokens and data exfiltration impacting approximately 200 client organizations. A threat group identified as Icarus gained initial entry by exploiting an inactive legacy administrative credential to inject malicious code directly into Klue&rsquo;s core synchronization infrastructure. Armed with the stolen OAuth access tokens, the threat actors systematically pivoted to download sensitive CRM records from client environments, subsequently posting the data on a Tor leak site for double-extortion.\n\nKeywords: #SupplyChainAttack #OAuth #DataBreach #Salesforce #SaaS #ThreatIntelligence #Extortion #CloudSecurity\n\n\n11. Amazon Q Developer Extension Flaw Enables Cloud Credential Theft\n\n\n\nOriginal URL: [https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/](https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/)\n\nSummary: Security researchers at Wiz have publicly disclosed a high-severity flaw within Amazon\u2019s Q Developer AI-assisted coding extension for Visual Studio Code that opens developers up to immediate cloud credential theft. The underlying vulnerability stems from the extension&rsquo;s behavior of automatically evaluating workspace configuration parameters without checking for manual user authorization when a new project folder is initialized. By enticing software engineers to clone an intentionally booby-trapped repository, attackers can force the IDE extension to execute automated system commands in the background to harvest local cloud access keys.\n\nKeywords: #AmazonQ #Wiz #Vulnerability #CloudSecurity #AISecurity #VSCode #DevSecOps #CredentialTheft\n\n\n12. Qihoo 360 Announces Tulongfeng Multi-Agent Swarm to Challenge US AI Security\n\n\n\nOriginal URL: [https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/](https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/)\n\nSummary: Chinese cybersecurity giant Qihoo 360 has unveiled its newest defensive security platform, dubbed &ldquo;Tulongfeng,&rdquo; engineered as an adversarial alternative to frontier American code evaluation tools like Anthropic&rsquo;s Claude Mythos. Presented at the Beijing Cybersecurity Conference, the platform leverages a highly specialized multi-agent swarm trained exclusively on Qihoo&rsquo;s massive internal repository of historical malware variants and software bugs. The developer team claims this custom architecture is finding critical vulnerabilities across open-source and enterprise-tier platforms at machine speeds, bypassing the computational overhead of generic LLMs.\n\nKeywords: #ArtificialIntelligence #Qihoo360 #Tulongfeng #VulnerabilityHunting #ZeroDay #TechGeopolitics #AIModel #Infosec\n\n\n13. KDDI Data Breach Impacts Up to 14.2 Million Accounts in Japan\n\n\n\nOriginal URL: [https://www.bleepingcomputer.com/news/security/data-breach-exposes-up-to-142-million-email-logins-at-six-isps/](https://www.bleepingcomputer.com/news/security/data-breach-exposes-up-to-142-million-email-logins-at-six-isps/)\n\nSummary: Major Japanese telecommunications operator KDDI Corporation has disclosed a massive data breach affecting up to 14.2 million email accounts spread across six distinct internet service providers (ISPs). Cybercriminals successfully compromised the systems by exploiting a newly identified software vulnerability within a shared third-party email administration module utilized by the networks. KDDI has patched the direct system vulnerability and is actively coordinating with data privacy authorities to notify impacted subscribers of potential credential theft and incoming phishing risks.\n\nKeywords: #DataBreach #TelecomSecurity #KDDI #DataPrivacy #JapanCyber #Vulnerability #SupplyChainRisk #EmailSecurity\n\n\n14. Active Exploitation Alert Issued for Cisco CUCM SSRF-RCE Flaw\n\n\n\nOriginal URL: [https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026](https://www.rescana.com/post/klue-supply-chain-breach-exposes-oauth-tokens-and-salesforce-data-in-multi-stage-cybersecurity-incident-june-2026)\n\nSummary: Threat monitors have issued an updated advisory following the rapid weaponization of CVE-2026-20230, a server-side request forgery (SSRF) flaw in Cisco&rsquo;s Unified Communications Manager (CUCM). Within 24 hours of public exploitation proof-of-concepts, automated exploitation scripts were detected scanning the internet and actively dropping weaponized HTTP requests onto enterprise servers. Attackers are currently leveraging the unauthenticated flaw to write arbitrary system files directly onto endpoints, which can lead to localized remote code execution (RCE) and full communication server compromise.\n\nKeywords: #Cisco #CUCM #ExploitAlert #SSRF #RemoteCodeExecution #ZeroDay #PatchManagement #NetworkHardening\n\n\n15. JP Morgan Warns Cybersecurity Now Outpaces Credit Risks for Major US Banks\n\n\n\nOriginal URL: [https://uk.finance.yahoo.com/news/jp-morgan-warns-cybersecurity-bigger-110200388.html](https://uk.finance.yahoo.com/news/jp-morgan-warns-cybersecurity-bigger-110200388.html)\n\nSummary: In a comprehensive analytical briefing sent to institutional investors, JP Morgan&rsquo;s European equity research group has warned that systemic cybersecurity threats now pose a fundamentally greater risk to banking stability than traditional credit default risks. The firm highlights that while conventional loan losses and asset risks are heavily modeled and calculated within current banking valuations, the financial and reputational liabilities of automated ransomware or infrastructure hacks remain dangerously understated. The report calls for regulatory bodies to introduce market valuation premiums for financial institutions that demonstrate quantifiable cyber-resilience frameworks.\n\nKeywords: #BankingSecurity #FinSec #JPMorgan #RiskManagement #Ransomware #FinancialServices #CyberEconomics #EnterpriseRisk\n", "creation_timestamp": "2026-06-30T01:00:42.389763Z"}, {"uuid": "637a4d9b-1224-4453-89a9-7f85c3906442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mphxidm26u2q", "content": "Top 3 CVE for last 7 days:\nCVE-2026-55200: 48 interactions\nCVE-2026-47729: 36 interactions\nCVE-2026-8461: 35 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-46817: 9 interactions\nCVE-2026-43503: 4 interactions\nCVE-2026-20230: 3 interactions\n", "creation_timestamp": "2026-06-30T02:30:44.377649Z"}, {"uuid": "c1472b2f-ce2e-4b4a-ab1a-587887af6c77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-028", "content": "", "creation_timestamp": "2026-07-01T02:45:19.523436Z"}, {"uuid": "134587bc-a229-47d2-8b43-ac0bea356892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116845478626076701", "content": "New Cisco advisory relating to a June 3 critical vulnerability:\nCVE-2026-20230: Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW @TalosSecurity #vulnerability #Cisco", "creation_timestamp": "2026-07-01T15:41:51.725456Z"}, {"uuid": "548cbb9d-4081-40ca-b1c3-91e1fe25785b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.jerrygamblin.com/2026/07/01/3528/", "content": "We are halfway through 2026, so it is time for the mid-year CVE check-in. The short version: the volume curve has gone vertical while exploitation has not. This review covers everything published in the first half of 2026 (Jan 1 &#8211; Jun 30, 2026), the volume, the severity, what is actually being exploited, and who is driving the numbers, all measured against the same elapsed window a year ago so a partial half is never compared to a full one.\n\n\n\n\nTL;DR\n\n\n\n\nThe first half of 2026 produced 35,364 CVEs, more in six months than any full year before 2024 (all of 2023 finished at 28,817).&nbsp;That works out to one new CVE every&nbsp;7.4 minutes, an increase of&nbsp;49.5%&nbsp;over the same window in 2025 (23,656). And yet only&nbsp;85 of them (0.24%)&nbsp;have made CISA&#8217;s KEV list so far, a floor that will rise as the cohort ages and exploitation is confirmed. That gap is the story of 2026 so far: we are minting CVEs faster than ever while confirmed exploitation stays rare, so the hard problem is signal-to-noise, not patch volume.\n\n\n\n\nAt this pace the year projects to roughly&nbsp;71,314 to 72,008, and the all-time catalog has now passed&nbsp;344,258 CVEs&nbsp;since 1999.\n\n\n\n\n\n\nNote: All statistics in this report exclude rejected CVEs to provide an accurate count of active vulnerabilities.\n\n\n\n\n\nKey Statistics at a Glance\n\n\n\n\n\nMetricValueTotal CVEs (H1 2026)35,364CVEs per Day195.4Change vs same window 2025+49.5%Projected Full Year71,314 &#8211; 72,008Critical Severity3,554High Severity13,821Average CVSS Score6.89CVSS Coverage94.3%CWE Coverage95.6%Active CNAs340Rejected CVEs (H1 2026)1,265Already Known-Exploited (KEV)85\n\n\n\n\n\n\n\n\n\nH1-over-H1: Three Years Side by Side\n\n\n\n\nTo keep the comparison honest while 2026 is still in progress, each year is measured over the identical window (January 1 through Jun 30).\n\n\n\n\n\nWindowCVEsPer DayAvg CVSSJan 1 &#8211; Jun 30, 202420,374112.66.65Jan 1 &#8211; Jun 30, 202523,656130.76.57Jan 1 &#8211; Jun 30, 202635,364195.46.89\n\n\n\n\n\n\n\n\n\nForecast Scorecard: Are We On Pace?\n\n\n\n\nAt&nbsp;195.4 CVEs/day, two straight-line methods land close to each other (both are simple extrapolations of the same H1 run, so this is a sanity check, not two truly independent signals): the run-rate extrapolates to&nbsp;71,314, and a seasonality-adjusted estimate (scaling the pace across the full half, then dividing by 2025&#8217;s 49% first-half share) to&nbsp;72,008.\n\n\n\n\nCVEForecast, one of my own RogoLabs tools, projects\u00a090,831 CVEs\u00a0for full-year 2026 (LinearRegression, MAPE 17.9), so I am partly arguing with my own model here. That is\u00a018,823 above\u00a0the top of the straight-line range, and here is where I will plant a flag:\u00a0I think the model is high.\u00a0Both simple extrapolations land near 72,008, and the forecast&#8217;s entire gap to them rests on a heavy second-half surge that still has to show up.\u00a0My call is the year closes nearer 72,008 than 90,831.\u00a0I will happily eat those words in the December review if H2 accelerates the way the model expects, but the burden of proof is on the surge.\n\n\n\n\n\n\n\n\n\nWhat Changed in H1 2026\n\n\n\n\nGitHub Security Advisories&nbsp;is the busiest CNA at&nbsp;6,801&nbsp;assignments. New to the most-affected product list this year:&nbsp;Chrome, OpenClaw. Among weakness types,&nbsp;CWE-862&nbsp;(Missing Authorization) climbed to #2 in the top five.\n\n\n\n\nSpotlight: OpenClaw.&nbsp;A project that barely existed a year ago, OpenClaw (Peter Steinberger&#8217;s viral local AI agent, the subject of&nbsp;Lex Fridman Podcast #491) is already one of the most-reported products of the half with&nbsp;537 CVEs. The striking part is who is doing the reporting:&nbsp;VulnCheck alone assigned 500&nbsp;of them (93%), disclosed steadily across the half rather than in a single dump. That concentration says more about researcher attention than code quality: VulnCheck, whose remit is emerging and exploited-in-the-wild threats, is exactly the kind of team that systematically covers a fast-growing new target, and concentrated third-party research on a hot AI agent is the coverage you would want. To its credit the project embraced the CVE lifecycle itself, issuing advisories through GitHub as reports came in. I track its CVEs at&nbsp;OpenClawCVEs.\n\n\n\n\n\n\n\n\n\nHistorical CVE Growth\n\n\n\n\nTo compare like with like, this chart counts only the first half of every year (January 1 through Jun 30). On that basis 2026 already stands taller than any prior first half: more CVEs in six months than the same window has ever produced.\n\n\n\n\n\n\n\n\n\nFirst-half growth has been relentless, and 2026 is&nbsp;+49.5%&nbsp;on the first half of 2025.\n\n\n\n\n\n\n\n\n\nCounting full years, the cumulative catalog has now passed&nbsp;344,258 CVEs.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nMonthly Distribution (H1 2026)\n\n\n\n\nCVE publications varied across the first half of 2026, with&nbsp;Jun&nbsp;being the peak month at&nbsp;7,454 CVEs.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nPublication Patterns by Day of Week\n\n\n\n\nPublishing clusters midweek.&nbsp;Wednesday&nbsp;is the busiest day at&nbsp;7,943 CVEs, with Tuesday close behind at&nbsp;7,216. Patch Tuesday is part of the story, but the midweek bulge owes as much to the high-volume CNAs (GitHub, Linux, the WordPress plugin crowd) that batch-publish midweek.\n\n\n\n\n\n\n\n\n\nWeekdays average&nbsp;6,517&nbsp;CVEs against just&nbsp;1,389&nbsp;on weekends.\n\n\n\n\n\n\n\n\n\nBusiest Days of H1 2026\n\n\n\n\nSome days saw massive spikes in CVE publications:\n\n\n\n\n\n\n\n\n\nTop 5 Busiest Days\n\n\n\n\n\nRankDateCVE Count12026-06-0974722026-06-1773232026-05-2771642026-03-2560652026-05-12554\n\n\n\n\n\n\n\n\n\nCVSS Score Analysis\n\n\n\n\nThe Common Vulnerability Scoring System (CVSS) helps standardize severity assessments. Here&#8217;s how H1 2026 CVEs were distributed across the scoring range.\n\n\n\n\n\n\n\n\n\nThe&nbsp;average CVSS score for H1 2026 was 6.89, with a&nbsp;median of 7.10.\n\n\n\n\nSeverity Breakdown\n\n\n\n\n\nSeverityCountPercentageCritical3,55410.0%High13,82139.1%Medium14,48541.0%Low3,0568.6%Unscored4481.3%\n\n\n\n\nPercentages are of all H1 2026 CVEs; &#8220;Unscored&#8221; are the 1.3% with no CVSS severity assigned.\n\n\n\n\n\n\n\n\n\nCVSS Trends Over Time\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nTop Weakness Types (CWE)\n\n\n\n\nThe Common Weakness Enumeration (CWE) categorizes the types of security weaknesses. Here are the most prevalent weakness types in H1 2026:\n\n\n\n\n\n\n\n\n\nTop 5 CWEs in H1 2026\n\n\n\n\n\nRankCWENameCount1CWE-79XSS3,7832CWE-862Missing Authorization1,7043CWE-89SQL Injection1,4454CWE-22Path Traversal1,2645CWE-416Use After Free1,037\n\n\n\n\n\n\n\n\n\nCVE Numbering Authorities (CNAs)\n\n\n\n\nThe leaderboard increasingly reflects where modern software and modern vulnerability research live: platform and ecosystem CNAs (GitHub, Patchstack) and dedicated research CNAs (VulnCheck, VulDB) alongside the traditional product vendors. High assignment counts are not inflation, a CNA covering the WordPress plugin ecosystem or issuing a CVE per kernel fix is doing exactly its job; the low KEV overlap below reflects how rare confirmed exploitation is across all sources, not the validity of any CNA&#8217;s records. The most active assigners this year:\n\n\n\n\n\n\n\n\n\nTop 5 CNAs in H1 2026\n\n\n\n\n\nRankCNACVEs Assigned1GitHub Security Advisories6,8012VulDB3,3193VulnCheck3,2734Patchstack2,7045Linux2,564\n\n\n\n\nIn total,&nbsp;340 unique CNAs&nbsp;assigned CVEs in H1 2026.\n\n\n\n\n\n\n\n\n\nTop Vendors\n\n\n\n\nThe vendors with the most CVEs attributed to their products this year (each links to its NVD search):\n\n\n\n\n\n\n\n\n\nTop 5 Vendors in H1 2026\n\n\n\n\n\nRankVendorCVE Count1Linux2,5642Google1,8013Microsoft8644OpenClaw5375Oracle445\n\n\n\n\n\n\n\n\n\nMost Vulnerable Products\n\n\n\n\nDrilling past vendors to specific products, the H1 2026 leaders:\n\n\n\n\n\n\n\n\n\nTop 5 Products\n\n\n\n\n\nRankProductCVE Count1Linux Kernel1,9562Chrome1,2033OpenClaw5344Windows 103725Android303\n\n\n\n\nProduct-level counts can differ slightly from the vendor totals above: a vendor&#8217;s CVEs may span several products, and a single CVE can name more than one.\n\n\n\n\n\n\n\n\n\nKnown-Exploited Vulnerabilities (CISA KEV)\n\n\n\n\nVolume is the headline, but exploitation is what should actually drive patching. Of the&nbsp;35,364&nbsp;CVEs published in H1 2026, only&nbsp;85&nbsp;(0.24%) have shown up in the&nbsp;CISA KEV catalog&nbsp;so far. Treat that as a floor, not a verdict: KEV is a US-government catalog that lags disclosure by months and records only confirmed, observed exploitation, so this share will climb as the 2026 cohort ages. Even so, the signal holds, most CVEs are not known-exploited, so exploitability (KEV plus a forward-looking score like EPSS) beats chasing raw counts.\n\n\n\n\nNote these are two different populations: the&nbsp;85&nbsp;above are H1-2026-published&nbsp;CVEs already in KEV, while CISA&nbsp;added&nbsp;146&nbsp;entries to KEV during the half (more than the&nbsp;132&nbsp;added in the same window of 2025, many of them older CVEs newly exploited), and&nbsp;17&nbsp;of those additions are tied to known ransomware campaigns.\n\n\n\n\nH1 2026 CVEs Already in KEV\n\n\n\n\nA sample (5 most recent of 85):\n\n\n\n\n\nCVEVendorProductAddedRansomwareCVE-2026-48558SimplehelpSimpleHelp2026-06-29NoCVE-2026-20230CiscoUnified Communications Manager2026-06-25NoCVE-2026-12569PtcWindchill and FlexPLM2026-06-25NoCVE-2025-67038LantronixEDS50002026-06-23NoCVE-2026-34910UbiquitiUniFi OS2026-06-23No\n\n\n\n\n\n\n\n\n\nData Quality\n\n\n\n\nNot all CVEs have complete metadata. Here&#8217;s how data quality has evolved over the years:\n\n\n\n\n\n\n\n\n\nH1 2026 Data Quality Metrics\n\n\n\n\n\nMetricCoverageCVSS Score94.3%CWE Classification95.6%CPE Identifiers59.0%\n\n\n\n\nThis is where two ideas from the&nbsp;CVE Decaf&nbsp;work I did with Jay Jacobs get practical:&nbsp;actionable data quality&nbsp;(judge a record by whether it is complete enough to act on, not by abstract completeness) and&nbsp;data provenance&nbsp;(knowing which source asserted each field). The CPE gap is the clearest case. At&nbsp;59.0% CPE coverage, nearly half of H1 2026 CVEs cannot be automatically matched to a product the day they publish, so for those records the answer to &#8220;can I act on this today?&#8221; is no, no matter how complete the rest of the entry looks. Scoring each record on its provenance (who supplied it) and on the fields that actually drive action (CPE for asset matching, KEV and EPSS for exploitability) is how you turn the raw feed into a measurable signal-to-noise ratio instead of a flat backlog.\n\n\n\n\n\n\n\n\n\nRejected CVEs\n\n\n\n\nNot all CVE IDs stay active. Some are rejected for duplicates, disputes, or invalid submissions, and the rejection rate is a useful read on the ecosystem&#8217;s quality control.\n\n\n\n\n\n\n\n\n\nH1 2026 Rejection Statistics\n\n\n\n\n\nMetricValueRejected CVEs in H1 20261,265H1 2026 Rejection Rate3.45%Total Rejected (All Time)17,648\n\n\n\n\nCVE rejections occur for several reasons:\n\n\n\n\n\n\nDuplicates: The same vulnerability assigned multiple CVE IDs\n\n\n\n\nDisputes: Vendor disagreement that the issue is a vulnerability\n\n\n\n\nInvalid: Not a security vulnerability or insufficient information\n\n\n\n\nWithdrawn: CVE withdrawn by the assigning CNA\n\n\n\n\n\n\n\n\n\n\nConclusions\n\n\n\n\nKey Takeaways from the First Half of 2026\n\n\n\n\n\n\nVolume keeps climbing: 35,364 CVEs in roughly six months, up 49.5% on the same window last year, with the full year projecting to 71,314-72,008.\n\n\n\n\nSeverity stays heavy: 17,375 CVEs (49.1%) are Critical or High.\n\n\n\n\nWeb and access-control flaws lead: XSS, Missing Authorization, SQL Injection, Path Traversal headline the CWE list. Memory-safety issues barely register in the top tier this half.\n\n\n\n\nThe CNA mix is shifting: platform teams and aggregators, not the original vendors, now top the assigner list, and the lineup reshuffled from a year ago.\n\n\n\n\nCoverage gaps persist: CVSS and CWE are well covered, but CPE sits at 59.0%, which still hampers automated matching.\n\n\n\n\nConfirmed exploitation stays rare (so far): just 85 of 35,364 H1 CVEs (0.24%) are in CISA KEV today, a floor that rises as the cohort ages. Volume is a triage problem, not a patch-everything problem.\n\n\n\n\n\nWhat this means for you\n\n\n\n\n\n\nIf you defend a network:&nbsp;do not let the raw count set your pace. Only&nbsp;0.24%&nbsp;of H1 CVEs are confirmed-exploited in KEV today, but KEV lags and is a floor, not the full risk picture. Lead with exploitability (KEV as a hard floor, EPSS with a threshold you pick), then weight by your own context: internet-facing and sensitive systems jump the queue regardless of score, and compliance SLAs (PCI, FedRAMP, and the like) still set hard clocks. Lower priority is not never, so park the rest in a managed cycle rather than ignoring it.\n\n\n\n\nIf you run a CNA:&nbsp;the leaderboard now runs through platforms, ecosystems, and research CNAs. Volume reflects scope, not padding; the differentiator that is still genuinely uneven is data quality, and the biggest gap, CPE coverage, is largely an NVD-side enrichment problem rather than a function of who assigned the CVE.\n\n\n\n\nIf you consume NVD data:&nbsp;enrichment is the bottleneck. CPE at 59.0% means nearly half of new CVEs lack a formal CPE, which complicates NVD-style automated matching (many CNAs still carry vendor/product strings), and volume only widens that gap.\n\n\n\n\n\nWhat I&#8217;m watching in H2\n\n\n\n\nMy call from the scorecard stands: 2026 closes nearer&nbsp;72,008&nbsp;than the&nbsp;90,831&nbsp;forecast. Two things would change my mind: a December disclosure surge bigger than 2025&#8217;s, or another OpenClaw-style project flooding the catalog. The year-end review settles it.\n\n\n\n\n\n\n\n\n\nMethodology and Reproducibility\n\n\n\n\nTwo primary data sources, plus two enrichment feeds:\n\n\n\n\n\n\nNVD JSON&nbsp;&#8211; National Vulnerability Database export from&nbsp;nvd.handsonhacking.org\n\n\n\n\nCVE List V5&nbsp;&#8211; Official CVE records from&nbsp;CVEProject/cvelistV5\n\n\n\n\nForecast\u00a0&#8211;\u00a0CVEForecast\u00a0full-year projection\n\n\n\n\nExploitation&nbsp;&#8211;&nbsp;CISA KEV catalog\n\n\n\n\n\nEverything here is reproducible. The full pipeline (Python, pandas, matplotlib) is on GitHub at\u00a0jgamblin/H12026CVEBlog, and it leans on the free CVE tooling I build at\u00a0RogoLabs:\u00a0cve.icu,\u00a0cnascorecard.org, and\u00a0cveforecast.org.\n\n\n\n\nData collected and analyzed on July 01, 2026.", "creation_timestamp": "2026-07-01T19:00:55.757839Z"}, {"uuid": "1f3036dc-9995-4abe-9a2a-9b36c031e706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.jerrygamblin.com/2026/07/01/3528/", "content": "We are halfway through 2026, so it is time for the mid-year CVE check-in. The short version: the volume curve has gone vertical while exploitation has not. This review covers everything published in the first half of 2026 (Jan 1 &#8211; Jun 30, 2026), the volume, the severity, what is actually being exploited, and who is driving the numbers, all measured against the same elapsed window a year ago so a partial half is never compared to a full one.\n\n\n\n\nTL;DR\n\n\n\n\nThe first half of 2026 produced 35,364 CVEs, more in six months than any full year before 2024 (all of 2023 finished at 28,817).&nbsp;That works out to one new CVE every&nbsp;7.4 minutes, an increase of&nbsp;49.5%&nbsp;over the same window in 2025 (23,656). And yet only&nbsp;85 of them (0.24%)&nbsp;have made CISA&#8217;s KEV list so far, a floor that will rise as the cohort ages and exploitation is confirmed. That gap is the story of 2026 so far: we are minting CVEs faster than ever while confirmed exploitation stays rare, so the hard problem is signal-to-noise, not patch volume.\n\n\n\n\nAt this pace the year projects to roughly&nbsp;71,314 to 72,008, and the all-time catalog has now passed&nbsp;344,258 CVEs&nbsp;since 1999.\n\n\n\n\n\n\nNote: All statistics in this report exclude rejected CVEs to provide an accurate count of active vulnerabilities.\n\n\n\n\n\nKey Statistics at a Glance\n\n\n\n\n\nMetricValueTotal CVEs (H1 2026)35,364CVEs per Day195.4Change vs same window 2025+49.5%Projected Full Year71,314 &#8211; 72,008Critical Severity3,554High Severity13,821Average CVSS Score6.89CVSS Coverage94.3%CWE Coverage95.6%Active CNAs340Rejected CVEs (H1 2026)1,265Already Known-Exploited (KEV)85\n\n\n\n\n\n\n\n\n\nH1-over-H1: Three Years Side by Side\n\n\n\n\nTo keep the comparison honest while 2026 is still in progress, each year is measured over the identical window (January 1 through Jun 30).\n\n\n\n\n\nWindowCVEsPer DayAvg CVSSJan 1 &#8211; Jun 30, 202420,374112.66.65Jan 1 &#8211; Jun 30, 202523,656130.76.57Jan 1 &#8211; Jun 30, 202635,364195.46.89\n\n\n\n\n\n\n\n\n\nForecast Scorecard: Are We On Pace?\n\n\n\n\nAt&nbsp;195.4 CVEs/day, two straight-line methods land close to each other (both are simple extrapolations of the same H1 run, so this is a sanity check, not two truly independent signals): the run-rate extrapolates to&nbsp;71,314, and a seasonality-adjusted estimate (scaling the pace across the full half, then dividing by 2025&#8217;s 49% first-half share) to&nbsp;72,008.\n\n\n\n\nCVEForecast, one of my own RogoLabs tools, projects\u00a090,831 CVEs\u00a0for full-year 2026 (LinearRegression, MAPE 17.9), so I am partly arguing with my own model here. That is\u00a018,823 above\u00a0the top of the straight-line range, and here is where I will plant a flag:\u00a0I think the model is high.\u00a0Both simple extrapolations land near 72,008, and the forecast&#8217;s entire gap to them rests on a heavy second-half surge that still has to show up.\u00a0My call is the year closes nearer 72,008 than 90,831.\u00a0I will happily eat those words in the December review if H2 accelerates the way the model expects, but the burden of proof is on the surge.\n\n\n\n\n\n\n\n\n\nWhat Changed in H1 2026\n\n\n\n\nGitHub Security Advisories&nbsp;is the busiest CNA at&nbsp;6,801&nbsp;assignments. New to the most-affected product list this year:&nbsp;Chrome, OpenClaw. Among weakness types,&nbsp;CWE-862&nbsp;(Missing Authorization) climbed to #2 in the top five.\n\n\n\n\nSpotlight: OpenClaw.&nbsp;A project that barely existed a year ago, OpenClaw (Peter Steinberger&#8217;s viral local AI agent, the subject of&nbsp;Lex Fridman Podcast #491) is already one of the most-reported products of the half with&nbsp;537 CVEs. The striking part is who is doing the reporting:&nbsp;VulnCheck alone assigned 500&nbsp;of them (93%), disclosed steadily across the half rather than in a single dump. That concentration says more about researcher attention than code quality: VulnCheck, whose remit is emerging and exploited-in-the-wild threats, is exactly the kind of team that systematically covers a fast-growing new target, and concentrated third-party research on a hot AI agent is the coverage you would want. To its credit the project embraced the CVE lifecycle itself, issuing advisories through GitHub as reports came in. I track its CVEs at&nbsp;OpenClawCVEs.\n\n\n\n\n\n\n\n\n\nHistorical CVE Growth\n\n\n\n\nTo compare like with like, this chart counts only the first half of every year (January 1 through Jun 30). On that basis 2026 already stands taller than any prior first half: more CVEs in six months than the same window has ever produced.\n\n\n\n\n\n\n\n\n\nFirst-half growth has been relentless, and 2026 is&nbsp;+49.5%&nbsp;on the first half of 2025.\n\n\n\n\n\n\n\n\n\nCounting full years, the cumulative catalog has now passed&nbsp;344,258 CVEs.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nMonthly Distribution (H1 2026)\n\n\n\n\nCVE publications varied across the first half of 2026, with&nbsp;Jun&nbsp;being the peak month at&nbsp;7,454 CVEs.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nPublication Patterns by Day of Week\n\n\n\n\nPublishing clusters midweek.&nbsp;Wednesday&nbsp;is the busiest day at&nbsp;7,943 CVEs, with Tuesday close behind at&nbsp;7,216. Patch Tuesday is part of the story, but the midweek bulge owes as much to the high-volume CNAs (GitHub, Linux, the WordPress plugin crowd) that batch-publish midweek.\n\n\n\n\n\n\n\n\n\nWeekdays average&nbsp;6,517&nbsp;CVEs against just&nbsp;1,389&nbsp;on weekends.\n\n\n\n\n\n\n\n\n\nBusiest Days of H1 2026\n\n\n\n\nSome days saw massive spikes in CVE publications:\n\n\n\n\n\n\n\n\n\nTop 5 Busiest Days\n\n\n\n\n\nRankDateCVE Count12026-06-0974722026-06-1773232026-05-2771642026-03-2560652026-05-12554\n\n\n\n\n\n\n\n\n\nCVSS Score Analysis\n\n\n\n\nThe Common Vulnerability Scoring System (CVSS) helps standardize severity assessments. Here&#8217;s how H1 2026 CVEs were distributed across the scoring range.\n\n\n\n\n\n\n\n\n\nThe&nbsp;average CVSS score for H1 2026 was 6.89, with a&nbsp;median of 7.10.\n\n\n\n\nSeverity Breakdown\n\n\n\n\n\nSeverityCountPercentageCritical3,55410.0%High13,82139.1%Medium14,48541.0%Low3,0568.6%Unscored4481.3%\n\n\n\n\nPercentages are of all H1 2026 CVEs; &#8220;Unscored&#8221; are the 1.3% with no CVSS severity assigned.\n\n\n\n\n\n\n\n\n\nCVSS Trends Over Time\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nTop Weakness Types (CWE)\n\n\n\n\nThe Common Weakness Enumeration (CWE) categorizes the types of security weaknesses. Here are the most prevalent weakness types in H1 2026:\n\n\n\n\n\n\n\n\n\nTop 5 CWEs in H1 2026\n\n\n\n\n\nRankCWENameCount1CWE-79XSS3,7832CWE-862Missing Authorization1,7043CWE-89SQL Injection1,4454CWE-22Path Traversal1,2645CWE-416Use After Free1,037\n\n\n\n\n\n\n\n\n\nCVE Numbering Authorities (CNAs)\n\n\n\n\nThe leaderboard increasingly reflects where modern software and modern vulnerability research live: platform and ecosystem CNAs (GitHub, Patchstack) and dedicated research CNAs (VulnCheck, VulDB) alongside the traditional product vendors. High assignment counts are not inflation, a CNA covering the WordPress plugin ecosystem or issuing a CVE per kernel fix is doing exactly its job; the low KEV overlap below reflects how rare confirmed exploitation is across all sources, not the validity of any CNA&#8217;s records. The most active assigners this year:\n\n\n\n\n\n\n\n\n\nTop 5 CNAs in H1 2026\n\n\n\n\n\nRankCNACVEs Assigned1GitHub Security Advisories6,8012VulDB3,3193VulnCheck3,2734Patchstack2,7045Linux2,564\n\n\n\n\nIn total,&nbsp;340 unique CNAs&nbsp;assigned CVEs in H1 2026.\n\n\n\n\n\n\n\n\n\nTop Vendors\n\n\n\n\nThe vendors with the most CVEs attributed to their products this year (each links to its NVD search):\n\n\n\n\n\n\n\n\n\nTop 5 Vendors in H1 2026\n\n\n\n\n\nRankVendorCVE Count1Linux2,5642Google1,8013Microsoft8644OpenClaw5375Oracle445\n\n\n\n\n\n\n\n\n\nMost Vulnerable Products\n\n\n\n\nDrilling past vendors to specific products, the H1 2026 leaders:\n\n\n\n\n\n\n\n\n\nTop 5 Products\n\n\n\n\n\nRankProductCVE Count1Linux Kernel1,9562Chrome1,2033OpenClaw5344Windows 103725Android303\n\n\n\n\nProduct-level counts can differ slightly from the vendor totals above: a vendor&#8217;s CVEs may span several products, and a single CVE can name more than one.\n\n\n\n\n\n\n\n\n\nKnown-Exploited Vulnerabilities (CISA KEV)\n\n\n\n\nVolume is the headline, but exploitation is what should actually drive patching. Of the&nbsp;35,364&nbsp;CVEs published in H1 2026, only&nbsp;85&nbsp;(0.24%) have shown up in the&nbsp;CISA KEV catalog&nbsp;so far. Treat that as a floor, not a verdict: KEV is a US-government catalog that lags disclosure by months and records only confirmed, observed exploitation, so this share will climb as the 2026 cohort ages. Even so, the signal holds, most CVEs are not known-exploited, so exploitability (KEV plus a forward-looking score like EPSS) beats chasing raw counts.\n\n\n\n\nNote these are two different populations: the&nbsp;85&nbsp;above are H1-2026-published&nbsp;CVEs already in KEV, while CISA&nbsp;added&nbsp;146&nbsp;entries to KEV during the half (more than the&nbsp;132&nbsp;added in the same window of 2025, many of them older CVEs newly exploited), and&nbsp;17&nbsp;of those additions are tied to known ransomware campaigns.\n\n\n\n\nH1 2026 CVEs Already in KEV\n\n\n\n\nA sample (5 most recent of 85):\n\n\n\n\n\nCVEVendorProductAddedRansomwareCVE-2026-48558SimplehelpSimpleHelp2026-06-29NoCVE-2026-20230CiscoUnified Communications Manager2026-06-25NoCVE-2026-12569PtcWindchill and FlexPLM2026-06-25NoCVE-2025-67038LantronixEDS50002026-06-23NoCVE-2026-34910UbiquitiUniFi OS2026-06-23No\n\n\n\n\n\n\n\n\n\nData Quality\n\n\n\n\nNot all CVEs have complete metadata. Here&#8217;s how data quality has evolved over the years:\n\n\n\n\n\n\n\n\n\nH1 2026 Data Quality Metrics\n\n\n\n\n\nMetricCoverageCVSS Score94.3%CWE Classification95.6%CPE Identifiers59.0%\n\n\n\n\nThis is where two ideas from the&nbsp;CVE Decaf&nbsp;work I did with Jay Jacobs get practical:&nbsp;actionable data quality&nbsp;(judge a record by whether it is complete enough to act on, not by abstract completeness) and&nbsp;data provenance&nbsp;(knowing which source asserted each field). The CPE gap is the clearest case. At&nbsp;59.0% CPE coverage, nearly half of H1 2026 CVEs cannot be automatically matched to a product the day they publish, so for those records the answer to &#8220;can I act on this today?&#8221; is no, no matter how complete the rest of the entry looks. Scoring each record on its provenance (who supplied it) and on the fields that actually drive action (CPE for asset matching, KEV and EPSS for exploitability) is how you turn the raw feed into a measurable signal-to-noise ratio instead of a flat backlog.\n\n\n\n\n\n\n\n\n\nRejected CVEs\n\n\n\n\nNot all CVE IDs stay active. Some are rejected for duplicates, disputes, or invalid submissions, and the rejection rate is a useful read on the ecosystem&#8217;s quality control.\n\n\n\n\n\n\n\n\n\nH1 2026 Rejection Statistics\n\n\n\n\n\nMetricValueRejected CVEs in H1 20261,265H1 2026 Rejection Rate3.45%Total Rejected (All Time)17,648\n\n\n\n\nCVE rejections occur for several reasons:\n\n\n\n\n\n\nDuplicates: The same vulnerability assigned multiple CVE IDs\n\n\n\n\nDisputes: Vendor disagreement that the issue is a vulnerability\n\n\n\n\nInvalid: Not a security vulnerability or insufficient information\n\n\n\n\nWithdrawn: CVE withdrawn by the assigning CNA\n\n\n\n\n\n\n\n\n\n\nConclusions\n\n\n\n\nKey Takeaways from the First Half of 2026\n\n\n\n\n\n\nVolume keeps climbing: 35,364 CVEs in roughly six months, up 49.5% on the same window last year, with the full year projecting to 71,314-72,008.\n\n\n\n\nSeverity stays heavy: 17,375 CVEs (49.1%) are Critical or High.\n\n\n\n\nWeb and access-control flaws lead: XSS, Missing Authorization, SQL Injection, Path Traversal headline the CWE list. Memory-safety issues barely register in the top tier this half.\n\n\n\n\nThe CNA mix is shifting: platform teams and aggregators, not the original vendors, now top the assigner list, and the lineup reshuffled from a year ago.\n\n\n\n\nCoverage gaps persist: CVSS and CWE are well covered, but CPE sits at 59.0%, which still hampers automated matching.\n\n\n\n\nConfirmed exploitation stays rare (so far): just 85 of 35,364 H1 CVEs (0.24%) are in CISA KEV today, a floor that rises as the cohort ages. Volume is a triage problem, not a patch-everything problem.\n\n\n\n\n\nWhat this means for you\n\n\n\n\n\n\nIf you defend a network:&nbsp;do not let the raw count set your pace. Only&nbsp;0.24%&nbsp;of H1 CVEs are confirmed-exploited in KEV today, but KEV lags and is a floor, not the full risk picture. Lead with exploitability (KEV as a hard floor, EPSS with a threshold you pick), then weight by your own context: internet-facing and sensitive systems jump the queue regardless of score, and compliance SLAs (PCI, FedRAMP, and the like) still set hard clocks. Lower priority is not never, so park the rest in a managed cycle rather than ignoring it.\n\n\n\n\nIf you run a CNA:&nbsp;the leaderboard now runs through platforms, ecosystems, and research CNAs. Volume reflects scope, not padding; the differentiator that is still genuinely uneven is data quality, and the biggest gap, CPE coverage, is largely an NVD-side enrichment problem rather than a function of who assigned the CVE.\n\n\n\n\nIf you consume NVD data:&nbsp;enrichment is the bottleneck. CPE at 59.0% means nearly half of new CVEs lack a formal CPE, which complicates NVD-style automated matching (many CNAs still carry vendor/product strings), and volume only widens that gap.\n\n\n\n\n\nWhat I&#8217;m watching in H2\n\n\n\n\nMy call from the scorecard stands: 2026 closes nearer&nbsp;72,008&nbsp;than the&nbsp;90,831&nbsp;forecast. Two things would change my mind: a December disclosure surge bigger than 2025&#8217;s, or another OpenClaw-style project flooding the catalog. The year-end review settles it.\n\n\n\n\n\n\n\n\n\nMethodology and Reproducibility\n\n\n\n\nTwo primary data sources, plus two enrichment feeds:\n\n\n\n\n\n\nNVD JSON&nbsp;&#8211; National Vulnerability Database export from&nbsp;nvd.handsonhacking.org\n\n\n\n\nCVE List V5&nbsp;&#8211; Official CVE records from&nbsp;CVEProject/cvelistV5\n\n\n\n\nForecast\u00a0&#8211;\u00a0CVEForecast\u00a0full-year projection\n\n\n\n\nExploitation&nbsp;&#8211;&nbsp;CISA KEV catalog\n\n\n\n\n\nEverything here is reproducible. The full pipeline (Python, pandas, matplotlib) is on GitHub at\u00a0jgamblin/H12026CVEBlog, and it leans on the free CVE tooling I build at\u00a0RogoLabs:\u00a0cve.icu,\u00a0cnascorecard.org, and\u00a0cveforecast.org.\n\n\n\n\nData collected and analyzed on July 01, 2026.", "creation_timestamp": "2026-07-02T01:00:45.289208Z"}]}