Security insights, vulnerability roundups, and updates from the Agent Breach team.
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.
Ubuntu security patches address four vulnerabilities in xrdp remote desktop software, including a critical bounds-checking flaw that enables arbitrary code execution and authentication bypass issues. Organizations running xrdp should prioritize updates to mitigate remote exploitation risks.
Ubuntu security updates address three critical AMD processor vulnerabilities that could allow local attackers to leak privileged information and compromise cryptographic randomness. Organizations running AMD-based infrastructure should prioritize patching.
A newly discovered vulnerability in tar enables attackers to inject hidden files into archives, circumventing pre-extraction inspection mechanisms. Organizations using tar for deployment pipelines and software distribution should apply the Ubuntu security update immediately.
ESET researchers played a key role in Operation Endgame, a coordinated international effort to dismantle the Amadey botnet and Stealc infostealer malware. The operation combined technical analysis, infrastructure tracking, and affiliate intelligence to disrupt these widespread threats.
Researchers have identified a critical CI/CD workflow vulnerability pattern affecting major organizations like Microsoft and Google. The Cordyceps flaw enables attackers to hijack repositories and compromise open-source supply chains at scale.
A major coordinated takedown involving Europol, Bitdefender, Microsoft, and other security firms has disrupted criminal infrastructure used to distribute Amadey and StealC malware. The operation recovered 27 million stolen credentials and targeted the malware supply chains fueling ransomware and financial fraud campaigns.
CISA has issued an urgent warning about CVE-2025-67038, a critical code injection vulnerability in Lantronix EDS5000 Series devices that is being actively exploited in the wild. Federal agencies must patch by June 26, 2026, to mitigate remote code execution risks.
A high-severity vulnerability in Cisco Catalyst SD-WAN was actively exploited as a zero-day for at least two months before public disclosure, according to Mandiant research. The flaw allows authenticated local attackers to execute arbitrary commands with root privileges.
GitHub is reinforcing software supply chain security by updating its official actions/checkout action to block pwn request attacks that exploit pull_request_target workflows. The defensive update, effective June 18, 2026, prevents attackers from executing malicious code with elevated workflow privileges.
President Trump's executive order mandates that U.S. federal agencies transition high-value systems to post-quantum cryptography by 2030, addressing threats from quantum computing. The directive establishes separate timelines for encryption keys and digital signatures, reshaping federal security infrastructure.