Apple Fixes Beats Eavesdropping Flaw, DOT Ends Delta CrowdStrike Probe, AWS Continuum Updates

Post Views: 1

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.

10-year-old phpBB flaw enables session hijacking

A critical authentication bypass vulnerability was identified in phpBB versions up to 3.3.16 and 4.0.0-a2. Exploitation requires a single unauthenticated HTTP request to impersonate any user, including administrators, granting access to private messages, forum content, and full administrative control. Affected users are advised to upgrade immediately to 3.3.17 or the latest master branch. The flaw, reported through HackerOne, received a patch within days, but thousands of active forums remain vulnerable.

Velvet Ant maintained decade-long stealth in air-gapped critical infrastructure

A China-linked threat group, Velvet Ant, infiltrated an organization’s isolated network as early as 2016. The actors leveraged internet-facing entry points, Nginx/FastCGI proxies, and compromised PAM/OpenSSH components to steal credentials and establish persistent access. The group deployed variants of GS-Netcat, SOCKS5 proxies, and nine pam_unix.so backdoors across systems. Mitigation efforts proved complex due to the sophistication of the attack chain.

MaXSS and Spyder flaws expose 10 million Chrome users to hacking

Critical vulnerabilities in SiderAI (Spyder) and MaxAI (MaXSS) agentic side-panel Chrome extensions allow malicious websites to trigger arbitrary extension actions, including hidden tab screenshots, AI memory dumps, and potential file access. With over 10 million combined installations and no vendor response, the flaws enable full browser session compromise and account takeovers without user interaction. Users are urged to remove the extensions until fixes are available.

AWS unveils Continuum

Amazon Web Services launched a new AI-powered tool designed to help organizations identify, prioritize, validate, and resolve vulnerabilities. Available in a gated preview, Continuum aggregates findings from existing tools and its own scans, prioritizing them based on exploitability within the user’s environment.

1.2 million WordPress sites compromised in OptinMonster supply chain attack

Attackers injected malicious JavaScript into CDN scripts for the OptinMonster, TrustPulse, and PushEngage WordPress plugins. The payload targets logged-in administrators, creating rogue accounts and deploying a hidden backdoor plugin. The breach originated from a compromised UpdraftPlus instance and CDN key, affecting over 1.2 million sites.

FTC says imposter scams cost Americans $3.5 billion in 2025

The Federal Trade Commission reported imposter scams as the leading fraud category, with losses nearly tripling since 2020. Bank and government impersonation schemes drove most of the damage, often through fake security alerts urging money transfers. Total fraud losses reached a record $16 billion. The agency continues enforcement under its Impersonation Rule and supports public awareness campaigns.

US DOT closes investigation into Delta’s 2024 CrowdStrike outage response

The Department of Transportation concluded its probe into Delta’s response to the global CrowdStrike incident without imposing penalties. Investigators found the airline provided adequate refunds, baggage assistance, and support for passengers with disabilities. This aligns with the administration’s shift away from certain Biden-era consumer protection enforcement measures.

JetBrains Marketplace plugins steal developer AI keys

At least 15 malicious AI coding assistant plugins, published in the JetBrains Marketplace under various vendor accounts, exfiltrate OpenAI, DeepSeek, and similar API keys. The plugins, which have accumulated nearly 70,000 installs, send credentials in plaintext to a hardcoded attacker server. They also resell stolen access to paying users.

Apple releases Beats firmware fixing unauthenticated mic access

The Beats Studio Buds firmware update 1B211 addresses CVE-2025-20701, which allowed nearby attackers to eavesdrop via the microphone on unpaired devices actively seeking connections. Updates apply automatically when paired with Apple devices. CVE-2025-20701 is one of three Bluetooth security issues disclosed last year, impacting devices from multiple major vendors.

Popa botnet tied to Israeli proxy provider

Researchers linked the large Popa Android TV box botnet, used for residential proxy traffic in ad fraud and scraping, to NetNut, operated by Israeli company Alarum Technologies. An SDK turns compromised streaming devices into persistent proxies, involving millions of IPs daily. The operation raises concerns about local network exposure and ties to data scraping. NetNut and Alarum dispute the allegations, calling them “demonstrably inaccurate assertions.”

GCP Config Connector enables org-wide IAM owner takeover

A confused deputy vulnerability in Config Connector allows any Kubernetes namespace user to escalate privileges to GCP Organization Owner by submitting a malicious IAMPolicyMember. Google acknowledged the issue internally as P1/S1 but later classified it as “working as intended” and left it unpatched. The flaw affects organizations using the service for enterprise-level management.

ShinyHunters leaks Knicks and MSG talent and customer data

Hackers published Madison Square Garden data, including details on Knicks-related “talent” (players, coaches, celebrities) with risk assessments, addresses, and contact information, along with customer correspondence. The leak follows a June 5 breach and aligns with ShinyHunters’ pattern of public disclosures to pressure victims.

SecurityWeek News

Latest News

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor
FortiBleed: 86,000 Fortinet Device Credentials Compromised
Cybersecurity Firms Impacted by Klue Supply Chain Attack
Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC
15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
Majority of Internet-Accessible REDCap Servers Outdated
Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push

Daily Briefing Newsletter

June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live Register June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live Register

People on the Move

SolarWinds has appointed Justin Henkel as Chief Information Security Officer. J. Paul Haynes has joined Cinchy as Chief Executive Officer. Hatem Naguib has become Chief Executive Officer at Sysdig.

Expert Insights

No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley)

After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb)

Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au)

The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)

Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael)