Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    County With 37 Data Centers Asks Schools to ‘Conserve Electricity’

    July 1, 2026

    Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

    July 1, 2026

    Building more resilient CNI: what industry pen testers told us

    July 1, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»InfoSec News Nuggets – 06/22/2026 – AboutDFIR
    News

    InfoSec News Nuggets – 06/22/2026 – AboutDFIR

    adminBy adminJune 22, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

    Canada’s Security Intelligence Service obtained a first-of-its-kind judicial warrant that permitted it to reach into infected servers, home routers, and IoT devices on Canadian soil — including Ring doorbells, security cameras, and smart TVs — and neutralize two foreign-run botnets without the owners’ knowledge or consent. Justice Catherine Kane granted the warrant in May 2024, renewed it in August, and issued her confidential reasoning in February 2026, but the ruling only entered public view this month after a redacted version was released. CSIS needed the court order because cleaning devices it doesn’t own would otherwise constitute computer mischief under Canadian criminal law, and the case sets a significant legal precedent for intelligence agencies using offensive-style remediation powers in peacetime, raising open questions about oversight, notification requirements, and the appropriate limits of state access to private devices.

     

    Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers

    Microsoft attributed the recent supply chain attack against the Mastra AI framework — in which more than 140 npm packages were backdoored with a cryptocurrency-stealing dependency — to Sapphire Sleet, a North Korean state-sponsored group also known as BlueNoroff that primarily targets the financial sector for cryptocurrency theft. The group compromised a single npm maintainer account with publishing privileges across the Mastra namespace and used it to inject a malicious dependency called “easy-day-js” into the package tree in an automated 88-minute campaign, dropping a RAT designed to steal credentials and crypto wallet data from developer environments. Microsoft also linked Sapphire Sleet to a separate April 2026 supply chain attack targeting the widely-used Axios HTTP client, suggesting the group is systematically targeting the npm ecosystem as a scalable vector for reaching developer machines that hold cloud credentials, API keys, and access to financial infrastructure.

     

    Britain’s Cyber Agency Warns AI-Written Code Could Create Security Disasters

    The UK’s National Cyber Security Centre published guidance this week warning that vibe coding — using AI agents to write entire applications with minimal developer oversight — introduces serious security risks that are not yet well understood, including insecure code patterns that experienced developers would catch but that AI models consistently miss. The NCSC is particularly concerned about applications where developers lack the skills to audit the generated code, leaving entire codebases that are functionally opaque to their own authors and therefore impossible to secure, maintain, or meaningfully test. The guidance stops short of recommending against vibe coding entirely, distinguishing between low-stakes proof-of-concept tools and production applications where the risk profile is fundamentally different, telling developers to calibrate their approach to “today’s reality, not tomorrow’s potential.”

     

    Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

    A critical unauthenticated remote code execution vulnerability in Splunk Enterprise tracked as CVE-2026-20253 was confirmed as exploited in the wild just two days after researchers at WatchTowr published a technical writeup and proof-of-concept exploit — a timeline that underscores how quickly sophisticated attackers now operationalize public vulnerability research. The flaw stems from a PostgreSQL sidecar service endpoint that exposes file operations to any network-reachable user without any authentication checks, and affects Splunk Enterprise versions 10.2 before 10.2.4 and 10.0 before 10.0.7. CISA added CVE-2026-20253 to its Known Exploited Vulnerabilities catalog on June 18 and ordered federal agencies to patch by June 21; organizations running affected versions should prioritize patching immediately given Splunk’s deep integration with security operations data and its privileged position inside enterprise networks.

     

    Asia-Pacific Scam Networks Generate Nearly $40 Billion a Year, INTERPOL Finds

    INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report found that cybercrime now accounts for more than 30% of all nationally recorded crimes in over half the surveyed jurisdictions across the region, with scam center networks — many operating with trafficked workers — generating an estimated $40 billion annually. The report documents a shift from opportunistic scamming toward industrialized operations backed by transnational criminal groups, with trafficking victims now sourced from nearly 80 nationalities and scam centers expanding beyond Southeast Asia into the Middle East and North Africa. INTERPOL notes that uneven cybersecurity maturity across the region continues to provide openings for threat actors, with rapid digital adoption outpacing defensive capabilities and regulatory frameworks in many countries.

     



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous Article‘We Will Fight to Our Very Last Breath:’ Township Leaders Vow to Fight Nuclear AI Data Center
    Next Article Microsoft says Windows 11 26H2 is coming soon, details upgrade process
    admin
    • Website

    Related Posts

    News

    County With 37 Data Centers Asks Schools to ‘Conserve Electricity’

    July 1, 2026
    News

    Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

    July 1, 2026
    News

    Building more resilient CNI: what industry pen testers told us

    July 1, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Our Picks

    County With 37 Data Centers Asks Schools to ‘Conserve Electricity’

    July 1, 2026

    Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

    July 1, 2026

    Building more resilient CNI: what industry pen testers told us

    July 1, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.