CISO Daily Digest: Cybersecurity Roundup (20260529)
A critical remote code execution vulnerability in Gogs was disclosed, threat actors actively exploited a FortiClient EMS flaw to deploy credential-stealing malware, Google released Chrome 148 fixing over 150 vulnerabilities, the Fluffy Wolf APT group targeted Russian organizations, and a hacker put 340 million OnlyFans user records up for sale.
Critical Gogs RCE, FortiClient EMS Exploit, Chrome 148 Fixes 150+ Vulns, and Fluffy Wolf Malware
- A critical remote code execution vulnerability in Gogs was disclosed, allowing any authenticated user to execute arbitrary code on the server
- Threat actors actively exploited a critical FortiClient EMS flaw to deploy credential-stealing malware
- Google released Chrome 148 fixing over 150 security vulnerabilities, one of the largest Chrome security updates
π εθθ³ζοΌ ηΆεε ±ε°οΌCritical Gogs RCEγFortiClient EMS ExploitγChrome 148 UpdateοΌ
ζ¬ι±ζ΄»θΊε¨θ
π Fluffy Wolf APT Attacks Russian Companies with New Malware
The cyberespionage group Fluffy Wolf targeted Russian organizations with new malware variants, deploying sophisticated backdoors for persistent access.
π Reference: xakep.ru
π Dutch Raid Fails to Dent Russian Bulletproof Hosting Service
Dark Reading reported that a Dutch police raid had limited impact on a Russian bulletproof hosting service used extensively by cybercriminals.
π Reference: Dark Reading
π UAT-8616 Targets Cisco Catalyst SD-WAN with Critical-Rated Exploit
A threat group tracked as UAT-8616 launched attacks exploiting a critical vulnerability in Cisco Catalyst SD-WAN, as warned by TW-CERT.
π Reference: TW-CERT
π EU Cyber Resilience Act Enters Mandatory Compliance Phase with SBOM Requirements
The EUβs Cyber Resilience Act entered its mandatory compliance phase, requiring connected device manufacturers worldwide to adopt SBOM management practices.
π Reference: TW-CERT
π Device Code Phishing Emerges as Growing Threat to Organizations
TW-CERT warned about the rising threat of device code flow phishing attacks targeting enterprises, with attackers bypassing traditional authentication controls.
π Reference: TW-CERT
π OnlyFans Data Leak: Hacker Sells 340 Million User Records
A hacker is selling a database of 340 million OnlyFans user records, one of the largest credential/data leaks of the year.
π Reference: xakep.ru
π JPCERT/JP Weekly Report Covers Drupal SQLi, Cisco, Splunk, BIND, Chrome and More
JPCERTβs weekly vulnerability report covered SQL injection in Drupal core and multiple vulnerabilities in Cisco, Splunk, BIND, PowerDNS, Chrome, Mozilla, Atlassian, and FreePBX products.
π Reference: JPCERT
π GitLab 19.0 Introduces SBOM Dependency Scanning for Indirect Vulnerabilities
GitLab 19.0 launched with SBOM dependency scanning capabilities, enabling organizations to detect vulnerabilities in indirect dependencies.
π Reference: iThome