[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVv1LSD-N7n7NsrpBrWdOPlfZVZ7MozvGOG8jjisP0_Q":3},{"article":4,"iocs":55},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"1afbb6d1-6fe3-4ba7-8d9c-33cb45790c85","In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum","in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrik-1d6e27","Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover. The post In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum appeared first on SecurityWeek.","This week's cybersecurity news roundup highlights several critical vulnerabilities, including an authentication bypass in phpBB and flaws in Chrome extensions MaXSS and Spyder affecting millions of users. Nation-state actor Velvet Ant maintained a decade-long stealthy presence in air-gapped critical infrastructure, while a supply chain attack on OptinMonster compromised over 1.2 million WordPress sites. Additionally, malicious plugins in the JetBrains Marketplace were found to steal developer API keys, and FTC reported significant losses from imposter scams.","Weekly cybersecurity news roundup covers phpBB flaw, Velvet Ant stealth, Chrome extension flaws, AWS Continuum,","SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: 10-year-old phpBB flaw enables session hijacking Researchers uncovered a critical authentication bypass in phpBB versions up to 3.3.16 and 4.0.0-a2. A single unauthenticated HTTP request can impersonate any user, including admins, exposing private messages and forum content, and providing full administrative control. phpBB users should upgrade immediately to 3.3.17 or the latest master branch. The issue, reported via HackerOne, received a patch within days, but thousands of active forums remain exposed. Advertisement. Scroll to continue reading. Velvet Ant maintained decade-long stealth in air-gapped critical infrastructure China-nexus actor Velvet Ant compromised an organization’s segregated network starting around 2016. It chained internet-facing footholds, Nginx\u002FFastCGI proxies, and backdoored PAM\u002FOpenSSH components for credential theft and persistent access. The group deployed variants of GS-Netcat, SOCKS5 proxies, and nine pam_unix.so backdoors across hosts. Remediation proved complex. MaXSS and Spyder flaws expose 10 million Chrome users to hacking Critical vulnerabilities in SiderAI (Spyder) and MaxAI (MaXSS) agentic side-panel Chrome extensions can allow malicious websites to trigger arbitrary extension actions, including hidden tab screenshots, AI memory dumps, and potential file access. With over 10 million combined installs and no vendor response, the issues enable full browser session compromise and account takeovers without user interaction. Users should remove the extensions until fixed. AWS unveils Continuum AWS has announced a new AI-powered tool designed to help organizations discover, prioritize, validate, and resolve vulnerabilities. Available in gated preview, Continuum takes findings from existing tools and its own scanning, prioritizing them based on exploitability in the user’s own environment. 1.2 million WordPress sites compromised in OptinMonster supply chain attack Attackers injected malicious JavaScript into Awesome Motive’s OptinMonster, TrustPulse, and PushEngage WordPress plugin CDN scripts. The payload activates for logged-in admins, creating rogue administrator accounts and a hidden backdoor plugin. The breach stemmed from a compromised UpdraftPlus instance and CDN key. The supply chain attack is believed to have hit more than 1.2 million WordPress sites. FTC says imposter scams cost Americans $3.5 billion in 2025 The FTC reported imposter scams as the most common fraud category, with losses nearly tripling since 2020. Bank and government impersonation schemes drove the bulk of the damage, often via fake security alerts urging money transfers. Overall fraud losses hit a record $16 billion. The agency continues enforcement under its Impersonation Rule and supports public awareness campaigns. US DOT closes investigation into Delta’s 2024 CrowdStrike outage response The Department of Transportation ended its probe into Delta’s prolonged recovery from the global CrowdStrike incident without penalties. Investigators found the airline provided adequate refunds, baggage help, and support for passengers with disabilities. This aligns with the current administration’s shift away from certain Biden-era consumer protection enforcement approaches. JetBrains Marketplace plugins steal developer AI keys At least 15 malicious AI coding assistant plugins, published in the JetBrains Marketplace under various vendor accounts, exfiltrate OpenAI, DeepSeek, and similar API keys. The plugins have racked up nearly 70,000 installs while functioning as advertised. Keys are sent in plaintext to a hardcoded attacker server. The plugins also appear to resell stolen access to paying users. Apple releases Beats firmware fixing unauthenticated mic access Beats Studio Buds firmware update 1B211 patches CVE-2025-20701, which allowed nearby attackers to listen via the microphone on unpaired devices actively seeking connections. Updates apply automatically when paired with Apple devices. CVE-2025-20701 is one of three Bluetooth security issues disclosed last year, which have been found to impact devices from several major vendors. Popa botnet tied to Israeli proxy provider Researchers linked the large Popa Android TV box botnet — used for residential proxy traffic in ad fraud and scraping — to NetNut, operated by publicly traded Israeli company Alarum Technologies. Researchers said an SDK turns compromised streaming devices into persistent proxies. The operation involves millions of IPs daily and raises concerns about local network exposure and ties to data scraping. NetNut and Alarum have disputed the allegations calling them “demonstrably inaccurate assertions and flawed deductions rather than verified facts.” GCP Config Connector enables org-wide IAM owner takeover A confused deputy vulnerability in Config Connector lets any Kubernetes namespace user escalate to GCP Organization Owner by submitting a malicious IAMPolicyMember. Google acknowledged the issue internally as P1\u002FS1 but later classified it as “working as intended” and left it unpatched. The bypass affects organizations using the service for organization-level management. ShinyHunters leaks Knicks and MSG talent and customer data Hackers published Madison Square Garden data, including details on Knicks-related “talent” (players, coaches, celebrities) with risk assessments, addresses, and contact info, along with customer correspondence. The dump follows a June 5 breach. ShinyHunters continues its pattern of public leaks to pressure victims. Related: In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine Related: In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA Written By SecurityWeek News Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from SecurityWeek News Webinar Today: How Modern Breaches Bypass MFA and Evade DetectionEndpoint Security Startup Ent Emerges From Stealth With $100 Million Seed RoundIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang FineCISO Forum Webinar Today: 2026 Mid-Year ReviewA Security Raises $37 Million for Autonomous Offensive Security PlatformIn Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISAIndustry Reactions to New Trump AI Cybersecurity Executive Order: Feedback FridayWebinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond Latest News CryptoBandits Malware Doubles as a Backdoor, Abuses TorFortiBleed: 86,000 Fortinet Device Credentials CompromisedCybersecurity Firms Impacted by Klue Supply Chain AttackCisco to Acquire WideField Security to Boost Splunk’s Agentic SOC15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown Splunk Enterprise Vulnerability Exploited in Attacks Days After DisclosureMajority of Internet-Accessible REDCap Servers OutdatedAccenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weakn","https:\u002F\u002Fwww.securityweek.com\u002Fin-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrike-probe-aws-continuum\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F10\u002Fcybersecurity-news.jpg","2026-06-19T15:23:36+00:00","2026-06-19T16:00:09.983598+00:00",8,[18,21,24,26,28,30],{"name":19,"type":20},"phpBB","product",{"name":22,"type":23},"Velvet Ant","threat_actor",{"name":25,"type":20},"MaXSS",{"name":27,"type":20},"MaxAI",{"name":29,"type":20},"SiderAI",{"name":31,"type":20},"Spyder","e7b231c8-5f79-4465-8d38-1ef13aea5a14",{"id":32,"icon":34,"name":35,"slug":36},null,"Threat Intelligence","threat-intelligence",[38,43,48,53],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":44},{"id":45,"icon":34,"name":46,"slug":47},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":49},{"id":50,"icon":34,"name":51,"slug":52},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",{"category":54},{"id":32,"icon":34,"name":35,"slug":36},[56,60,63],{"type":57,"value":58,"context":59},"malware","GS-Netcat","Variant deployed by Velvet Ant actor",{"type":57,"value":61,"context":62},"SOCKS5 proxies","Deployed by Velvet Ant actor",{"type":57,"value":64,"context":65},"pam_unix.so backdoors","Nine variants deployed by Velvet Ant actor"]