Infosec News Nuggets — June 23, 2026

By MaryOn June 23, 2026 Five Eyes intelligence alliance warns of threats from new AI models — The intelligence-sharing alliance comprising the US, UK, Canada, Australia, and New Zealand issued an urgent call to action today, warning that frontier AI models are “fundamentally transforming” offensive cyber capabilities and that the threat timeline is “not years, it is months.” The three-page statement urges organizations to accelerate patching, adopt AI-powered defenses, and prioritize foundational cybersecurity practices — with CISA having already reduced the deadline for government agencies to address critical vulnerabilities to just three days, citing AI-amplified exploitation risk.   New unpatchable exploit targets Apple devices with A12 and A13 chips — Researchers at Paradigm Shift have published details on “usbliter8,” a BootROM vulnerability affecting Apple’s A12 and A13 chips — covering devices including the iPhone XR, XS, and the full iPhone 11 lineup, several iPad models, and Apple Watch Series 4 and 5. The exploit leverages a hardware bug in the USB controller combined with a firmware flaw, enabling arbitrary code execution before iOS even loads, and because it lives in the chip itself, it cannot be patched with a software update. The Secure Enclave remains unaffected, but researchers note the exploit opens wider attack vectors and recommend migrating to A14 or newer hardware as the only reliable mitigation.   29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests — A heap buffer overread lurking in Squid Proxy’s FTP gateway since a 1997 commit has been disclosed as CVE-2026-47729, dubbed “Squidbleed” for its resemblance to the Heartbleed memory leak — and it exposes other users’ cleartext HTTP traffic, including Authorization headers, cookies, and session tokens, to anyone else permitted on the same proxy. The bug, surfaced by an AI model reviewing decades-old FTP parsing code, affects Squid in its default configuration on shared networks like schools, offices, and public Wi-Fi; a fix is scheduled for Squid 7.7, but the simplest mitigation is to disable FTP entirely, since most networks carry virtually none of it.   Microsoft links Mastra AI supply chain attack to North Korean hackers — Microsoft has attributed a sophisticated npm supply chain attack targeting the Mastra AI framework to Sapphire Sleet (BlueNoroff), a North Korean state actor, after the group compromised an npm maintainer account and published malicious updates to over 140 packages in an 88-minute automated campaign. The poisoned packages injected a fake dependency that triggered a postinstall hook deploying cross-platform malware designed to steal credentials, API keys, authentication tokens, and cryptocurrency wallet data across Windows, Linux, and macOS — with follow-on activity including a PowerShell backdoor, privilege escalation, and Microsoft Defender exclusions on affected systems.   French government messaging platform breached through account hijacking — Tchap, the French government’s Matrix-protocol messaging platform used by civil servants and public agencies, was breached on June 7 after attackers social-engineered their way into an account linked to the platform’s education environment, gaining access to unencrypted public chat rooms. While French authorities (DINUM and ANSSI) described the scope as limited to public rooms not covered by end-to-end encryption, an unverified claim by the alleged attacker put the haul at 73,467 user accounts, 643,459 messages, and 13.5 GB of data including media files and references to documents classified as “Diffusion Restreinte” — France’s restricted-distribution designation. CATEGORIESInfoSec News Nuggets TAGSAboutDFIRnews nuggetsTchapusbliter8 SHARE FACEBOOK TWITTER LINKEDIN PINTEREST STUMBLEUPON EMAIL