
Loading summary
A
From the CISO series, it's Cybersecurity Headlines
B
these are the cybersecurity headlines for Monday, June 29, 2026. I'm Steve Prentiss. CISA sets urgent deadline to fix exploited Cisco flaw Following up on a story we covered in early June, CISA gave federal agencies until Sunday yesterday to patch a vulnerability in Cisco UN Communications Manager server. This CVE numbered vulnerability involves server side request forgery and is being actively exploited. The remediation is deemed urgent and Cisco released a patch on June 3. Chinese cybersecurity company claims it has a better than Mythos bug finder this statement comes from Chinese cybersecurity vendor Kihu360. The model was revealed at the company's 14th Beijing Cybersecurity Conference, describing Mythos as equivalent to a cyber nuclear weapon because of the USA's ban on foreign nationals accessing the model. Kihu CEO Zhong Hongyi said his company's approach was rather than build on a strategy of sheer brute force, it will use alternative methods by distilling its 20 years of experience fighting cyber threats and colossal malware library into security specific models and agents. The company has put that to work in what Zhu described as a multi agent swarm. The technique named to Longfang is apparently already finding flaws in open source and commercial software. Amazon Q flaw enables cloud credential theft Researchers at Wiz have disclosed a high severity vulnerability in the AI Powered Coding Assistant Amazon Q developer extension for Visual Studio code that could allow attackers to steal developers cloud credentials by luring them into opening a booby trapped code repository. AWS learned about the issue on April 20th and released a patch on May 12th. QUOTE the Root cause of the vulnerability was that the extension would automatically act on configuration files embedded in a workspace without first asking the user for permission, meaning a malicious repository could quietly run attacker controlled commands in the background the moment a developer opened it, gaining access to whatever cloud credentials and API keys were loaded in their environment at the time. End quote Clean GitHub repo tricks AI coding agents into running malware Researchers at Mozilla's zero Day Investigative Network are warning of an agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository that could execute a malicious payload that remains invisible to security scanners and AI agents and human reviewers. They demonstrated how an attacker could plant an interactive shell on a developer's device by using claude code to run a cloned project running with the developers privileges, giving them access to environment variables, API keys, local configuration files and the opportunity to establish persistence. A link to the Bleeping Computers story that expands upon this proof of concept is available in the show Notes to this episode. Huge thanks to our sponsor Silent Push Most cybersecurity approaches are completely reactive. Victim organizations are hit with an attack and the chase ensues. Silent Push closes this gap with its preemptive cyber defense platform. Silent Push tracks adversary infrastructure and infrastructure changes across the Internet during the attack preparation phase while attackers are still staging domains, IPs and hosting, and Silent Push turns that into indicators of future attack to defend with confidence. For a CISO that turns invisible risk into early warning. An average of 140 days before a campaign shows up in your environment, time to act, and a smaller window of exposure before a threat ever reaches your environment. Learn more at Silent Push. FCC passes new cybersecurity rules for emergency systems in undersea cables these rules were approved on Thursday by the FCC and are intended to boost cybersecurity regulations for the nation's emergency alert systems and update security rules for the nation's undersea cables. The rules will allow for improvements in the two national emergency systems, the Emergency Alert System and Wireless Emergency Alerts, to better protect against hijacking attacks from malicious actors. These systems are used by state and local authorities to broadcast urgencies such as weather alerts and Amber Alerts. The FCC points out that a compromise of either system by a foreign government, cybercriminal group or other rogue actor could be used to sow chaos and disinformation or impede coordination efforts in the face of a genuine emergency. Ukraine says Russian intelligence used to fake support texts to steal messaging credentials. The country's security service has said that it has been working with the FBI and together have uncovered a long running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians and activists in Ukraine, Europe and the U.S. these attacks are designed to steal sensitive military, political and economic information as well as personal data. The technique used in this campaign was to send SMS messages that masquerade as the messaging platform's support bot, urging users to disclose their account credentials. Another Russian dairy company reportedly suffers cyberattack. This attack has slowed things down for Ufa Gormozavod, a dairy producer in Russia's eastern republic of Bashkortostan, forcing the company to go back to pen and paper. The company produces dairy products such as cottage cheese, butter and yogurt. No mention has been made of who is behind this attack, whether any data has been compromised or when the company expects to restore its IT systems. This incident is the latest in a series of cyber disruptions affecting Russia's dairy sector. Hospitality sector hit by phishing campaign using fake guest complaint emails through Calendly Not a new technique, but a new campaign in this warning from Microsoft's Threat Intelligence Group about a campaign that targets the hospitality sector with fake guest emails that install the ton rat using resilient persistence. This particular campaign has been running since April of this year. The targets are specific devices within environments with names such as reception, front desk and reservations, a technique that Microsoft calls authentication laundering. Taking advantage of Calendly's email notification system, emails arrive with the display name Booking Manager via Calendly and carry fake complaint messages about bed bug infestations and other worrisome situations. The researchers point out that the messages in this campaign have no recipient name and no property name, suggesting it to be a high volume list driven attack rather than tailored spear phishing. If you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.
Podcast: Cybersecurity Headlines (CISO Series)
Episode: CISA's Cisco deadline, China's Mythos competitor, Amazon Q flaw
Date: June 29, 2026
Host: Steve Prentiss
This episode covers the most pressing cybersecurity developments as of June 29, 2026. Stories discussed include CISA’s urgent deadline for patching a critical Cisco vulnerability, China’s new AI-driven bug-finding model, a major flaw in Amazon’s Q developer extension, a demonstration of new risks from code cloning on GitHub, FCC’s updated cybersecurity rules, cyber-espionage targeting Ukrainian officials, another attack on a Russian dairy company, and an inventive phishing campaign striking the hospitality industry. The episode delivers actionable insights, fresh threat intelligence, and takes a global look at the evolving security landscape.
On the seriousness of Mythos:
"Mythos as equivalent to a cyber nuclear weapon because of the USA's ban on foreign nationals accessing the model."
— Kihu360 CEO Zhong Hongyi, (01:24)
On the Amazon Q flaw:
“The root cause of the vulnerability was that the extension would automatically act on configuration files embedded in a workspace without first asking the user for permission...”
— Wiz researchers, (02:40)
On emergency alert system threats:
“A compromise of either system by a foreign government, cybercriminal group or other rogue actor could be used to sow chaos and disinformation or impede coordination efforts in the face of a genuine emergency.”
— Host Steve Prentiss, summarizing FCC concerns, (05:19)
On the evolving threat to developers:
“...an attacker could plant an interactive shell on a developer's device by using Claude code to run a cloned project running with the developers privileges, giving them access to environment variables, API keys, local configuration files and the opportunity to establish persistence.”
— Mozilla's Zero Day Investigative Network, (04:06)
| Time | Segment | |----------|----------------------------------------------------------------------| | 00:43 | CISA’s urgent Cisco patch mandate details | | 01:14 | Kihu360 announces Longfang, China’s Mythos competitor | | 02:21 | Wiz researchers detail Amazon Q extension vulnerability | | 03:50 | Mozilla demonstrates GitHub repo attack on code agents | | 05:09 | FCC announces new emergency alert and cable cybersecurity rules | | 05:52 | Ukraine details Russian intelligence SMS phishing campaign | | 06:41 | Update on Russian dairy sector attacks | | 07:29 | Microsoft exposes Calendly-based phishing in hospitality sector |
This episode distills a range of high-stakes developments in cybersecurity, with particular focus on emerging AI vulnerabilities, evolving phishing techniques, regulatory policy changes, and persistent threats from global actors. The combination of technical vulnerabilities and social engineering underscores the multifaceted nature of contemporary cyber risks.
For more in-depth analysis and links to source articles, listeners are encouraged to visit CISOseries.com.