4 min read

Threat Report 7/17/26

Threat Report 7/17/26

Multiple Google Chrome Vulnerabilities Could Allow Attackers to Execute Malicious Code

 

Google has released security updates to address multiple vulnerabilities in Google Chrome. The most serious of these flaws could allow an attacker to execute arbitrary code on a vulnerable system simply by convincing a user to visit a malicious website.

If successfully exploited, an attacker could gain the same permissions as the logged-in user. Depending on the user's privilege level, this could allow the attacker to:

  • Install malicious programs
  • View, modify, or delete data
  • Create new user accounts with administrative privileges

Systems where users operate with administrative rights face a greater risk than those following the Principle of Least Privilege.

 
Affected Systems
  • Google Chrome prior to 150.0.7871.46/47 for Windows and macOS
  • Google Chrome prior to 150.0.7871.46 for Linux
Risk
  • Large and Medium Businesses: High
  • Small Businesses: High
Remediation Recommendations
  • Update Google Chrome to the latest available version on all Windows, macOS, and Linux systems.
  • Apply the Principle of Least Privilege by limiting administrative access to only those users who require it.
Reference

Google Chrome Releases Blog:
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html

 



 


Multiple Adobe Vulnerabilities Could Allow Attackers
to Execute Malicious Code

 

Adobe has released security updates to address multiple vulnerabilities affecting Adobe Campaign Classic and Adobe ColdFusion. The most serious of these vulnerabilities could allow an attacker to execute arbitrary code on a vulnerable system.

Adobe Campaign Classic is an enterprise marketing automation platform used to manage personalized, cross-channel marketing campaigns. Adobe ColdFusion is a web application development platform used to build and deploy dynamic web and mobile applications.

If successfully exploited, an attacker could gain the same permissions as the logged-in user. Depending on the user's privilege level, this could allow the attacker to:

  • Install malicious programs
  • View, modify, or delete data
  • Create new user accounts with administrative privileges

Systems where users operate with administrative rights face a greater risk than those following the Principle of Least Privilege.

 
Affected Systems

Adobe Campaign Classic

  • Version 7.4.3 Build 9396 and earlier

Adobe ColdFusion

  • ColdFusion 2025 Update 9 and earlier
  • ColdFusion 2023 Update 20 and earlier
Risk
  • Large and Medium Businesses: High
  • Small Businesses: Medium
Remediation Recommendations
  • Update Adobe Campaign Classic and Adobe ColdFusion to the latest supported versions.
  • Apply the Principle of Least Privilege by limiting administrative access to only those users who require it.
References


Multiple Mozilla Vulnerabilities Could Allow Attackers
to Execute Malicious Code

 

Mozilla has released security updates to address multiple vulnerabilities affecting Firefox and Thunderbird. The most serious of these vulnerabilities could allow an attacker to execute arbitrary code on a vulnerable system.

If successfully exploited, an attacker could gain the same permissions as the logged-in user. Depending on the user's privilege level, this could allow the attacker to:

  • Install malicious programs
  • View, modify, or delete data
  • Create new user accounts with administrative privileges

Systems where users operate with administrative rights face a greater risk than those following the Principle of Least Privilege.

 

Affected Systems

Mozilla Firefox

  • Versions prior to 152.0.4

Mozilla Thunderbird

  • Versions prior to 152.0.1
  • Versions prior to 140.12.1
Risk
  • Large and Medium Businesses: High
  • Small Businesses: Medium
Remediation Recommendations
  • Update all installations of Mozilla Firefox and Thunderbird to the latest available versions.
  • Apply the Principle of Least Privilege by limiting administrative access to only those users who require it.
References

 


New macOS Infostealer Disguises Itself
as a Clipboard Manager

 

Security researchers at Jamf have identified a new macOS information-stealing malware, dubbed PamStealer, that disguises itself as the legitimate open-source clipboard manager Maccy.

The malware is distributed through social engineering, using a fake installer that appears legitimate while concealing its malicious code beneath a large block of blank lines. This technique makes the malicious content more difficult for users to notice.

Once launched, PamStealer displays what looks like a legitimate macOS system password prompt, asking the user to authorize changes. Unlike many credential-stealing attacks, the malware verifies the password locally using macOS's Pluggable Authentication Modules (PAM). If the password is incorrect, the prompt continues to appear until the correct password is entered.

By confirming that stolen credentials are valid before transmitting them, PamStealer increases the likelihood that attackers can successfully access the victim's accounts or systems.

Key Takeaways
  • The malware impersonates the trusted Maccy clipboard manager.
  • It is delivered through social engineering using a fake installer.
  • A convincing macOS password prompt is used to steal credentials.
  • Stolen passwords are validated locally before being sent to attackers, making the attack more effective.

Organizations should remind users to download software only from trusted sources, verify application installers, and be cautious of unexpected password prompts requesting administrative credentials.

 


Cisco Confirms Active Exploitation of Critical Unified Communications Manager Vulnerability

Cisco has confirmed that threat actors are actively exploiting a critical vulnerability (CVE-2026-20230) affecting Cisco Unified Communications Manager (Unified CM).

The vulnerability is a Server-Side Request Forgery (SSRF) flaw that can allow an attacker to escalate privileges and gain root-level access to a vulnerable system.

Security researchers first observed active exploitation in mid-June 2026, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on June 25, 2026, highlighting the need for immediate remediation.

Cisco has updated its security advisory to confirm the ongoing attacks and strongly recommends that all affected customers upgrade to a patched software release as soon as possible.

Key Takeaways
  • CVE-2026-20230 is being actively exploited in the wild.
  • The vulnerability affects Cisco Unified Communications Manager (Unified CM).
  • Successful exploitation could allow attackers to gain root-level privileges.
  • CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, emphasizing the urgency of applying updates.

Organizations using Cisco Unified CM should immediately verify their software versions, apply Cisco's security updates, and prioritize remediation of internet-facing or business-critical systems.


 

Threat Report 1/26/26

1 min read

Threat Report 1/26/26

Microsoft Product Vulnerabilities Multiple security vulnerabilities have been identified across Microsoft products. The most critical issues could...

Read More
Threat Report 9/12/25

1 min read

Threat Report 9/12/25

Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...

Read More
Threat Report 10/14/25

1 min read

Threat Report 10/14/25

Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...

Read More