Daily Security Briefing #286

June 15, 2026 | Read Online

China-nexus threat actor targets US medical research, AI-powered phishing surges, and critical vulnerabilities exposed…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. A China-nexus threat actor has been identified targeting institutions in the North American academic, medical, and military research community. Meanwhile, AI-powered phishing attacks are on the rise, particularly in the hospitality sector. Additionally, critical vulnerabilities have been exposed in CodeIgniter4 PHP framework.

Top Articles

Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research Google Threat Intelligence Group has identified a sophisticated campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical, and military research community. The threat actor compromised externally facing web applications, deployed bespoke malware, and abused enterprise administrative tools for covert data exfiltration. Google Cloud Blog

Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk Security leaders struggle to turn vulnerability data into clear and meaningful business risk. A typical CISO receives a report listing hundreds of vulnerabilities, most with CVSS scores that make the entire list look urgent. This article highlights the need for AI-powered solutions to translate CVEs into real-world business risk. Rapid7

The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? The National Cyber Security Centre (NCSC) is warning organisations to prepare for an unprecedented wave of vulnerability disclosures, driven by AI-accelerated exploitation of technical debt. This commentary sets out how Check Point Exposure Management helps government, public sector, and CNI organisations get ahead of it. Check Point Blog

Travel Phishing and Cyber Attacks are Surging in 2026 Cyber criminals are targeting travelers with phishing attacks, particularly in the hospitality sector. Check Point Research tracked the threat landscape heading into the 2026 summer travel season, and what they found should give travelers pause before they click “confirm booking.” Check Point Blog

Payroll Pirate Campaign Uses AiTM Session Hijacking to Bypass MFA and Redirect Salaries A financially motivated campaign dubbed “Payroll Pirate” has emerged using advanced phishing and adversary-in-the-middle (AiTM) session hijacking to bypass multifactor authentication (MFA) and reroute payroll disbursements. GBHackers

Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network A long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components. GBHackers

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). The Hacker News

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The Hacker News

Critical CodeIgniter File Upload Flaw Allows Validation Bypass, Risks Remote Code Execution A critical security vulnerability has been discovered in the CodeIgniter4 PHP framework, allowing attackers to bypass file upload validation and potentially achieve remote code execution (RCE) on affected web applications. CyberPress

The FCC Wants to Eliminate Burner Phones A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information about essentially all phone customers. Schneier Blog

Does Your Security Programme Align With NIS2 Requirements? If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors than its predecessor. Rapid7

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.