Daily Security Briefing #290
- DjediTech
- Security , Newsletter
- June 19, 2026
Table of Contents
June 19, 2026 | Read Online
Critical Chrome Extension Vulnerabilities, AI-powered browser compromise, Amazon Prime Day scams, and more…
Executive Summary
Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. The recent Anthropic Fable model classification highlights the need for clear regulations on AI development. Meanwhile, critical vulnerabilities in widely used Chrome extensions have been exposed, putting millions of users at risk. Additionally, Amazon Prime Day is expected to bring a surge in online shopping, but also an increase in scams and cyber threats.
Top Articles
Anthropic’s Fable and the State of AI The US government’s classification of Anthropic’s Fable generative AI model as a dangerous munition has sparked debate on AI regulations. The model’s shutdown highlights the need for clear guidelines on AI development. Schneier
Critical Chrome Extension Vulnerabilities Let Attackers Easily Compromise Browsers A critical security flaw in widely used Chrome extensions, SiderAI and MaxAI, exposes millions of users to the risk of full browser compromise. The vulnerabilities affect popular AI-powered extensions with over 10 million installations. GBHackers
Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams As Amazon Prime Day approaches, cybercriminals are gearing up to exploit the event’s massive online shopping activity. Major retail moments bring together the three ingredients attackers exploit most: a globally trusted brand, a large number of transactions in a short period, and a lack of security awareness. Check Point
HazyBeacon Malware Abuses AWS Lambda URLs for Stealthy C2 Communications A sophisticated cloud-native malware campaign, HazyBeacon (CL-STA-1020), is exploiting Amazon Web Services (AWS) Lambda Function URLs to establish covert command-and-control (C2) channels. The campaign primarily targets government entities across Southeast Asia. CyberPress
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes The Gentlemen ransomware-as-a-service (RaaS) operation is developing and maintaining a suite of endpoint detection and response (EDR) killers, known as GentleKiller. The framework targets over 400 security processes to impair system defenses before deploying the encryptor. The Hacker News
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain Security researchers have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. The exploit requires physical access to the device. The Hacker News
Critical Flaw in WordPress Plugin Allows Arbitrary File Deletion on 1 Million Sites A critical unauthenticated arbitrary file deletion vulnerability has been discovered in Avada Builder, a premium WordPress plugin with approximately 1 million active installations. The flaw allows unauthenticated attackers to delete arbitrary files on the server. CyberPress
Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections Gcore’s Network Layer DDoS Protection helped Ucom maintain service continuity and operational readiness for critical public-facing broadcast services during Armenia’s 2026 parliamentary elections. GBHackers
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more This week’s release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. Rapid7
Webinar: How attackers bypass MFA and how defenders can respond This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. Modern phishing attacks, including Device Code phishing, can undermine MFA protections. Bleeping Computer
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.