BORDER CYBER GROUP — Wednesday June 24, 2026 - Jonathan Brown

FFmpeg's PixelSmash Bug Turns Automated Media Scanning Into RCE

A single crafted video file dropped into a watched folder can now get you a reverse shell — no click, no open, just the automatic metadata scan that media servers run on every new file. JFrog Security Research disclosed CVE-2026-8461 ("PixelSmash"), a heap out-of-bounds write in FFmpeg's MagicYUV decoder (CVSS 8.8), and escalated it to full RCE on a Jellyfin server using a 50KB AVI that triggered during the app's routine library scan. The same technique produced RCE on Nextcloud via its preview feature; JFrog also confirmed crashes on Kodi, mpv, Emby, Immich, PhotoPrism, and OBS Studio, and flagged AI/ML pipelines using PyAV or OpenCV as architecturally exposed but untested. Full RCE currently requires ASLR disabled — JFrog identified a separate FlashSV info-leak that could theoretically defeat it, but says that chaining "has not been demonstrated," so treat it as a documented gap, not a confirmed path. The real story is upstream of any single app: MagicYUV ships enabled by default in FFmpeg, so every project linking libavcodec inherited this exposure without an opt-in. FFmpeg fixed it in 8.1.2 (June 17); Jellyfin updated its bundle, PhotoPrism is adding a format blocklist, and Nextcloud has declined to patch on the grounds the flaw lives outside its codebase.

Watch for: Whether a public exploit forces Nextcloud off its no-patch stance, and whether anyone demonstrates the FlashSV chain that defeats ASLR.

Sources: JFrog Security Research, June 22, 2026; BleepingComputer, June 23, 2026; SC Media, June 23, 2026.

───────────────────────────────────────────────────

Cisco's "No Known Exploitation" Window on Unified CM Lasted Three Weeks, Not Zero

Cisco patched CVE-2026-20230 — an unauthenticated SSRF in Unified CM that chains into arbitrary file writes and root — on June 3, noting a PoC was already public but it had "yet to find evidence of active exploitation." Over the weekend, exploit-intelligence firm Defused reported genuine exploitation attempts against honeypots, and SSD Secure Disclosure (credited with the original report) published its own write-up and exploit code shortly after. Cisco hasn't updated its advisory to confirm exploitation, and the flaw isn't yet in KEV. The bug only fires if WebDialer is enabled — off by default, commonly on in enterprise deployments — and this is the second Unified CM vulnerability exploited in 2026 after CVE-2026-20045 in January. Neither Cisco nor Defused has named an actor or a confirmed victim.

Watch for: Opportunistic scanning against exposed Unified CM instances to keep climbing in the gap before KEV inclusion forces patch urgency — that lag, not the initial PoC release, is historically where most of the damage gets done.

Sources: SecurityWeek, June 23, 2026; BleepingComputer, June 23–24, 2026; CSO Online, June 24, 2026.

───────────────────────────────────────────────────

CISA's Latest KEV Batch Is a Reminder That "Edge Device" Doesn't Mean Router

CISA added four actively exploited vulnerabilities to KEV on June 23: CVE-2025-67038, a root-privilege command injection in Lantronix EDS5000 device servers, and three Ubiquiti UniFi OS flaws (CVE-2026-34908 access control, CVE-2026-34909 path traversal, CVE-2026-34910 input validation). The Lantronix flaw is one of nine RCE-class bugs in Forescout Vedere Labs' broader "BRIDGE:BREAK" disclosure on serial-to-IP converters that bridge legacy industrial equipment — PLCs, medical devices, POS serial links — onto IP networks, which is why CISA's own advisory lists Communications, IT, and Critical Manufacturing as affected sectors. Federal remediation is due June 26 under BOD 26-04. The Ubiquiti trio plausibly chains from access bypass to traversal to command injection, though CISA's KEV notes confirm only individual exploitation, not a chained campaign. Neither set carries a confirmed ransomware linkage — CISA's own field for that currently reads "Unknown" on both.

Watch for: A named IR firm tying either vulnerability set to ransomware pre-positioning before the June 26 federal deadline passes — that would upgrade "Unknown" to a confirmed campaign link.

Sources: CISA KEV catalog advisory, June 23, 2026; CISA ICS Advisory ICSA-26-069-02; Forescout Vedere Labs, "BRIDGE:BREAK" research.

───────────────────────────────────────────────────

A Critical libssh2 Bug Just Showed How Slowly Library-Level Fixes Reach the Edge

CVE-2026-55200, a CVSS 9.2 integer-overflow-to-heap-write in libssh2's ssh2_transport_read(), was disclosed June 17 and patched in commit 7acf3df: the function fails to bound-check the packet_length field on incoming SSH packets, letting an unauthenticated, network-based attacker corrupt adjacent heap memory. Versions 1.11.1 and earlier are affected. The CVE itself is a one-line summary — the actual story is that libssh2 sits quietly underneath curl's SSH/SFTP support, assorted language bindings, and embedded network appliances, none of which patch on the upstream project's timeline. No public reporting reviewed for this item confirms in-the-wild exploitation yet; this is a patch-now call on exploitability, not on observed attacks. BCG could not confirm how far the fix has propagated through major distributions or downstream consumers as of this writing — that gap is the actual risk window, not the seven days since disclosure.

Watch for: Which downstream projects confirm and ship the fix first, and whether any vendor discloses pre-patch exploitation in their own products before they do.

Sources: Cyber Security News, June 24, 2026; libssh2 project GitHub advisory and commit 7acf3df.

───────────────────────────────────────────────────

LastPass Joins the Klue/Icarus Victim List — Attack Mechanics Are Now Fully Mapped

LastPass confirmed June 23 that "Icarus" — using OAuth tokens stolen in the Klue supply-chain breach disclosed June 12 — accessed customer contact and CRM data in its Salesforce environment; vaults, infrastructure, and products were not touched. This is a scope update, not a new story: Klue/Icarus already ran in BCG's June 19 edition via Huntress. What's new is that the victim count has grown to at least eight named organizations and ReliaQuest has now mapped the mechanics: Icarus used compromised legacy integration credentials to mint OAuth tokens, then ran automated Python tooling to enumerate Salesforce objects via REST API at scale — a pattern ReliaQuest ties tactically to the earlier Salesloft/Drift/Gainsight wave attributed to ShinyHunters/UNC6395, though Icarus is a distinct, newly named group, not a confirmed rebrand. This is an analytical inference from the public record, not a confirmed finding: the tactical overlap suggests shared tooling or playbook lineage in the OAuth-token-harvesting niche, but no named source has published evidence of operator overlap.

Watch for: Whether Icarus follows through on publishing data for non-paying targets, and whether the operator-overlap question gets resolved by a named attribution report.

Sources: LastPass company blog, June 23, 2026; Help Net Security, June 24, 2026; TechCrunch, June 22, 2026; CyberInsider, June 23, 2026.

───────────────────────────────────────────────────

ShapedPlugin Is the Third WordPress Vendor Pipeline Breach in Six Weeks — Not a Plugin Bug, a Build-System Bug

Wordfence confirmed on June 12 that ShapedPlugin's build pipeline was compromised starting May 21, with backdoored Pro releases served through the vendor's own official update channel for roughly three weeks before detection. Free WordPress.org versions were untouched — Wordfence reads that as evidence the attackers had access to both channels but selectively targeted paying customers. The payload installs a self-concealing fake WooCommerce plugin that steals admin credentials and TOTP secrets from multiple 2FA plugins, sending both to infrastructure tied to AEZA GROUP LLC, which Security Affairs links to Russian-based registrants. Sources disagree on severity between the two CVE numbers filed for the same flaw — The Hacker News cites CVSS 10.0 for the duplicate CVE-2026-49777, other trackers cite 9.8 for the primary CVE-2026-10735 — BCG flags the discrepancy rather than picking one. Patches are out for all three affected plugins. Threat-Modeling.com independently flagged this as the third premium WordPress vendor-pipeline compromise in six weeks after Awesome Motive/OptinMonster (BCG's June 16–17 editions) — sourced framing, not BCG's own count, but the pattern is now visible across three unrelated vendors using the same trust mechanism.

Watch for: A fourth vendor-pipeline incident landing before the industry treats this as a distinct attack class rather than three coincidences.

Sources: Wordfence/Defiant via BleepingComputer, June 18, 2026; Security Affairs, June 23, 2026; The Hacker News, June 22, 2026; Threat-Modeling.com, June 19, 2026.

───────────────────────────────────────────────────

Dropping Elephant Came Back With an In-Memory RAT and a Live Staging Server Researchers Could Just Download From

Rapid7 disclosed a campaign attributed to "Dropping Elephant" tradecraft — confirmed via beaconing, screenshot logic, and command-handler overlap with a known July 2025 sample — using a China-themed lure (a fake seawater pump contract) to deliver a reworked, memory-resident RAT via DLL side-loading and Donut shellcode injection. The malware patches AMSI, WLDP, and ETW before execution and never touches disk, a real evasion upgrade over previously documented tooling. Rapid7 found the staging server still live during its hunt and downloaded the full chain, though the RAT's live beacon returned an HTTP 522 during testing, so Rapid7 couldn't observe operator-side behavior. BCG is not assigning nation-state attribution: Rapid7 ties this to actor tradecraft, not state sponsorship, and historical assessments describe Dropping Elephant/Patchwork's victims as connected to China's foreign relations without naming an operating government — a distinction that gets erased in less careful summaries.

Watch for: Named victim identification tied to the chinagreenenergy[.]org infrastructure, or further samples extending the in-memory loader to other lure themes.

Sources: Rapid7 blog, June 2026; Cyber Security News, June 23, 2026.

───────────────────────────────────────────────────

OpenAI's Bigger Bet: Discovery Is Commoditized, Patch Velocity Is the Actual Bottleneck

OpenAI expanded Daybreak with GPT-5.5-Cyber, a higher-capability defender tier, alongside an updated Codex Security plugin that's scanned over 30 million commits across 30,000+ codebases since its March 2026 preview. The release was coordinated with the Center for AI Standards and Innovation and the Office of the National Cyber Director under the administration's June 2026 AI-security executive order, and OpenAI launched "Patch the Planet" with Trail of Bits and HackerOne, with 30+ open-source projects committed.

"Vulnerability discovery is now commoditized — patch velocity is the actual bottleneck."

That's OpenAI's thesis, not BCG's, but it's the sentence worth remembering from this release. Cybernews's framing of the same announcement is more skeptical, citing expert concern that Daybreak-class tools may find exploitable bugs faster than under-resourced open-source maintainers can absorb and fix. Both can be true at once: enterprise remediation tooling and asymmetric exploit-discovery risk for smaller projects aren't mutually exclusive outcomes of the same capability jump. That synthesis is BCG's, not either source's.

Watch for: A worked example from a "Patch the Planet" project — AI-found vulnerability to shipped patch, with a timestamp — which would be the actual test of OpenAI's defender-advantage claim rather than the announcement itself.

Sources: Cyber Security News, June 23, 2026; Cybernews, June 23, 2026.

───────────────────────────────────────────────────

Border Cyber Group is reader-supported. If this feed is useful to you, consider a subscription or buy us a coffee! Thanks. bordercybergroup.com.