Threat Modeling and Security by Design

Note: This advisory covers 5 newly disclosed LiteLLM CVEs. For the CISA KEV CVE-2026-42271 (command injection, due TODAY June 22), see our dedicated CVE-2026-42271 advisory.BerriAI LiteLLM, the widely deployed open-source LLM gateway, has disclosed five additional vulnerabilities covering authentication bypass, API key exposure, and authorization weaknesses. These were disclosed over the weekend of June 21-22 and should be addressed alongside today’s CISA KEV deadline…

Vulnerability Intelligence Report — June 22, 2026 Coverage: June 1–22, 2026 | Total CISA KEV additions (period): 16 | New KEVs: 0 | KEV deadline TODAY: BerriAI LiteLLM | KEV deadlines TOMORROW: Triple (Chromium V8, Arista EOS, Cisco SD-WAN) | Splunk deadline passed (June 21) | Total overdue KEVs: 11 Previous reports: June 21, 2026 | June 20, 2026 Today — Monday, June 22,…

What Is CVE-2026-11551? CVE-2026-11551 is a critical authentication bypass and privilege escalation vulnerability in the Branda WordPress plugin, carrying a CVSS score of 9.8. The flaw allows unauthenticated attackers to completely take over any user account—including administrator accounts—without requiring any prior access or credentials. Exploitation leads to full site compromise. Affected Versions All versions of the Branda plugin are affected. No version is known…

What HappenedA newly identified botnet tracked as AryStinger has been observed actively compromising thousands of D-Link routers across the globe. The campaign exploits known vulnerabilities in end-of-life and unpatched D-Link router models, deploying a lightweight malware payload that enrolls each compromised device into a sprawling botnet. The infected routers are being leveraged as both DDoS launch nodes and covert proxy endpoints, enabling the operators…

What Happened Microsoft Threat Intelligence has attributed a sophisticated supply chain attack targeting the Mastra AI framework to state-sponsored actors operating out of the Democratic People’s Republic of Korea (DPRK). The compromise, discovered in early June 2026, represents a strategic escalation in North Korean cyber operations, pivoting from traditional financial heist motives toward the emerging AI/ML orchestration ecosystem. Mastra AI is a rapidly growing…

What HappenedSecurity researchers have identified a new ransomware variant dubbed Prinz Eugen that appends the .prinzeugen extension to encrypted files. First observed in the wild in June 2026, this strain introduces a notable behavioral twist: it deliberately prioritizes recently accessed and modified files before expanding to the rest of the filesystem.TacticUpon execution, Prinz Eugen queries the file system for files with recent access timestamps…