June 17, 2026 by sig9

Hacker Wars - June 17, 2026

bulletin-feature-image

Your daily dose of infosec chaos

Today’s theme: supply chain nightmares, actively exploited web vulns, and the eternal game of whack-a-mole with enterprise appliances. Grab your coffee, it’s going to be a long one.

144 Mastra Npm Packages Hijacked in Supply Chain Attack

A threat actor compromised a contributor account on the Mastra AI framework and pushed malicious code to 144 npm packages under the @mastra/* namespace. If your CI/CD pipeline pulls these packages, congratulations - you might have a new backdoor friend. The attack, dubbed “easy-day-js,” is another reminder that your dependencies are only as trustworthy as the humans behind them.

What to do: Pin your dependencies, audit your lockfiles, and check if you’re running any @mastra/* packages. If you are, assume compromise and rotate secrets.

CISA Adds Joomla JCE Flaw to Actively Exploited List

CISA has added a maximum-severity Joomla Widget Factory JCE vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The flaw allows unauthenticated PHP code execution on affected Joomla sites, which is about as bad as it sounds for anyone running a Joomla-based web shop in 2026.

What to do: Patch Joomla JCE immediately or disable the extension if you can’t. If you’re still running Joomla, this is your sign to review your entire CMS stack.

30,000 Fortinet Firewalls Compromised via FortiSandbox Vulns

Security researchers discovered roughly 30,000 Fortinet appliances already compromised through three recently patched FortiSandbox vulnerabilities. The flaws let attackers gain root-level access on shared hosting environments, which is exactly the kind of thing that keeps SOC teams up at night.

What to do: Patch FortiSandbox to the latest version. Run a scan to check for indicators of compromise on your Fortinet appliances. If you haven’t patched yet, consider it already exploited.

Microsoft Working on Defender Patch for RoguePlanet Zero-Day

Microsoft confirmed it’s developing a fix for a zero-day in Windows Defender dubbed “RoguePlanet,” disclosed about a week ago. Details remain sparse, but anything that bypasses the default AV on every Windows machine is worth paying attention to.

What to do: Monitor Microsoft’s advisory for the patch release. In the meantime, layer your defenses - Defender alone is never enough anyway.

Catch you tomorrow. In the meantime, go check your attack surface.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.