June 23, 2026 by sig9

Hacker Wars - June 23, 2026

bulletin-feature-image

Your daily dose of infosec chaos

The quantum apocalypse just got a deadline, healthcare data is leaking again, and someone thought sending VBScripts over WhatsApp was a good business model. Let’s dive in.

Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration

The White House just put a clock on the quantum threat. A new executive order mandates that federal agencies transition high-value and high-impact systems to post-quantum cryptography by 2030 and 2031 respectively. The move comes as “harvest now, decrypt later” attacks become less theoretical by the day, and signals that PQC is no longer optional for government-adjacent orgs.

What to do: Start your PQC inventory now. Identify which systems use RSA/ECC for long-lived secrets and begin mapping migration paths.

Xsolis Data Breach Affects 1.4 Million Individuals

Healthcare AI company Xsolis disclosed a breach impacting 1.4 million people. Threat actors gained access to personal and protected health information (PHI) that Xsolis handled on behalf of its healthcare clients. The company has not disclosed the attack vector, which is always a reassuring sign.

What to do: If your org uses Xsolis or shares data with them, assume your patient records may be in the wild. Review BAA terms and prepare for regulatory scrutiny.

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

Attackers are distributing malicious VBScript files through WhatsApp messages disguised as legitimate business documents. Once executed, the scripts install ManageEngine’s own RMM software on the victim’s machine, giving attackers persistent remote access using a legitimate tool. Kaspersky tracked the campaign across multiple countries targeting WhatsApp Desktop users.

What to do: Block VBScript execution via Group Policy and monitor for unauthorized ManageEngine installations on endpoints.

FFmpeg Fixes PixelSmash Flaw in Widely Used Video Decoder

A vulnerability dubbed “PixelSmash” in FFmpeg’s video decoder could allow remote code execution on media servers like Jellyfin, and denial-of-service on Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. The flaw is in a component used by a staggering number of applications, which means patching is going to be a dependency chain nightmare for weeks.

What to do: Update FFmpeg as soon as your distribution pushes the fix and consider temporarily restricting untrusted media uploads.

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI released GPT-5.5-Cyber, its strongest vulnerability-hunting model yet, to trusted defenders under the Daybreak initiative. The model is designed to help security teams find and patch software vulnerabilities faster. Whether this becomes a genuine force multiplier for blue teams or just another shiny tool that creates more alert fatigue remains to be seen.

What to do: If your org qualifies for Daybreak access, evaluate the model against your existing vuln management workflow. AI-assisted patching is coming whether we like it or not.

Catch you tomorrow. In the meantime, go check your attack surface.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.