
Weekly Security Sprint EP 160. Merch alert, plus new vulnerabilities, the evolving threat landscape, and the World Cup
On this week's Security Sprint, Dave and Andy covered the following topics:
Opening:
• 27th Annual TribalNet Conference & Tradeshow, 20 – 24 Sep, Dallas, TX
• 02 Jun! WaterISAC H2OSecCon (Virtual Conference)
Main Topics:
Exploitation! and the KEV!
• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2026-9082 Drupal Core SQL Injection Vulnerability
• Drupal security advisory (AV26-492) - Update 2 - Canadian Centre for Cyber Security
• CISA orders feds to patch actively exploited Drupal vulnerability - BleepingComputer
• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2026-48172 LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
• CISA gives feds 4 days to patch actively exploited cPanel plugin flaw - BleepingComputer
• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
• Palo Alto Networks Security Advisory AV26-462 — Canadian Centre for Cyber Security
• ETR: Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability CVE-2026-0257 — Rapid7
Ransomware & Data Breaches:
• The Cyber Extortion Economy - Palo Alto Networks Unit 42 - 28 May 2026 “As recently noted by our Chief Security Intelligence Officer, Wendi Whitmore, it only took 39 seconds for threat actors to move from initial access to data exfiltration in one case.”
• Stay Ahead of Ransomware: What 2026 Threat Reports Are Telling Us — SANS Institute — 01 Jun 2026
• Charter Communications Data Breach Could Impact Nearly 5 Million
• How St. Paul, Minn., Recovered From a Ransomware Attack
• FBI FLASH - Silent Ransom Group Impersonating IT Personnel through Social Engineering - FBI IC3 & FBI warns of in-person data theft attacks from extortion gang
• Charter confirms data breach after ShinyHunters extortion threat
• The Gentlemen ransomware: Dissecting a self-propagating Go encryptor
• The Gentlemen Ransomware Group Is Scaling Faster Than Any Other Group on Record
• The Gentlemen (Ransomware) in Disguise: Defense Evasion and other TTPs
World Cup:
• FBI PSA - Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup - FBI IC3
• FAA Establishes No Drone Zones for FIFA World Cup 2026 Stadiums, Fan Events and Base Camps — FAA
• Column: Empower Emergency Managers for Major Events
• Ebola concerns grow ahead of World Cup — The Hill
Quick Hits:
• The Future of AI Risk: Predictions for 2027 and Beyond - Gate 15 - 26 May 2026
• Top 10 Artificial Intelligence Security Actions Primer — Canadian Centre for Cyber Security
• Mythos Exposes a Bigger Problem in Critical Infrastructure Cyber Defense - HSToday
• NSA Launches Zero Trust Implementation Guidelines Resource Webpage — National Security Agency
• Designing secure access with ZTNA - National Cyber Security Centre
• The 2026 U.S. Midterms Have a Cyber Problem, But It’s Not at the Ballot Box — Check Point & Hackers are already laying groundwork to disrupt 2026 midterms, research says — Nextgov
• 'Holding our breath': Hurricane season is here, and FEMA is shorthanded — Politico
More episodes from "The Gate 15 Podcast Channel"



Don't miss an episode of “The Gate 15 Podcast Channel” and subscribe to it in the GetPodcast app.








