Jerry Todd

⚠️ Splunk Enterprise Pre-Auth RCE Chain Exposes Database With Zero Authentication Source: https://t.co/carVCWzy8k A critical vulnerability chain in Splunk Enterprise has been disclosed, enabling unauthenticated attackers to achieve remote code execution (RCE) through a misconfigured PostgreSQL sidecar service. Tracked as CVE-2026-20253, the flaw has a CVSS score of 9.8 and affects Splunk Enterprise 10 and later. The issue originates from the PostgreSQL Sidecar Service, an internal component introduced in newer Splunk versions. While this service is not always enabled in on-premise deployments, it is active by default in Splunk Enterprise on AWS, making cloud deployments particularly exposed out of the box. #cybersecuritynews

🌎 Global: https://t.co/DjttliIHD0 Contact Dataset Advertised on Underground Forum * A threat actor has uploaded and advertised an alleged https://t.co/DjttliIHD0 dataset on an underground forum. * The post claims the dataset contains approximately 49.19 million records originating from https://t.co/DjttliIHD0, a B2B sales intelligence and contact enrichment platform. * According to the seller, the dataset includes: * Full names * Email addresses * Phone numbers * LinkedIn profile URLs * Job titles * Company names * Company phone numbers * Company websites * Company domains * Facebook URLs * X/Twitter URLs * Company LinkedIn pages * Country and city information * Claimed dataset details: * Source: https://t.co/DjttliIHD0 * Total records: 49,189,288 * Region: Global * Compressed size: 1.92 GB * Sample records displayed in the forum post appear to contain professional contact and company intelligence data. * No evidence was provided indicating a recent compromise of https://t.co/DjttliIHD0 infrastructure. * The advertised dataset closely resembles previously reported https://t.co/DjttliIHD0 data exposures and publicly discussed incidents involving large-scale business contact information. * At the time of reporting, Daily Dark Web has not identified evidence that this advertisement represents a newly discovered breach. The dataset may consist of historical, recycled, aggregated, or previously exposed business contact information. Analyst Note: Business intelligence and sales-enrichment datasets occupy a gray area within the cybercrime ecosystem because much of the information originates from public, commercial, or aggregated sources. When such datasets are advertised underground, organizations should focus on determining whether proprietary customer information, internal records, or non-public enrichment data are involved rather than assuming a new compromise has occurred. #DDW #Intelligence #DarkWeb #Apollo

U.S. Central Command (CENTCOM) forces began launching self-defense strikes against Iran at 5 p.m. ET today at the Commander in Chief’s direction, in response to yesterday’s downing of a U.S. Army Apache helicopter. The mission is a proportional response to unjustified Iranian aggression.

Dozens of local teenagers recently spent a day with ADIC Patrick Grandy, and a team of FBI employees for the Spring iteration of the FBI Los Angeles Teen Academy. Students learned about the various career opportunities with the FBI, as well as how we investigate crimes and they can avoid being victimized.

ADIC Barnacle recently sat down to discuss the FBI New York Office’s posture for the upcoming summer events to include the FIFA World Cup, Sail250, Macy’s Fourth of July celebration, and the NBA Finals. Read about the FBI’s commitment to staying ahead of the threat at: https://t.co/kgUwPRqXUa

🚨 Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands Source: https://t.co/9kvbWmTeqX Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployments. At the core of this threat is CVE-2026-42271, a command injection flaw in LiteLLM's Model Context Protocol (MCP) server test endpoints. By manipulating the HTTP Host header to exploit the Starlette authentication bypass, attackers can sidestep LiteLLM's API key requirement entirely. Affected versions span LiteLLM 1.74.2 through 1.83.6 on deployments whose dependency tree includes Starlette ≤ 1.0.0. #cybersecuritynews