STRATQUAD
CYBER THREAT INTELLIGENCE BRIEF
Daily Brief · 20 June 2026 · 24h windowRISKMEDIUM
StratQuad CTI Daily Brief, 20 June 2026
Compiled from 52 monitored sources · 3170 articles reviewed

Today’s Briefing

Google Threat Intelligence reports a North Korea-nexus actor has compromised the widely used Axios NPM package in a supply chain attack, targeting a library with millions of weekly downloads. Separately, Google published updated guidance on preparing for and hardening against destructive attacks, reflecting shifts in adversary capability and targeting since the last edition. The watchlist includes CVE-2026-49268, a critical LDAP injection flaw in Apache Shiro allowing DN manipulation via unsanitised username input, and CVE-2026-50203, a path traversal in Apache Airflow's SFTP provider that permits malicious servers to write files outside the configured destination directory.

Top Stories

  1. Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
  2. Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module

Full brief available to subscribers

The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.

Get the brief at 07:00, every weekday.

The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.

← All briefs