This posting is here to collect cyber security news in June 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
147 Comments
Tomi Engdahl says:
https://cybersecuritynews.com/linux-kernel-improper-authentication-vulnerability/
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. Linux& Unix
The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers to achieve privilege escalation.
CVE-2022-0492 stems from insufficient validation and authentication controls within the Linux kernel’s control groups (cgroups) mechanism.
Tomi Engdahl says:
Vain 22 sekuntia aikaa: kun hyökkäykset nopeutuvat, puolustuksen on muututtava
Tekoäly on muuttanut tietoturvaa nopeammin ja perusteellisemmin kuin moni vielä ymmärtää. Google Cloud Next -tapahtumassa kävi selväksi, ettei perinteinen, ihmisvetoinen malli pysy enää hyökkäysten vauhdissa. DNA:n Kaapro Kanto kertoo, miten puolustuksen on muututtava nyt – ja mitä yritysten pitäisi tehdä seuraavaksi.
https://www.dna.fi/yrityksille/blogi/-/blogs/vain-22-sekuntia-aikaa-kun-hyokkaykset-nopeutuvat-puolustuksen-on-muututtava
Tomi Engdahl says:
https://arstechnica.com/security/2026/06/dashlane-explains-how-attackers-managed-to-download-encrypted-password-vaults/
Tomi Engdahl says:
https://thehackernews.com/2026/06/autonomous-ai-tool-finds-2-year-old-rce.html
Tomi Engdahl says:
https://thehackernews.com/2026/06/new-http2-bomb-vulnerability-allows.html
Tomi Engdahl says:
https://cybersecuritynews.com/21-0-day-vulnerabilities-in-ffmpeg/
Tomi Engdahl says:
https://thehackernews.com/2026/06/new-greatxml-exploit-bypasses-windows.html
Tomi Engdahl says:
Supply Chain Security
NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks
By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed.
https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/
Tomi Engdahl says:
https://www.securityweek.com/anthropic-says-it-has-taken-its-latest-ai-models-offline-to-comply-with-new-export-controls/
Tomi Engdahl says:
https://www.securityweek.com/in-other-news-google-security-layoffs-audia6-takedown-400-million-coupang-fine/
Tomi Engdahl says:
Artificial Intelligence
Industry Reactions to Claude Fable 5: Feedback Friday
Industry professionals comment on various aspects of Fable 5, including dual-use capabilities, safeguards, and tiered access.
https://www.securityweek.com/industry-reactions-to-claude-fable-5-feedback-friday/
Tomi Engdahl says:
https://www.securityweek.com/onyxc2-stealer-offers-cybercriminals-enterprise-grade-theft-for-250-a-month/
Tomi Engdahl says:
https://www.securityweek.com/anthropic-disputes-fable-5-ai-jailbreak/
Tomi Engdahl says:
ICS/OT
Iranian Cyber Group Handala Claims Cal Water Hack
The hackers published 5GB of data, including customer personal information and credentials for the RTKBase platform.
https://www.securityweek.com/iranian-cyber-group-handala-claims-cal-water-hack/
Tomi Engdahl says:
The Guardian:
Sources: UK plans to announce an “Australia plus” under-16 social media ban, including restrictions on chats with strangers on gaming apps and under-18 curfews
Starmer to announce ‘Australia plus’ ban on social media for under-16s
Sources say hardline measures will also prevent young users from being able to talk to strangers on gaming apps
https://www.theguardian.com/uk-news/2026/jun/14/starmer-to-announce-australia-plus-ban-on-social-media-for-under-16s
Tomi Engdahl says:
Andrew Osborn / Reuters:
Since Russia ratcheted up control over the internet this year, some Russians are turning to solutions like using multiple phones and VPNs to evade restrictions
https://www.reuters.com/world/europe/two-phones-an-app-how-russians-skirt-putins-digital-iron-curtain-2026-06-13/
Tomi Engdahl says:
https://www.idrive.com/idrive/signup/c2c_landing
Safeguard Your Cloud Applications data
Microsoft Office 365
Google Workspace
Salesforce
Backup for Dropbox
Box
Tomi Engdahl says:
UK PM Keir Starmer says the UK will ban social media for under-16s and restrict gaming and livestreaming platforms, aiming for regulation by the end of 2026 — British Prime Minister Keir Starmer said on Monday he would ban social media sites for under-16s and impose restrictions on gaming …
Britain announces sweeping social media ban for under-16s
https://www.reuters.com/business/media-telecom/britain-expected-set-out-under-16s-social-media-restrictions-2026-06-14/
Tomi Engdahl says:
Platforms including Instagram, TikTok, Snapchat and Facebook are set to be banned for under-16s
Full list of social media platforms included in Starmer’s under-16s ban
Platforms such as Instagram, TikTok, Snapchat and Facebook are set to be banned
https://www.independent.co.uk/news/uk/home-news/social-media-ban-uk-full-list-apps-whatsapp-snapchat-youtube-b2995731.html?fbclid=IwdGRjcAScv_djbGNrBJy_3GV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHgvGrCSTt0BixncCmwGc4yhhSA4jRFOKtaRzajAYxB7xDMgUxG4KjXqDDWwM_aem_myQAL23cOSiZNodFKULUYg
Social media platforms will be blocked for children under the age of 16 in a historic move from Sir Keir Starmer, as he said a “total ban is the right choice”.
The prime minister announced the restriction in a Downing Street press conference on Monday morning as he warned social media was impacting children’s happiness and mental health.
The social media platforms to be affected include:
Facebook
Instagram
X
Snapchat
TikTok
YouTube
Messaging services like WhatsApp and Signal are not set to be included in the ban.
Restrictions will also be enforced on gaming sites which will include world-leading blocks on harmful functions such as livestreaming and stranger communication with children under-16
AI “romantic companion” chatbots, which are designed to simulate sexual relationships or roleplay with users, will also enforce a minimum age of 18.
The prime minister said he was confident the ban would be effective but acknowledged some children would find their way around it. The measure is expected to come into force by early next year.
The government is also looking at potential overnight curfews and breaks in infinite scrolling for under-18s.
Sir Keir, a father-of-two, said: “This is not something I do lightly, and I will not present it as cost-free, as if social media has brought no benefits to young people, because clearly that is wrong.
“But government is always about choices, and it’s clear to me that a full ban is the right choice.
I ask the question now: Do we truly believe that social media creates a happy environment for our children?
“Do we truly believe that it’s a place where they can feel safe? I don’t think I even need to answer those questions, do I?
“Every parent can see it with their own eyes. Social media is making children unhappy.”
There has been resistance from the Trump administration to action against social media sites, which are largely based in the US.
many countries around the world were “grappling” with the issue of children’s safety online.
Tomi Engdahl says:
https://www.independent.co.uk/news/uk/home-news/social-media-ban-uk-starmer-children-response-b2995757.html?fbclid=IwdGRjcASc1K1jbGNrBJzUoWV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHnTdkjEQOGMvkiJvDEt3PmIUfoH3oX01jTmputQ79zvgU39d5x93zMOn46VO_aem_SotYK0DwMax4Kf_6i4FNCQ
Tomi Engdahl says:
Jokainen laite voi olla seuraava kohde – tutkijat puhuvat uudenlaisesta kyberuhasta – Muropaketti.com https://share.google/SJlMpfVWdPCBHwowE
Tutkijat ovat luoneet avoimen lähdekoodin kielimallilla toimivan tekoälyagentin, joka käyttäytyy kuin ”mato”, eli itsenäisesti toimiva, tietoturva-aukkoja hyödyntävä ja itsestään monistuva haittaohjelma.
Vielä vertaisarvioimattomassa ennakkotutkimuksessa osoitetaan, kuinka itseään monistava tekoälyagentti voi vallata tietoverkon lähes olemattomin kustannuksin. Asiasta uutisoi Gizmodo.
Tutkijoiden mukaan kyseessä on ”perustavanlaatuisesti uusi uhka: mato, joka luo kohteelleen räätälöityjä hyökkäysstrategioita jokaisessa kohtaamassaan järjestelmässä”.
Tutkimuksessa tekoälyagentti toimi matona eristetyssä testiverkossa, joka koostui Linux-, Windows- ja IoT-laitteista. Verkossa oli yleisiä yritysverkkojen haavoittuvuuksia, kuten uudelleenkäytettyjä salasanoja. Agentti perustui nimeämättömään avoimen lähdekoodin suureen kielimalliin.
Perinteisestä tietokoneviruksesta poiketen mato ei tarvitse käyttäjältä toimia, kuten haittaohjelman sisältävän tiedoston avaamista levitäkseen, vaan se hyödyntää tietoturva-aukkoja ja kopioi itseään uusiin laitteisiin.
Se pystyy tunnistamaan kunkin laitteen yksilöllisiä tietoturva-aukkoja ja muuttamaan toimintatapaansa niiden perusteella.
Tutkijoiden mukaan mato hyödyntää myös tartuttamiensa laitteiden laskentatehoa. Tämä korostuu erityisesti aikana, jolloin yhä useammat älypuhelimet ja kannettavat tietokoneet suunnitellaan suorittamaan suuria kielimalleja paikallisesti.
”Jokainen internetiin yhdistetty laite on mahdollinen kohde – ellei sen sisältämän datan vuoksi, niin ainakin seuraavan hyökkäyksen laukaisualustana”, tutkijat kirjoittavat blogissaan.
Tomi Engdahl says:
AI Agents Enable Adaptive Computer Worms
In our pursuit of new knowledge to enhance the security of artificial intelligence, we uncovered a cybersecurity threat with implications across society.
https://cleverhans.io/worm.html
‘A Fundamentally New Threat’: Researchers Develop New AI-Powered Worm That Might Be Unstoppable
A team of cybersecurity experts have shown how a self-replicating AI agent can take over a computer network at almost no cost.
https://gizmodo.com/a-fundamentally-new-threat-researchers-develop-new-ai-powered-worm-that-might-be-unstoppable-2000766975
Tomi Engdahl says:
https://www.independent.co.uk/news/world/americas/us-politics/trump-ufc-white-house-targeted-attacks-fbi-b2996596.html?fbclid=IwdGRjcASeJQRjbGNrBJ4lAGV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHickSf24hOYqjoUOhOh-ZZEyPpDDTWs7f5UhNMilijmnAmmSKP-ln1IZDVU0_aem_4i1PcKYzxdJAqByOnEN1MQ
Tomi Engdahl says:
https://etn.fi/index.php/13-news/19061-linuxista-loeytyi-19-vuotta-vanha-aukko
Linux-ytimestä on löytynyt 19 vuotta vanha haavoittuvuus, jonka avulla perusoikeuksilla varustettu paikallinen käyttäjä voi saada järjestelmässä root-oikeudet. CIFSwitchiksi nimetty haavoittuvuus koskee Linuxin CIFS/SMB-asiakaspuolta ja siihen liittyvää cifs-utils-apuohjelmistoa.
Haavoittuvuudelle on annettu tunniste CVE-2026-46243. Se ei ole verkon yli suoraan hyödynnettävä SMB-palvelinaukko, vaan paikallinen käyttöoikeuksien korotus. Riskissä ovat etenkin järjestelmät, joissa käyttäjillä on paikallinen pääsy, käytössä on cifs-utils ja järjestelmä sallii hyökkäysketjun vaatimat nimiavaruudet.
Tomi Engdahl says:
Hackers claim they stole Novo Nordisk’s drug and AI secrets
“Among the categories of data FulcrumSec says it obtained are source code, proprietary drug information covering both marketed and pipeline compounds, clinical trial records, data on employees, doctors, and patients, details tied to manufacturing operations, and internal AI model files.”
https://qz.com/novo-nordisk-hack-fulcrumsec-extortion-data-theft-061726
Tomi Engdahl says:
Attacking UPS Network Cards to Take Down Data Centers → https://claroty.com/team82/research/attacking-ups-network-cards-to-take-down-data-centers
#welcometothepartypalgif #2600net #irc #secnews
Tomi Engdahl says:
AMD silently removes memory encryption from consumer Ryzen CPUs, leaving users unaware that they may be vulnerable — security feature vanishes after newer AGESA firmware, AMD engineers go radio silent when pressed about the change → https://www.tomshardware.com/pc-components/cpus/amd-silently-removes-memory-encryption-from-consumer-ryzen-cpus-leaving-users-unaware-that-they-may-be-vulnerable-security-feature-vanishes-after-newer-agesa-firmware-amd-engineers-go-radio-silent-when-pressed-about-the-change
#2600net #irc #secnews #encryption #memory
Tomi Engdahl says:
Jos puhelimesi tekee tämän, pysähdy heti – ”Todellinen vaaran merkki”
https://www.is.fi/digitoday/tietoturva/art-2000012089011.html
Tomi Engdahl says:
⚠️ Some Apple chips now have a flaw no software update can remove.
Researchers released usbliter8, a SecureROM exploit for A12 and A13 chips that enables code execution via USB in DFU mode.
Read details here: https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html
Tomi Engdahl says:
“Companies are getting hacked every single day.” https://trib.al/iiLxWpa
Tomi Engdahl says:
Massive Breach Exposes 74,000 Networks, From Oracle and Samsung to a NATO Contractor
https://www.sofx.com/massive-breach-exposes-74000-networks-from-oracle-and-samsung-to-a-nato-contractor/?fbclid=IwdGRjcASj51hjbGNrBKPnVmV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHnQqxXKpYbfwaME25FlcwfysXtGtV8aMJ18G58noC-WluD4NOfM3MHzeJksL_aem_ps6SniIbfIaIiLxpy7_KXw
Tomi Engdahl says:
MSG scanned 26M faces. Then its own data leaked.
Hackers called ShinyHunters published 45GB of stolen files.
The data exposed facial recognition logs and private attendee profiles.
MSG had used this system to scan visitors for years.
If you attended an event there, your faceprint may be inside.
A federal lawsuit now accuses MSG of failing to protect this data.
Read more on TNW: https://thenextweb.com/news/shinyhunters-madison-square-garden-45gb-data-leak-facial-recognition
Tomi Engdahl says:
Mariana Catacci / CNN:
Brazil takes its National Civil Defense warning platform offline after suspected hackers send an unauthorized alert to mobile phones in several states
Hackers suspected to be behind unauthorized alert sent to cell phones across Brazil
https://edition.cnn.com/2026/06/20/americas/brazil-hackers-unauthorized-alert-latam
São Paulo, BrazilCNN Brasil —
An unauthorized alert bearing a mysterious message that was sent to cell phones in several states across Brazil on Saturday morning is suspected to be the work of hackers, the Brazilian government said.
Devices lit up with the word “misantropi4,” an alphanumeric spelling of the Portuguese word “misantropia,” which in English translates to “misanthropy.” The final letter “a” was substituted with a number ‘4’ – a practice often used by hackers and termed “leetspeak.”
The alert – categorized as “extreme” – was initially received in the southern state of Paraná, but a second warning was triggered a few minutes later for cell phones in the major cities of São Paulo and Rio de Janeiro.
The emergency text system is similar to the US’ Wireless Emergency Alerts (WEA), better known to most Americans as AMBER alerts, which allows officials to broadcast short emergency text messages directly to mobile devices within specific geographic area, regardless of phone number or network.
Brazilian authorities said that the National Civil Defense’s warning platform was taken offline after being targeted by a likely hacker attack, and the government is working to restore the tool once all security conditions are reestablished.
The statement also said that the Cellbroadcast tool, which is used to send severe and extreme alerts, is managed by Anatel (National Telecommunications Agency) and has been temporarily disabled. The São Paulo Civil Defense said it has contacted Anatel and other institutions involved in the system’s operation to investigate the origin of the message.
Tomi Engdahl says:
“The sabotage seems intentional, as Reliance has ignored multiple reports,” he wrote. Read more: https://cnews.link/durov-meta-telegram-sabotage-1/
Tomi Engdahl says:
https://www.businessinsider.com/meta-ai-training-data-leak-exposed-employee-activity-across-company-2026-6?fbclid=IwdGRjcASmf7pjbGNrBKZ_s2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHqhrWQioepxY0KOEDpWL4TNsdIhb3SKjjEoM0101SLBwzGuGouzm98KRXYVE_aem_ZiDBvbhdJAV7iYCvIfhCqA&utm_campaign=mrf-insider-marfeel-headline-graphic&utm_source=facebook&utm_medium=social&mrfcid=202606226a399c0fb5129c43bc3ff882
Tomi Engdahl says:
https://git.cuvoodoo.info/kingkevin/board/src/branch/hdmi_firewall/README.md
The HDMI firewall prevents devices from hacking HDMI equipment, and vice-versa.
HDMI is mainly used to transfer audio and video, but also offers a number of additional features (e.g. HPD, CEC, HEAC, MHL). This increases the attack surface, and since the security of their implement in embedded devices is far from ideal, an attacker could exploit them and inject malicious code. Now your unsuspicious video equipment is compromised and threatens your IT/network security. And your monitor could then in turn hack back any other device connected to it.
For example, let’s imagine you invite an external guest for a presentation inside your company. You offer to connect to a video-projector so he can show his slides. This is the perfect opportunity for the guest to hack the video-projector. Next time an employee connects to this projector, his laptop is hacked back. And voila, the innocent guest managed to infiltrate your company network, and can exfiltrate confidential information.
The HDMI firewall blocks all additional interfaces, and only allows audio and video data transfer. It is based on the research of Pierre-Michel Ricordel and José Lopes Esteves from ANSSI/SDE/ST/LSF presented at the IT security conference SSTIC 2021.
#2600net #irc #secnews #hardware #hacking #cybersecurity #hdmi #firewall
Tomi Engdahl says:
Applen A12- ja A13-piireistä löytyi aukko, jota ei voi korjata
https://etn.fi/index.php/13-news/19088-applen-a12-ja-a13-piireistae-loeytyi-aukko-jota-ei-voi-korjata
Tietoturvatutkijat ovat julkaisseet uuden usbliter8-nimisen haavoittuvuuden, joka kohdistuu Applen A12- ja A13-sukupolvien järjestelmäpiireihin. Kyse ei ole iOS:n tavallisesta ohjelmistovirheestä, vaan piirin käynnistysvaiheen SecureROM-koodiin ja USB-ohjaimeen liittyvästä laitteistotason ongelmasta.
Paradigm Shiftin tutkijoiden mukaan haavoittuvuus mahdollistaa koodin ajamisen hyvin varhaisessa käynnistysvaiheessa, ennen kuin varsinainen käyttöjärjestelmä käynnistyy. Tämä tekee löydöstä teknisesti merkittävän, sillä BootROM- ja SecureROM-tason virheitä ei voi paikata jälkikäteen samalla tavalla kuin käyttöjärjestelmän haavoittuvuuksia.
Hyökkäys perustuu Applen käyttämän Synopsysin DWC2-USB-ohjaimen toimintaan. Tutkijoiden mukaan ohjain käsittelee USB:n Setup-paketteja tavalla, joka tietyissä olosuhteissa johtaa muistialueen alivuotoon. Kun laite on DFU-palautustilassa ja siihen on fyysinen USB-yhteys, virhettä voidaan käyttää muistialueiden ylikirjoittamiseen ja lopulta käynnistysketjun hallinnan murtamiseen.
Käytännössä tämä tarkoittaa, että hyökkääjä voi saada laitteen suorittamaan omaa koodiaan ennen Applen normaalien allekirjoitus- ja eheystarkistusten valmistumista. Tutkijat osoittivat, että tällä voidaan esimerkiksi käynnistää muokattuja iBoot-kuvia ilman tavanomaisia allekirjoitustarkistuksia.
Haavoittuvuus koskee A12- ja A13-piirejä sekä Apple Watchien S4- ja S5-piirejä. A12X- ja A12Z-piirien tekninen tuki olisi tutkijoiden mukaan mahdollinen, mutta sitä ei ole toteutettu julkaistussa versiossa. A11-sukupolvessa sama hyökkäys ei toimi, koska USB-ajuri palauttaa DMA-osoitteen jokaisen paketin jälkeen. A14- ja uudemmissa piireissä ongelma näyttää puolestaan jäävän hyödyntämättä, koska SecureROM määrittää DART-muistinsuojauksen oikein.
Tomi Engdahl says:
Lily Hay Newman / Wired:
OpenAI unveils an updated GPT-5.5-Cyber model, launches the Patch the Planet initiative in partnership with Trail of Bits to fix open source bugs, and more — Amid concerns about AI models’ cybersecurity capabilities, OpenAI revealed an improved version of GPT-5.5-Cyber and its “Patch the Planet”
OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos
Amid concerns about AI models’ cybersecurity capabilities, OpenAI revealed an improved version of GPT-5.5-Cyber and its “Patch the Planet” initiative to fix open-source software bugs.
https://www.wired.com/story/openai-launches-full-scale-effort-to-patch-open-source-bugs-as-it-takes-on-anthropics-mythos/
Tomi Engdahl says:
Canada’s spy service got a court order to remotely clean #malware-infected devices.
CSIS used its threat reduction powers to neutralize two foreign-run botnets operating through Canadian servers, SOHO routers, cameras, TVs, and other IoT gear.
The ruling stayed secret for more than 2 years.
Read
https://thehackernews.com/2026/06/canadas-spy-agency-used-first-of-its.html
Tomi Engdahl says:
https://cybersecuritynews.com/palo-alto-pan-os-vulnerability/
Tomi Engdahl says:
https://linuxiac.com/microsoft-secure-boot-key-expiration-affects-linux-ecosystem/
Tomi Engdahl says:
https://www.windowslatest.com/2026/06/14/windows-11-kb5094126-issues-include-boot-failures-bsod-bitlocker-recovery-on-some-pcs-hp-onedrive-sync-and-enterprise-apps-broken/
Tomi Engdahl says:
Exploitation requires no user interaction and affects desktops, servers, and IoT devices. More here https://cnews.link/critical-ffmpeg-vulnerability-enables-complete-compromise/
Tomi Engdahl says:
https://www.macrumors.com/2026/06/23/apple-files-leaked-dark-web-cyberattack/?link_source=ta_first_comment&taid=6a3a6c4d5a7a4700012e0a2f&utm_campaign=trueanthem&utm_medium=social&utm_source=facebook&fbclid=IwdGRjcASntudjbGNrBKe24WV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHjpmJ7KPVz3sdJuzCWGbHctxNie2zAdzpTsUF6wCujqzjQZcRsSciLIyj00m_aem_Afi2zNKBdegp4KRmEGpD4w
Tomi Engdahl says:
https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html
Tomi Engdahl says:
https://arstechnica.com/security/2026/06/critical-copilot-vulnerability-allowed-hackers-to-seal-2fa-code-from-users/
Tomi Engdahl says:
https://thehackernews.com/expert-insights/2026/06/why-active-directory-vulnerabilities.html
Tomi Engdahl says:
https://gizmodo.com/the-quantum-threat-to-encryption-is-coming-france-just-set-a-2027-deadline-2000773650
Tomi Engdahl says:
https://www.cyberday.ai/guides/frameworks-in-finland?utm_term=&utm_campaign=nl_Demand+Gen+_guide_+2025&utm_source=adwords&utm_medium=ppc&hsa_acc=7610695024&hsa_cam=23787822604&hsa_grp=198583421729&hsa_ad=806399046405&hsa_src=&hsa_tgt=aud-2439304165333&hsa_kw=&hsa_mt=&hsa_net=adwords&hsa_ver=3&gad_source=1&gad_campaignid=23787822604&gbraid=0AAAAADnQLxNQPfSqw_zgzArjaim_qMesw&gclid=CjwKCAjwxb7RBhA5EiwAQ-AAdHYlhAIzIIa4GGWRS_s6AInUFBfoCWmrv2YkaJ6zy0G1vqZXQ7dLRhoCN3UQAvD_BwE
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities/