5 PM Tech News Recap for June 24, 2026: Operation Endgame, OpenAI Jalapeño, Microsoft Datacenters, CISA KEV, Cisco, And CI/CD Risk

June 24, 2026
 |  No Comments
Jennifer presenting The IT Guys 5 PM Tech Recap for June 24, 2026 in a realistic technology newsroom

Published by Jennifer Hudsen for The IT Guys at the June 24, 2026 5 PM recap window. Today’s roundup focuses on practical technology news for home users, small businesses, and anyone responsible for computers, networks, cloud accounts, websites, software projects, and vendor risk.

Listen to the quick recap:

What Matters Today

June 24 brought a useful mix of good news and caution flags. On the good side, law enforcement and private partners disrupted major infostealer infrastructure, OpenAI and Broadcom announced a custom AI inference processor aimed at lowering AI serving cost, and Microsoft published more detail on reducing water intensity in datacenters as AI demand grows. On the bad side, CISA’s active-exploitation catalog is still pointing at network gear that small organizations actually use, Cisco Unified Communications Manager exploitation is being reported after public proof-of-concept activity, and a new CI/CD research report shows how fragile software supply chains can be when automation trusts the wrong input.

The practical theme is simple: useful technology keeps getting faster, but the systems underneath it need better maintenance. That means patching edge devices, locking down build automation, watching for stolen credentials, and asking hard questions about cloud and AI infrastructure instead of treating it as magic.

1. Operation Endgame Disrupted Amadey, StealC, And SocGholish Infrastructure

Europol announced a coordinated cyber strike against the SocGholish, Amadey, and StealC malware ecosystems. The Europol release says authorities and private-sector partners took action against 326 servers and 142 domains, identified and restricted more than EUR 41 million in criminal cryptocurrency assets, and recovered about 27 million stolen login credentials. The Hacker News and BleepingComputer both reported the same core numbers today.

This is good news because infostealers are a common starting point for bigger compromises. A stolen browser password, session cookie, VPN login, or email account can become invoice fraud, ransomware, data theft, or business email compromise. Disrupting the infrastructure raises the cost for criminals and may help notify victims whose credentials were recovered.

Customer impact: do not assume a takedown means the danger is gone. If a home or business computer has been infected, passwords may already be in criminal databases. Change passwords from a clean device, prioritize email, banking, payroll, Microsoft 365, Google Workspace, remote access, and password manager accounts, and enable multi-factor authentication where possible. Small businesses should also review sign-in logs for impossible travel, suspicious OAuth apps, and unexpected forwarding rules.

2. OpenAI And Broadcom Announced Jalapeño, A Custom AI Inference Chip

OpenAI and Broadcom announced Jalapeño, OpenAI’s first custom “Intelligence Processor” for large language model inference. OpenAI says engineering samples are already running machine-learning workloads in the lab at target frequency and power, including GPT-5.3-Codex-Spark, with initial deployment planned by the end of 2026. The announcement frames the chip as part of a multi-generation compute platform with Broadcom, Celestica, Microsoft, and other datacenter partners.

For most customers, the useful part is not the chip name. It is the direction of travel. Inference is the day-to-day cost of answering prompts, running coding agents, analyzing documents, summarizing calls, and powering customer-service tools. If custom hardware improves performance per watt and reduces bottlenecks, AI tools may become faster, more reliable, and less expensive over time.

Small-business takeaway: do not buy or rebuild workflows around one vendor announcement. Treat this as a sign that AI infrastructure is becoming more specialized. When evaluating AI tools, ask about data handling, admin controls, export options, user management, uptime, and total cost. Hardware progress is useful only if the service built on top of it is reliable and manageable for your business.

3. Microsoft Says Its AI Datacenter Designs Are Cutting Water Intensity

Microsoft published a June 24 update on its two-decade push to reduce datacenter water intensity while cloud and AI demand keeps growing. The official Microsoft blog says the company replenished more water than it withdrew across global operations in FY25 and describes newer AI datacenter designs that use closed-loop, direct-to-chip cooling with zero water evaporation during operations. Microsoft also says about 90% of its 2025 owned fleet operates with highly efficient low- to zero-water cooling systems, and that Phoenix datacenter optimizations improved water-use effectiveness by 23% year over year in FY25.

This is good progress, but it does not erase the broader concern. AI demand is increasing quickly, and communities near datacenters care about water, power, utility upgrades, land use, and transparency. Better cooling design matters because customers are moving more work into cloud systems, and those systems still depend on physical infrastructure somewhere.

The IT Guys takeaway: businesses should include resilience and sustainability questions in cloud vendor reviews. Ask where critical services are hosted, how backups and failover work, what happens during regional outages, and whether vendors publish credible environmental and operational reporting. For local systems, keep using practical basics: energy-efficient equipment, right-sized servers, scheduled shutdowns where appropriate, and cloud backups that are tested instead of merely purchased.

4. CISA’s Active-Exploitation Catalog Still Points At Small-Business Network Gear

CISA’s Known Exploited Vulnerabilities feed added four June 23 entries with June 26 federal remediation due dates: CVE-2025-67038 in Lantronix EDS5000 and CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 in Ubiquiti UniFi OS. CISA’s descriptions identify the Lantronix issue as command injection with root privileges, and the UniFi OS issues as improper access control, path traversal, and command injection risks. BleepingComputer reported today that CISA is warning of active exploitation affecting Ubiquiti UniFi OS and Lantronix serial-to-ethernet servers, while The Hacker News highlighted the critical Lantronix flaw.

UniFi equipment is common in small offices, home offices, churches, restaurants, clinics, shops, and local service businesses. Lantronix gear is more specialized, but it can sit in important places such as industrial, building-control, and serial-console environments. When management infrastructure is exploited, attackers may get a strong position inside the network.

Action item: update UniFi OS and any exposed network management systems now. Confirm that UniFi consoles, gateways, NVRs, cloud keys, and self-hosted controllers are not directly exposed to the public internet unless there is a documented, protected reason. If you have Lantronix EDS5000 or similar industrial/serial equipment, patch it, restrict access, and segment it away from normal office devices.

5. Cisco Unified CM Exploitation Shows Why Voice Systems Need Patch Discipline

Cisco’s advisory for CVE-2026-20230 describes a server-side request forgery vulnerability in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco lists the issue as critical, says there are no workarounds, and says successful exploitation could let an unauthenticated remote attacker write files to the underlying operating system that could later be used to elevate to root. The Hacker News reported today that threat actors have begun exploiting the flaw after proof-of-concept details became public.

Phone systems are easy to forget because they are not always treated like normal servers. That is a mistake. Modern voice platforms can touch directories, voicemail, call records, contact centers, emergency routing, remote phones, and internal network segments. If a phone system is exposed or unpatched, it can become a bridge into more sensitive systems.

Practical advice: organizations running Cisco Unified CM should verify version status, apply Cisco’s fixed releases, and restrict management and application interfaces to trusted networks. For any PBX or VoIP system, keep an asset record, limit admin access, require strong MFA where supported, and monitor for unusual outbound connections, new files, or unexpected admin activity.

6. Cordyceps Research Highlights CI/CD Supply-Chain Risk

Novee Security published research on a class of CI/CD workflow weaknesses it calls Cordyceps. The company says it found exploitable GitHub Actions patterns involving command injection, broken authentication logic, artifact poisoning, and privilege escalation. The Hacker News reported today that Novee’s scan of about 30,000 high-impact repositories found more than 300 fully exploitable cases, and Dark Reading reported that vendors including Microsoft, Google, Cloudflare, Apache, and the Python Software Foundation were part of the disclosure and hardening story.

This is not just a developer problem. Many businesses now depend on automated build pipelines to deploy websites, apps, integrations, reports, and internal tools. If a workflow accepts untrusted pull request data and then runs with privileged tokens, the automation can become the attack path.

Developer checklist: review workflows that use privileged triggers, write permissions, release tokens, cloud credentials, package publishing, or generated artifacts from pull requests. Separate untrusted code testing from trusted deployment. Pin actions where practical, minimize token permissions, protect environments, require reviews before publishing, and make sure logs do not leak secrets.

Bottom Line For Home Users And Small Businesses

  • Patch edge and management gear first: UniFi, Lantronix, Cisco voice systems, firewalls, VPNs, routers, and remote-management tools deserve priority because they sit close to everything else.
  • Assume stolen credentials circulate fast: after infostealer disruptions, change important passwords from a clean device and turn on MFA rather than waiting for a breach notice.
  • Review automation with secrets: GitHub Actions and similar systems should not let untrusted code touch deployment tokens, package publishing, or cloud credentials.
  • Ask better AI vendor questions: new chips and datacenter designs are promising, but business buyers still need privacy, admin controls, retention settings, export paths, and support clarity.
  • Cloud is physical: AI and cloud services depend on datacenters, power, water, cooling, and regional resilience. Plan backups and failover accordingly.

If you need help checking UniFi updates, reviewing exposed remote access, cleaning up Microsoft 365 sign-in risk, or auditing a small-business GitHub workflow, The IT Guys can help turn today’s headlines into a practical punch list.

Sources

AI, AI News, Android, Cybersecurity, Podcasts, Security, Small Business IT, Tech News, Technology News
 |  Tags: , , , , , , , , , , , , , skt-it-consultant