Weekly Threat Roundup: MSG Sports Breach & Active Exploits (June 22–28)

This Week at a Glance

The Madison Square Garden Sports data breach of 9.8 million accounts dominates this week, alongside active exploitation of a critical Lantronix EDS5000 flaw. A major Sysco breach (2.7M accounts) and a persistent misconfiguration in CVE-2024-40766 underscore that patching alone is insufficient for security.

Top Vulnerabilities

• CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited: This vulnerability is under active exploitation; prioritize patching immediately. Read full advisory.
• CVE-2024-40766: The patch fixed the bug, but configuration errors remain unaddressed. Attackers are exploiting misconfigurations in systems that were supposedly patched. Read full report.

Data Breaches

• Madison Square Garden Sports: 9.8 million accounts exposed, including email addresses. Full breach report.
• Sysco: 2.7 million accounts compromised in a significant foodservice industry breach. Full breach report.
• American Tower: 217,000 accounts exposed, including email addresses and phone numbers. Full breach report.

Threat Intelligence

No new dark web campaigns or threat actor activity were detailed in this week’s reporting. However, the volume of high-profile breaches suggests credential stuffing and phishing attacks may escalate as stolen data circulates on underground forums.

Key Takeaway

The CVE-2024-40766 incident reveals a critical pattern: patching does not equal security. Organizations must audit configurations post-patch, as attackers are increasingly targeting misconfigurations in supposedly fixed systems. The MSG Sports and Sysco breaches also highlight that email addresses remain a prime target for credential theft and phishing campaigns.