🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
5 JunHackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over SitesThreat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a rem…THEHACKERNEWS.COM
5 JunUS government report slams NIST for NVD backlogA report from the US Commerce department’s inspector general blames the National Institute of Standards and Technology (NIST) for the ever-growing backlog of vulnerabilities for inclusion in the National Vulnerability Database (NVD). But cybersecurity practitioners say that the b…CSOONLINE.COM
5 JunCisco warns of unpatched SD-WAN zero-day exploited in attacksOn Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. [...]BLEEPINGCOMPUTER.COM
5 JunCisco Warns of 7th SD-WAN Zero-Day Exploited in 2026The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunCisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would requ…HELPNETSECURITY.COM
5 JunClaude Code has an MCP security problem — and your developers are already using itClaude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools interact with Jira, Confluence, GitHub, databases and internal APIs. When a dev…CSOONLINE.COM
5 JunThreat Brief: Active Exploitation of PAN-OS CVE-2026-0257We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
5 JunNew HTTP/2 Bomb Attack, Trump's AI Security Reviews, Android Zero-Day & The Patching CrisisA newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms includin…CYBERSECURITYTODAY.LIBSYN.COM
5 JunAI tools becoming hot commodities on ransomware marketplacesSales of AI-based tools is accelerating within underground ransomware marketplaces, lowering the barrier to entry for new actors in the process. An analysis of Telegram channels, 20 dark web forums, and five underground markets by anti-ransomware platform vendor Halcyon found tha…CSOONLINE.COM
5 JunAgentGG: Open-source agentic SAST scannerStatic analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm a fin…HELPNETSECURITY.COM
5 JunThieves can pull off keyless car theft in under a minute and here’s how to stop themA keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough. No broken glass. No alarm. No sound. Most keyless cars remain vulnerable The vulnerability runs across the global ma…HELPNETSECURITY.COM
5 JunNew infosec products of the week: June 5, 2026Here’s a look at the most interesting products from the past week, featuring releases from Asimily, depthfirst, Diligent, Hyland, MazeBolt, and Noma. Asimily turns device risk into automated network policy Asimily has launched Segmentation Orchestration, enabling connected-device…HELPNETSECURITY.COM
5 JunChrome 149 Patches 429 VulnerabilitiesOver 100 bugs are critical or high-severity, mainly use-after-free and insufficient validation of untrusted input flaws. The post Chrome 149 Patches 429 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunAttackers obtained encrypted password vaults from some Dashlane user accountsDashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no evidence that the attackers compromised its internal systems. The company first acknowledged the incident on Ma…HELPNETSECURITY.COM
5 JunBinary Choice Researcher Or Threat ActorMicrosoft stated that uncoordinated vulnerability disclosures, especially those including proof-of-concept exploit code before patches exist, can create real-world risk by enabling attackers to weaponize vulnerabilities faster. The debate reflects a long-standing conflict in cybe…YOUTUBE.COM
5 JunEU unveils tech sovereignty package to cut reliance on US, Chinese suppliersThe package bundles two draft laws — a Chips Act 2.0 and a Cloud and AI Development Act (CADA) — alongside an Open Source Strategy and a roadmap for digitalizing the energy system.THERECORD.MEDIA
5 JunIn Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISAOther noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The post In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA appeared first on Security…SECURITYWEEK.COM
5 JunSeeking Counsel: Ongoing Targeted Campaign Against US Law FirmsWritten by: Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, Tyler McLellan Introduction From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as "Luna Moth," “Chatty Spid…CLOUD.GOOGLE.COM
5 JunNightmare Eclipse incident shows the researcher-vendor fights may never fully go awayWhen a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away appeared first on CyberScoop .CYBERSCOOP.COM
5 JunCisco warns zero-day flaw in SD-WAN is being exploitedThe company cautioned that no current patches are available and the flaw could allow an attacker to conduct command injection attacks.CYBERSECURITYDIVE.COM
5 JunSprawling new House AI bill includes frontier model oversight, open-source security grantsThe legislation has already drawn widespread criticism for its proposal to preempt state AI laws.CYBERSECURITYDIVE.COM
5 JunAndroid Spyware Asin Targets Arabic Users via Fake News, PDF and War Map AppsArabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of disti…THEHACKERNEWS.COM
5 JunOWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in SecondsCVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability. The post OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds appeared first on Sec…SECURITYWEEK.COM
5 JunPatching fast and slow: Ruby devs delay to defend against supply chain attackThe team behind RubyGems, a package hosting site for Ruby developers, has added a new feature to bundler, a tool for managing Ruby packages (or ‘gems’) to protect developers against the recent wave of software supply chain attacks : A cooling-off period before recently updated pa…CSOONLINE.COM
5 JunBuilding secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified PermissionsModern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security that answer critical questions: Who are you? and What are you allowed to do? Implementing …AWS.AMAZON.COM
5 JunCISA: Hackers now exploit SolarWinds Serv-U flaw to crash serversCISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]BLEEPINGCOMPUTER.COM
5 Jun KEVSeven Cisco Zero-Days AlreadyThis discussion covers another actively exploited Cisco SD-WAN vulnerability affecting Cisco Catalyst SD-WAN Manager. According to the clip, this marks the seventh SD-WAN zero-day reported in 2026. Successful exploitation can allow authenticated attackers to execute commands as r…YOUTUBE.COM
5 JunLocal AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587Local AI, Salesforce, Fluttershell, Aspose, http/2 bomb, Passwords, Cisco, Used Tech, Josh Marpet, and More on this episode of the Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-587YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
5 JunJune 2026 Patch Tuesday forecast: Where are the CVEs?My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft’s updates were standard fare, 65 CVEs reported in Windows 11 and 58 in Windows 10. The Microsoft Off…HELPNETSECURITY.COM
📢 SECURITY ADVISORIES 6[−]
5 JunIndustry Reactions to New Trump AI Cybersecurity Executive Order: Feedback FridayExperts commented on the EO’s voluntary nature, the balance between innovation and security, and potential implementation gaps. The post Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunHackers Leak DentaQuest Information Impacting 2.6 MillionThe ShinyHunters extortion group leaked roughly 234 GB of data allegedly stolen from the dental benefits administrator. The post Hackers Leak DentaQuest Information Impacting 2.6 Million appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunMicrosoft Outlook leaves email connections unencrypted despite SSL/TLS settingA server upgrade that introduced stricter email security checks has uncovered what appears to be a long-standing Outlook issue that may have caused some users to retrieve email over unencrypted connections despite having SSL/TLS enabled in their account settings. The discovery wa…CYBERINSIDER.COM
5 JunNorway fines largest electronics retailer $2.1M for client data violationsNorway’s Data Protection Authority (Datatilsynet) has imposed a NOK 20 million (approximately $2.1 million) administrative fine on electronics retail giant Elkjøp for multiple GDPR violations tied to its customer club, targeted marketing activities, and handling of customer priva…CYBERINSIDER.COM
5 JunTrump AI Order Seeks Voluntary Frontier Model TestingThe White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security.DARKREADING.COM
5 JunThe NSA gets an AI upgrade.Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Miasma worm campaign. Researchers document the first AI-driven container escape. A b…THECYBERWIRE.COM
🔥 INCIDENT REPORTING 10[−]
5 JunPCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay NetworkThe threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP …THEHACKERNEWS.COM
5 JunBCD Travel - 396,313 breached accountsIn May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other expos…HAVEIBEENPWNED.COM
5 JunNightclub Giant RCI Says Data Breach Affects 40,000 IndividualsThe company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunAI is helping low-skill hackers pull off advanced cyberattacksAnthropic has published an analysis of cyber-related misuse of its AI systems, examining 832 accounts that were banned for malicious cyber activity between March 2025 and March 2026. The company mapped the observed behavior to the MITRE ATT&CK framework, which documents tact…HELPNETSECURITY.COM
5 JunNSA said to be readying Anthropic’s Mythos for use in cyber operationsThe U.S. eavesdropping agency is reportedly preparing Anthropic's Mythos for use in cyberattacks, despite a federal ban on using the AI model maker.TECHCRUNCH.COM
5 JunGoogle and FBI warn of ransomware group that sends fake IT workers to hack victims in personCybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law firms' offices, where the criminals have stolen data using USB drives or remote access tools.TECHCRUNCH.COM
5 JunMicrosoft identifies seven new ways AI agents can be hackedMicrosoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in its first Taxonomy of Failure Modes in Agentic AI Systems . Four things contributed to the growing list of ways agentic AI can go wrong : the speed at which the…CSOONLINE.COM
5 JunChinese APT deploys new malware to keep access to hacked networksA Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...]BLEEPINGCOMPUTER.COM
5 JunFormer cyber executive turned whistleblower accuses IBM of covering up several data breachesIBM and two of its subsidiary companies were allegedly breached during the mid-2010s, which a lawsuit filed by a former cybersecurity executive accuses IBM of not disclosing and actively covering up.TECHCRUNCH.COM
5 JunExposed Fuel Tank Gauges Under Attack in the USThreat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 12[−]
5 JunThe Evil MSI Background is Back!, (Fri, Jun 5th)A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[ 1 ]. Yesterday, I spotted another one! It seems that the technic is getting more and more popular. This time, it started with a mail containing…ISC.SANS.EDU
5 JunISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 JunFive Eyes: Chinese Spies Target Government, Military Staff With Fake Job OpportunitiesPosing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunPhotos: Infosecurity Europe 2026Infosecurity Europe 2026 is a cybersecurity event that took place from June 2 to 4 in London. Help Net Security was on-site and here’s a closer look at the conference. The featured vendors are: Microsoft, JupiterOne, Menlo Security, Cato Networks, Falkin, Vivida, Pen Test P…HELPNETSECURITY.COM
5 JunAI agent governance gets harder when agents outnumber your peopleIn this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He opens with a real case: a reconciliation agent at a financial services firm had legitimate access to a customer database. A po…HELPNETSECURITY.COM
5 JunMost pros have seen AI hallucinations in IT operationsAutonomous AI is taking action inside enterprise IT environments. Software is restarting services, isolating risky devices, and applying patches without waiting for a human to approve the step. The capability is spreading at the same time IT professionals are reporting frequent e…HELPNETSECURITY.COM
5 JunLet’s Encrypt works toward post-quantum certificates at web scaleLet’s Encrypt plans to pursue a post-quantum-safe Web PKI through Merkle Tree Certificates (MTCs), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. The project is targeting late 2026 for a …HELPNETSECURITY.COM
5 JunAI WormResearchers have prototyped an AI-powered internet worm . The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner’s original 1975 conception of a computer worm tha…SCHNEIER.COM
5 JunNew Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell FrameworkCybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence …THEHACKERNEWS.COM
5 JunAdaptive, Agentic AI Worms Loom as Next Enterprise ThreatAI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say.DARKREADING.COM
5 JunSecuring CI/CD in an agentic world: Claude Code Github action caseMicrosoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for se…MICROSOFT.COM
5 JunIronWorm and New Miasma Worm Variant Hit npm in Supply Chain AttacksMultiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the informat…THEHACKERNEWS.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
5 JunFIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen LoginsSecurity researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least on…THEHACKERNEWS.COM
5 JunOver 900 US gas station tank gauge systems exposed to attacksOver 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. [...]BLEEPINGCOMPUTER.COM
5 JunThe Real Measure of SOC Maturity with Ashu Savani from TryHackMeAshu Savani, Co-Founder of TryHackMe, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss what separates high-performing security teams from the rest. Ashu explores why true SOC maturity is measured by performance under pressure rather tha…THECYBERWIRE.COMHTTPS:
🎙️ PODCASTS 1[−]
5 JunSoap Box: Detection and response in the AI ageIn this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Edward Wu, founder of Dropzone, about what AI is doing to detection, response and the SOC more generally. Dropzone makes AI agents that conduct alert investigations in your SOC, but will the …RISKY.BIZ
📡 INFOSEC NEWS 10[−]
5 JunInfosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development EraOx Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risksINFOSECURITY-MAGAZINE.COM
5 JunInfosecurity Europe: Reactive Security Is Failing Healthcare Organizations, Experts WarnA perfect storm of legacy devices, hyper connectivity and human fatigue is bad news for the healthcare sector, warns Cyber SalusINFOSECURITY-MAGAZINE.COM
5 JunAI: Threat, tool, or both?Public concern about AI is rising. We look at what's driving it, and why cybersecurity occupies a unique place in this debate.MALWAREBYTES.COM
5 JunInfosecurity Europe: OWASP Introduces Agentic AI Security Maturity FrameworkThe OWASP agentic AI security framework helps organizations assess governance maturity vs adoption and adjust governance as neededINFOSECURITY-MAGAZINE.COM
5 JunInfosecurity Europe: Practical Lessons From Lloyds' Agentic AI Security PlaybookLloyds Banking Group shared its approach for securing agentic AI workflows, with a mix of hands on experimentation and cross functional governanceINFOSECURITY-MAGAZINE.COM
5 JunOnly 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to DeliverEighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every l…THEHACKERNEWS.COM
5 JunWhat 2026 DBIR Confirms: Attacks Are Living in the BrowserPhishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. [...]BLEEPINGCOMPUTER.COM
5 JunGot a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5If you've ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a message for you: be very careful. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
5 JunDark web Nemesis Market vendor gets 26 years for selling drugsA California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web marketplaces. [...]BLEEPINGCOMPUTER.COM
5 JunSuspicious Polyfill login prompts pop up on Toshiba, Muji websitesTech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. [...]BLEEPINGCOMPUTER.COM