🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
7 JunCVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mimeInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,Information published.MSRC.MICROSOFT.COM
7 JunCVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflowInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of serviceInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directoryInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textprotoInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509Information published.MSRC.MICROSOFT.COM
7 JunCVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code executionInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.Information published.MSRC.MICROSOFT.COM
7 JunCVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removalInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entitiesInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()Information published.MSRC.MICROSOFT.COM
7 JunCVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directoryInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
7 JunBaker Distributing - 102,935 breached accountsIn May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site . In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure…HAVEIBEENPWNED.COM
7 JunWeek in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecastHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Agent Memory Guard is an open-source runtime defense layer that sits between an agent and its …HELPNETSECURITY.COM
7 JunEmphere Raises $2.1 Million for AI-Powered Vulnerability RemediationEmphere’s solution delivers AI-driven remediation to software companies to speed up releases. The post Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation appeared first on SecurityWeek .SECURITYWEEK.COM
7 JunHands on with Intelligent Terminal, an AI-powered Windows TerminalMicrosoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regular session. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 1[−]
7 JunSpoofing ships, jamming drones: how GPS manipulation confuses and compromises.GPS constellations have become foundational in modern society supporting everything from navigation to financial services, making the impacts of GPS disruptions all the more concerning. As reliance on these systems have grown, so too have efforts by threat actors to disrupt them …THECYBERWIRE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
7 JunC0XMO botnet spreads via DD-WRT router flaw, kills rival malwareA new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. [...]BLEEPINGCOMPUTER.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
7 JunInside modern GPS attacks.This week on T-Minus: Space-Cyber Briefing: we dive into two of the most common ways actors target GPS signals. Whether it be through jamming or spoofing attacks, actors are increasingly utilizing these vectors to disrupt communications, sow confusion, and engage more effectively…THECYBERWIRE.COM
📡 INFOSEC NEWS 1[−]
7 JunSilent Ransom Group targets law firms with fake IT support callsThe Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...]BLEEPINGCOMPUTER.COM