🚨 CISA KEV 3[−]
10 Jun KEVCVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti SentryOverview On June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendor website is an “in-line gateway that manages, encrypts, and secures traffic between the mobile device…RAPID7.COM
10 Jun KEVCISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 (CVSS score: 7.8)…THEHACKERNEWS.COM
10 Jun KEVCISA tells agencies to patch smarter, not harder — foreshadowing broader industry practiceSecurity teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice. Last year, organizations fully remediate…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 40[−]
10 Jun KEVAI Worms, Hacks, and Insurance ShiftsInstagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, …CYBERSECURITYTODAY.LIBSYN.COM
10 JunCVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlersInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init pathsInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-freeInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on strInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmapInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46301 spi: topcliff-pch: fix use-after-free on unbindInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policyInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loopInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2025-71315 drm/vkms: Convert to DRM's vblank timerInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbindInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46287 net: txgbe: fix RTNL assertion warning when remove moduleInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46299 hfsplus: fix held lock freed on hfsplus_fill_super()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ftInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooksInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sgInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpdInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_keyInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registrationInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46306 flow_dissector: do not dissect PPPoE PFC framesInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_freeInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume sizeInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of serviceInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZEInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"Information published.MSRC.MICROSOFT.COM
10 Jun KEVMicrosoft feud escalates as researcher drops new Windows zero-dayThe long-running feud between Microsoft and security researcher Nightmare Eclipse has entered a new chapter. Eclipse, who has spent the past several months publicly releasing unpatched Windows vulnerabilities while sparring with Microsoft over vulnerability disclosure practices, …CSOONLINE.COM
10 Jun KEVCritical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not known to be actively exploited, security researchers have already released technical de…HELPNETSECURITY.COM
10 JunJune Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do list includes fixes for three zero days, 32 patches rated as ‘critical’, and a batch of other high-risk vulnerabilities that…CSOONLINE.COM
10 JunIvanti, Fortinet, and SAP Release Patches for Multiple Critical VulnerabilitiesFortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSand…THEHACKERNEWS.COM
10 JunUnpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCEA high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS sco…THEHACKERNEWS.COM
10 JunMicrosoft-signed UEFI bootloaders vulnerable to Secure Boot bypassMicrosoft has released security updates to address a Secure Boot bypass vulnerability affecting multiple Microsoft-signed UEFI shim bootloaders used by Linux distributions, recovery tools, and enterprise software. The flaw, tracked as CVE-2026-8863, could allow attackers to execu…CYBERINSIDER.COM
10 JunIvanti patches critical Sentry flaws that lead to full device takeoverIT software provider Ivanti fixed two vulnerabilities in Ivanti Sentry, a secure mobile gateway appliance formerly called MobileIron Sentry. The flaws could allow unauthenticated remote attackers to gain complete control of deployments. One of the vulnerabilities, CVE-2026-10523,…CSOONLINE.COM
10 JunPath traversal flaw in AI dev platform Langflow exploited in attacksAttackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 42[−]
10 JunEnterprises know AI-generated code is vulnerable; they’re shipping it anywayAI-generated code is riddled with security flaws, yet enterprises are shipping more of it than ever before. Why? Perhaps they’re over-confident, lack true visibility into security risks, or are simply choosing to ignore the problem and hope it goes away. It’s a dangerous game to …CSOONLINE.COM
10 JunUK move to filter photos and messages triggers encryption worries for CISOsUK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise securit…CSOONLINE.COM
10 JunHiring Hot Takes from a Three-Time Exit CMO, Mary YangMary Yang has been a CMO in cybersecurity for 6 years, helped 3 companies exit, and now works on a fractional basis with founders and teams she wants to work with. On this CyberCMO Confidential episode, the three of them get into a discussion on hiring. Mary skips the job descrip…THECYBERWIRE.COM
10 JunProduct showcase: Staying ahead of the threat horizon with AunooAunoo is an open strategic intelligence platform that uses AI agents to monitor intelligence sources, including for cybersecurity, to compile a daily briefing and alert on defined criteria. Each source is checked for credibility and quality before it is included. The platform run…HELPNETSECURITY.COM
10 JunScams now operate like real businesses with budgets and targetsSocial media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global Scam Intelligence Report 2026. Fraud campaigns use advertisements, sponsored content, impersonation pages, a…HELPNETSECURITY.COM
10 JunSix Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoSCybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. "In aff…THEHACKERNEWS.COM
10 JunNOVA microhypervisor brings AMD DMA isolation to shared AI infrastructureBlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and mem…HELPNETSECURITY.COM
10 JunMicrosoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated WindowsThe anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who p…THEHACKERNEWS.COM
10 JunRisky Business #841 -- Microsoft gets owned and 0day'dOn this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. They cover: Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them Meanwhil…RISKY.BIZ
10 JunNo Patch Planned for Exploited Arista EOS VulnerabilityOrganizations are advised to apply vendor-supplied mitigations or discontinue the vulnerable devices. The post No Patch Planned for Exploited Arista EOS Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunServiceNow Flaw Exploited to Gain Unauthorized Access to Customer InstancesServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory…THEHACKERNEWS.COM
10 JunMicrosoft Fixes 200 CVEs in June Patch TuesdayMicrosoft has patched 200 vulnerabilities including three zero-daysINFOSECURITY-MAGAZINE.COM
10 JunCritical Vulnerabilities Patched in Fortinet, Ivanti ProductsTwo OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution. The post Critical Vulnerabilities Patched in Fortinet, Ivanti Products appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunAI red teaming comes of ageWhen Ram Shankar Siva Kumar launched Microsoft’s AI red team in 2019, the discipline barely existed. “The running joke used to be that people who used to work in AI red teaming, you can round them up in a 14-foot catamaran,” he tells CSO. At the time, Microsoft’s approach looked …CSOONLINE.COM
10 JunInnovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - BSW #451AI is reshaping innovation as businesses embed it into core operations and move more processes online. This transformation is often seen as a tradeoff between innovation and data risk, but that assumption is wrong. Businesses can innovate and scale in the AI era while maintaining…YOUTUBE.COM
10 JunMicrosoft patches YellowKey, GreenPlasma, MiniPlasma zero-daysOn Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. [...]BLEEPINGCOMPUTER.COM
10 JunServiceNow Patches Vulnerability Exploited Against Some CustomersThe company updated hosted customer instances to patch a security issue it reportedly had known about since April 7. The post ServiceNow Patches Vulnerability Exploited Against Some Customers appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunRubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacksRubrik has unveiled Autonomous Business Recovery (ABR) for Cloud Applications, the agentic cyber resilience solution that recovers cloud applications from data to network, identity and configurations. The end result is a rebuild of an organization’s Minimum Viable Business …HELPNETSECURITY.COM
10 JunF5 adds AI-powered threat detection and API security for on-premises environmentsF5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates are intended to address a threat landscape in which AI models can accelerate the time between vulnerability discovery and …HELPNETSECURITY.COM
10 JunMicrosoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE BugsMicrosoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This i…THEHACKERNEWS.COM
10 JunAutonomous AI agents duped into leaking sensitive data in phishing testAI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was tricked into sharing cloud credentials and customer data with an external attacke…CSOONLINE.COM
10 JunRecord Microsoft Patch Tuesday, fresh zero-dayMicrosoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: …HELPNETSECURITY.COM
10 JunNew Windows Zero-Day Exploit ‘RoguePlanet’ ReleasedExploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. The post New Windows Zero-Day Exploit ‘RoguePlanet’ Released appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunMicrosoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-daysJune 2026 is the largest Patch Tuesday in history, fixing 206 vulnerabilities and three publicly disclosed zero-days.MALWAREBYTES.COM
10 JunAryon Security Raises $29 Million in Series A FundingIn the post-Mythos era, the company’s platform helps organizations enforce security controls across environments. The post Aryon Security Raises $29 Million in Series A Funding appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunMicrosoft ships largest Patch Tuesday on record, with one bug under active attackThe release comes after Microsoft’s security leadership acknowledged last month that AI tools are driving a surge in vulnerability discovery across the industry.THERECORD.MEDIA
10 Jun KEVMicrosoft patches Exchange Server zero-day exploited in attacksMicrosoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]BLEEPINGCOMPUTER.COM
10 JunInfostealers Turn Millions of Devices Into Credential Theft MachinesAs attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations. The post Infostealers Turn Millions of Devices Into Credential Theft Machines appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunAISLE Snapshot keeps source code under enterprise control during vulnerability scanningAISLE has introduced AISLE Snapshot, a new offering that gives regulated and security-sensitive enterprises access to frontier-class vulnerability detection inside their own environments, at a fraction of the cost, with source code and security data that never leave their control…HELPNETSECURITY.COM
10 JunWho Runs the Ransomware Group ‘The Gentlemen?’A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post e…KREBSONSECURITY.COM
10 JunThe Shadow AI ProblemOrganizations are rapidly adopting generative AI tools, but many employees are experimenting with unauthorized platforms outside official IT oversight. Security leaders are now being forced to decide which AI services meet enterprise requirements and which should be blocked. Not …YOUTUBE.COM
10 JunIdentity theft is turning into a chain reaction for victimsFor a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft Resource Center during the reporting period were dealing with multiple identity-related incidents, accor…HELPNETSECURITY.COM
10 JunPatch Tuesday notes: Microsoft fixes a record 200 flaws.Nightmare Eclipse leaks another Windows zero-day. Researchers disclose two critical flaws in AI Chrome extensions. Business news: Cyera closes a $600 million Series G round.THECYBERWIRE.COM
10 JunCISA gives agencies new vulnerability remediation deadlines that take risk levels into accountThe cybersecurity agency says it wants to help network defenders prioritize the fixes that matter the most.CYBERSECURITYDIVE.COM
10 JunCISA directive orders agencies to prioritize vulnerability patching in a new wayA vulnerability that meets all four criteria would need to be fixed within three days, for instance. The post CISA directive orders agencies to prioritize vulnerability patching in a new way appeared first on CyberScoop .CYBERSCOOP.COM
10 JunNightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanetThe disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.DARKREADING.COM
10 JunAutomated Threat Hunting: Turning Threat Intelligence into Executable Hunt PlansBlake McDermott is Senior Threat Hunter at Rapid7. Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intelligence about adversary behaviors, tactics, techniques, and procedures. The challenge is turning that inte…RAPID7.COM
10 JunPhones Hacked Without ClickingNSO Group’s Pegasus spyware is once again tied to attacks involving WhatsApp. Pegasus uses zero-click exploits, meaning targets do not need to click a link or open an attachment for compromise to occur. A successful zero-click exploit against modern smartphones can provide near-t…YOUTUBE.COM
10 JunTurn specs into evals for any agent with ASSERTAdaptive Spec-driven Scoring for Evaluation and Regression Testing (ASSERT) is an open-source framework for converting natural language behavior requirements into executable evaluations of AI models and agents. The post Turn specs into evals for any agent with ASSERT appeared fir…COMMANDLINE.MICROSOFT.COM
10 JunThe patch pile reaches new heights.Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose millions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champi…THECYBERWIRE.COM
10 JunThe ‘Miasma’ worm source code briefly leaked on GitHubThe Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]BLEEPINGCOMPUTER.COM
10 JunToo Vulnerable for the C-Suite?The discussion explores how vulnerability is perceived at executive levels, especially in high-pressure leadership environments like the C-suite. Speakers argue there is a narrow balance between appearing confident and appearing weak. Leadership advice often promotes vulnerabilit…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
10 JunICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix ContactIn addition, Rockwell Automation announced some enhancements to its SecureOT cybersecurity solution for OT. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 4[−]
10 JunCISA, researchers warn of escalating attacks using Cisco Catalyst SD-WAN flawsMultiple vulnerabilities are being chained together to gain additional access to systems.CYBERSECURITYDIVE.COM
10 JunCISA to require federal agencies to patch some cyber vulnerabilities within 3 daysCISA is giving agencies 180 days to adopt the new patching time frame, according to a directive released Wednesday.THERECORD.MEDIA
10 JunCISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday.WIRED.COM
10 JunCISA Rewrites Federal Patching Requirements for AI Threat EraThe new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.DARKREADING.COM
🔥 INCIDENT REPORTING 9[−]
10 JunWeekly Update 507Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite 1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notificati…TROYHUNT.COM
10 JunOver a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data ShowsNearly 26% of identity crime victims faced multiple incidents in the past year, as ITRC warns of a growing "multi-layered crisis"INFOSECURITY-MAGAZINE.COM
10 JunWhy schools remain one of cybercriminals’ favourite targetsSchools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educational instituions as targets all year round. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
10 JunCyberattack shuts down major Australian sugar mills, disrupting harvestAustralia's second-largest sugar producer said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate the attack and restore its systems safely.THERECORD.MEDIA
10 JunUniversity of Nottingham confirms hackers accessed student dataThe University of Nottingham has confirmed to CyberInsider in a statement that it suffered a cyber incident resulting in unauthorized access to data stored in its student record system. The disclosure comes after ShinyHunters listed the university on its leak site, alleging it ha…CYBERINSIDER.COM
10 JunOracle PeopleSoft servers hacked in ShinyHunters data theft attacksOracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]BLEEPINGCOMPUTER.COM
10 JunBug Bounty Research Triggers ServiceNow Security AlertBug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances.DARKREADING.COM
10 JunCybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizationsThe ShinyHunters hacking gang claims to have compromised the Oracle PeopleSoft servers of more than 100 organizations, including many universities.TECHCRUNCH.COM
10 JunUniversity of Nottingham - 454,635 breached accountsIn June 2026, the University of Nottingham was the target of a cyber attack , later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal infor…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 24[−]
10 JunISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
10 JunCyber resilience metrics that drive actionIn this Help Net Security video, Pete Bowers, COO at NormCyber, explains how organizations can build a cyber resilience metrics program that supports better decisions. He questions common ways of measuring resilience, such as risk registers, tool scores, and annual tests, and poi…HELPNETSECURITY.COM
10 JunThe security in smartphones is helping send them to landfillsBillions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these devices still function. The average sma…HELPNETSECURITY.COM
10 JunHow has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)Back in 2023, I wrote a diary[ 1 ] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[ 2 ]), and how they were set. Given that t…ISC.SANS.EDU
10 JunEvery set of AI guardrails can be broken by the right promptCompanies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit drugs. When a user prompts the system for such content, the guardrails are designed to flag the request a…HELPNETSECURITY.COM
10 JunApple extends Private Cloud Compute to third-party data centersApple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in 2024, PCC provides cloud-based processing for AI workloads that exceed the capabilities of on-device model…HELPNETSECURITY.COM
10 JunAnthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requestsDays after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. “Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in ar…HELPNETSECURITY.COM
10 JunSignal and Mullvad warn about the UK’s plans to scan people’s phonesThe encrypted messaging platform Signal and privacy-focused VPN provider Mullvad have sharply criticized a new UK government proposal that would require technology companies to block children from taking, sharing, or viewing nude images on smartphones and tablets. Both companies …CYBERINSIDER.COM
10 JunNSO Group Hacking WhatsApp Despite Court OrderWhatsApp has caught the NSO Group phishing its users, in violation of a court order.SCHNEIER.COM
10 JunAfter AI Reaches Production: 12 Ways Security Teams Can Take ControlSecurity teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. The post After AI Reaches Production: 12 Ways Security Teams Can Take Control appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunBuilding reusable workflows with custom agents in Copilot CLIDevelopers spend much of their working time in the terminal, generating commands, debugging issues, and running scripts close to their systems. Repeated terminal work tends to pile up small steps such as re-running the same commands, re-explaining context, and translating logs in…HELPNETSECURITY.COM
10 JunCritical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data CentersClaroty researchers have analyzed the security of Vertiv UPS network cards and the Trane Tracer SC+ HVAC controller. The post Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunCISO Forum Webinar Today: 2026 Mid-Year ReviewLearn more about protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks. The post CISO Forum Webinar Today: 2026 Mid-Year Review appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunNew Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentialsA new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42. The attack relies on a fake browser window embedded within a…HELPNETSECURITY.COM
10 JunCyera Raises $600 Million at $12 Billion ValuationCyera is positioned as one of the most valuable privately held cybersecurity firms in the world with total funding topping $2 billion. The post Cyera Raises $600 Million at $12 Billion Valuation appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunDrata brings visibility, control and auditability to enterprise AI agentsDrata has introduced AI Agent Governance, a new security category focused on managing the risks and oversight requirements of AI agents, while extending its trust platform to support enterprise adoption of autonomous AI systems. While McKinsey finds 57% of business leaders cite g…HELPNETSECURITY.COM
10 JunNew Intel 471 assessment helps organizations measure CTI program maturityIntel 471 has announced its new Cyber Threat Intelligence (CTI) Maturity Pulse Check, a free, lightweight self-assessment for practitioners based on the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM v1.3). The CTI Maturity Pulse Check offers a quick, structured way…HELPNETSECURITY.COM
10 JunCompanies are failing to keep up with AI’s identity sprawl, creating entry points for hackersThree-quarters of organizations say they aren’t fully overseeing the activities of user accounts belonging to agents and other AI tools.CYBERSECURITYDIVE.COM
10 JunFake Software Tutorials on TikTok Spread Vidar StealerThreat actors push fake free-software tutorials on TikTok and Instagram to spread Vidar stealerINFOSECURITY-MAGAZINE.COM
10 JunChina-linked JDY botnet expands targeting of U.S. military networksThe JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]BLEEPINGCOMPUTER.COM
10 JunChina-Linked JDY Botnet Expands to 1,500+ Devices for Cyber ReconnaissanceCybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlle…THEHACKERNEWS.COM
10 JunNorth Koreans behind nearly half of US tech industry hacks, says CrowdStrikeNorth Koreans hackers posing as remote IT workers and recruiters remain a major threat to U.S., European, and Asian companies, accounting for about half of all attacks over the past 12 months.TECHCRUNCH.COM
10 JunOpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centersThe company says there’s little evidence it influenced any real policy discussion. The post OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers appeared first on CyberScoop .CYBERSCOOP.COM
10 JunMaking the Business Case for Your CTI BudgetThe 2026 SANS Cyber Threat Intelligence Survey confirms that CTI is considered essential at the executive level. Can your CISO see how the CTI program is shaping decisions and measurably reducing risk?INTEL471.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
10 Jun88% of people struggle to tell what’s real onlineAs AI-generated scams, deepfakes, and impersonation spread, a new Malwarebytes report finds people increasingly unsure what to trust online.MALWAREBYTES.COM
10 JunNew SilabRAT Trojan Hijacks Sessions to Steal CryptoMaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal cryptoINFOSECURITY-MAGAZINE.COM
10 JunCybersecurity Software Fails to Detect Fifth of Brower-Based Phishing AttacksMenlo Security research warns that as enterprise applications become increasingly browser based, traditional cybersecurity tools leave them vulnerable to cyber threatsINFOSECURITY-MAGAZINE.COM
10 JunFree Spotify Premium hacks on social media are spreading infostealersCybercriminals are turning TikTok and Instagram Reels into malware delivery platforms, using free software tutorials to spread infostealers.MALWAREBYTES.COM
10 JunDeceptive Installers: How Fake Apps Target macOSDeceptive installers disguised as legit macOS software deliver infostealers that grab passwords, cookies, and crypto wallets. Learn how to detect them.HUNTRESS.COM
🎙️ PODCASTS 2[−]
10 JunSimplifying Security for SMBs with Joe Sykora, CEO from CoroJoe Sykora, CEO of Coro, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss the cybersecurity challenges facing SMBs and the MSPs that support them. Joe explains why fragmented security stacks create unnecessary complexity, how AI is help…THECYBERWIRE.COMHTTPS:
10 JunSmashing Security podcast #471: This AI worm just rewrote its own rulesResearchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new computer it encounters, and hijacks the powerful ones to host its own AI brain. And then the researchers discovered their …GRAHAMCLULEY.COM
📡 INFOSEC NEWS 17[−]
10 JunWeekly Threat Bulletin – June 10th, 2026These are the top threats you should know about this week.F5.COM
10 JunIvanti: Max severity Sentry flaw allows code execution as rootIvanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. [...]BLEEPINGCOMPUTER.COM
10 JunAnthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber SafeguardsOn June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Cla…THEHACKERNEWS.COM
10 JunSoccer Fans, You’re Being WatchedFrom anti-drone tech to face recognition, 2026 World Cup stadiums in the US, Canada, and Mexico are subjecting fans to an array of surveillance tech. Here’s what you need to know.WIRED.COM
10 JunMapping Every Flock License Plate Reader Near US World Cup StadiumsMost US World Cup stadiums are surrounded by surveillance cameras. Want to know if you’re being watched on your way to a match? These maps will help you.WIRED.COM
10 JunAmnesty International Warns That World Cup Fans Face Potential Human Rights ViolationsThe organization claims that the FIFA tournament could have impacts on the rights of local people and visiting soccer fans in all three host countries.WIRED.COM
10 JunYour Automated Pentest Looks Clean. See What It Missed in This Expert WebinarYour pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slow…THEHACKERNEWS.COM
10 JunNew Fable 5 Is a "Mythos-Class" LLM Available to All, Anthropic AnnouncesAnthropic unveils Claude Mythos 5 and Fable 5, a restricted-access frontier AI model and guardrailed version for everyone to useINFOSECURITY-MAGAZINE.COM
10 JunMicrosoft: Some Windows PCs fail to install latest monthly updatesMicrosoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. [...]BLEEPINGCOMPUTER.COM
10 JunServiceNow tells customers a bug left some of their data exposed to the internetServiceNow is used by thousands of enterprises to automate their internal processes, but says several customers had data accessed because of a security bug.TECHCRUNCH.COM
10 JunWrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the USThe ACLU is suing two Florida police departments over the arrest of a Fort Myers man in a child-abduction case, saying officers treated a flawed face-recognition match as a near-certain ID.WIRED.COM
10 JunThe 5 Best Practices for Secure Identity VerificationAttackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security. [...]BLEEPINGCOMPUTER.COM
10 JunCybersecurity researchers aren’t happy about the guardrails on Anthropic’s FableCybersecurity researchers are complaining that Anthropic's new model Fable has guardrails that are too strict for any cybersecurity work.TECHCRUNCH.COM
10 JunGitHub announces npm security changes to tackle supply-chain attacksGitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. [...]BLEEPINGCOMPUTER.COM
10 JunCyera raises $600 million in a Series G round led by Evolution Equity Partners.A Security has emerged from stealth with $37 million in funding.THECYBERWIRE.COM
10 JunTrump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief PickUS lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools.WIRED.COM
10 JunAI Risk Worries Insurers and Businesses AlikeAs companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage?DARKREADING.COM