🐛 COMMON VULNERABILITIES AND EXPOSURES 22[−]
13 JunCVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter valueInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory nameInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() PathInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() FunctionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet HandlingInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC KeysInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-CompletionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen SnapshotInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regexInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-CompletionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escapeInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE HandlerInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged MessagesInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String ConversionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()Information published.MSRC.MICROSOFT.COM
13 JunCVE-2026-9076 Out-of-Bounds Read in CMS Password-Based DecryptionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modesInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42766 Possible NULL Dereference in Password-Based CMS DecryptionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue DecryptionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdateInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34180 Heap Buffer Over-read in ASN.1 Content ParsingInformation published.MSRC.MICROSOFT.COM
13 JunCritical Splunk Enterprise Flaw Lets Attackers Run Code Without AuthenticationSplunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. …THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 7[−]
13 JunWeekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modulesNew Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code (GSoC) p…RAPID7.COM
13 JunThis Sparrow doesn't migrate.Martin Zugec, Technical Solutions Director at Bitdefender, discussing their work on "FamousSparrow APT Targets Azerbaijani Oil and Gas Industry." Bitdefender researchers uncovered a sustained cyber espionage campaign by the China-linked FamousSparrow group targeting an Azerbai…THECYBERWIRE.COM
13 JunShai-Hulud variant compromises dozens of open-source Microsoft packages.Patch Tuesday notes: Microsoft fixes a record 200 flaws. German court holds Google liable for AI-generated claims.THECYBERWIRE.COM
13 JunThe FCC Wants to Kill Burner PhonesPlus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more.WIRED.COM
13 JunYour Replacement Phone Was ManagedA customer reportedly received a refurbished replacement phone that still contained an active Mobile Device Management (MDM) profile. MDM platforms are commonly used by enterprises to remotely manage company-owned devices, enforce policies, disable lost phones, and control access…YOUTUBE.COM
13 JunAnthropic disables new models after government calls them a national security concernThe Commerce Department’s expert control decree led to the company shutting off access to Fable 5 and Mythos 5 worldwide, drawing sharp criticism from researchers and industry analysts. The post Anthropic disables new models after government calls them a national security concern…CYBERSCOOP.COM
13 JunAmazon CEO reportedly raised Anthropic model concerns before government crackdownAmazon CEO Andy Jassy may have been the source of security concerns that led Anthropic to cut off worldwide access to two models on Friday.TECHCRUNCH.COM
📢 SECURITY ADVISORIES 2[−]
13 JunAnthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export ControlsAnthropic takes Fable 5 and Mythos 5 offline to comply with a directive from the Trump administration to prevent use by foreign nationals. The post Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunChinese hackers hijack auth flow, spy on isolated network for a decadeChinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 3[−]
13 JunCyberTitan Champions: Inside Canada's National High School Cybersecurity Competition (and CyberPatriot)Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team ("S-ores"/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They des…CYBERSECURITYTODAY.LIBSYN.COM
13 JunThe FBI built its own replica small town to simulate real-world cyberattacksHidden inside a building in Alabama, the FBI has created its own small town as a dedicated cyber training ground for simulating cyberattacks.TECHCRUNCH.COM
13 JunEx-school district employee jailed for hacks on former employerA former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 1[−]
13 JunNPM 12 Will Change Script Execution Behavior to Prevent Supply Chain AttacksBy default, npm install will no longer execute scripts from dependencies, unless explicitly allowed. The post NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
13 Jun400+ Arch Linux AUR Packages Hijacked to Install Rust Credential StealerAttackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can …THEHACKERNEWS.COM
13 JunOver 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF RootkitAttackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can …THEHACKERNEWS.COM
📡 INFOSEC NEWS 3[−]
13 JunGoogle Sues Chinese Smishing Network Accused of Using Gemini AI in PhishingGoogle on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phish…THEHACKERNEWS.COM
13 JunU.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign NationalsAnthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., ci…THEHACKERNEWS.COM
13 JunUS Gov asks Anthropic to ban 'foreign national' access to Fable, MythosThe US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available …BLEEPINGCOMPUTER.COM