182Articles
9Categories
2026-06-15Date
🚨 CISA KEV 1[−]
15 Jun KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 91[−]
15 JunPalo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN FlawPalo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authenti…THEHACKERNEWS.COM
15 JunChromium: CVE-2026-12012 Use after free  NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12008 Use after free  DigitalCredentialsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12019 Out of bounds write  CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12016 Insufficient validation of untrusted input  DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12015 Use after free  AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12018 Inappropriate implementation  MojoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12007 Use after free  CoreThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12017 Insufficient validation of untrusted input  ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12014 Use after free  CastThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12013 Use after free  MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12010 Heap buffer overflow  GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12009 Insufficient validation of untrusted input  AccessibilityThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12011 Use after free  WebMIDIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunLangflow RCE under active attack months after a patch was shippedEnterprises using the open-source AI orchestration platform Langflow are being urged to patch a high-severity path traversal flaw amid active exploitation, despite a fix having been available for more than two months. The bug, which stems from improper handling of filenames in La…CSOONLINE.COM
15 JunCisco fixes SD-WAN vManage flaw exploited in zero-day attacksCisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. [...]BLEEPINGCOMPUTER.COM
15 JunAI vulnerability discovery is pushing 2026 CVEs toward 66,000Vulnerability disclosures are piling up faster in 2026 than anyone expected at the start of the year. The running count for the first few months sits well above the original projection, and the Forum of Incident Response and Security Teams (FIRST) now expects the year to land nea…HELPNETSECURITY.COM
15 JunChromium: CVE-2026-11628 Use after free in OzoneThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11629 Use after free in OzoneThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11631 Use after free in AuraThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11630 Use after free in File InputThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11632 Use after free in TabStripThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11633 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11634 Use after free in GamepadThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11635 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11639 Use after free in CompositingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11637 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11636 Use after free in AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11638 Use after free in PrintingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11641 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11640 Integer overflow in libyuvThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11642 Use after free in Web AppsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11645 Out of bounds memory access in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11643 Use after free in ProxyThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11644 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11646 Use after free in ViewTransitionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11657 Use after free in PaymentsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11658 Insufficient validation of untrusted input in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab PageThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11661 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11659 Insufficient validation of untrusted input in UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11663 Use after free in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11662 Type Confusion in BindingsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11664 Use after free in PaymentsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11665 Out of bounds read in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11666 Insufficient validation of untrusted input in InputThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11668 Uninitialized Use in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11669 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11667 Out of bounds read in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11670 Use after free in PDFThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11671 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11672 Out of bounds write in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11673 Use after free in InterestGroupsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11675 Insufficient validation of untrusted input in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11674 Use after free in Guest ViewThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11676 Insufficient validation of untrusted input in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11677 Race in NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11678 Integer overflow in libyuvThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11679 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11681 Use after free in OzoneThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11682 Insufficient validation of untrusted input in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11680 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11683 Use after free in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11684 Insufficient policy enforcement in NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11687 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11686 Insufficient validation of untrusted input in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11688 Object lifecycle issue in SVGThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11685 Insufficient data validation in MediaCaptureThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11689 Insufficient validation of untrusted input in PasswordsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11690 Out of bounds read and write in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab PageThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11692 Use after free in Read AnythingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11693 Inappropriate implementation in PluginsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11694 Use after free in ServiceWorkerThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11695 Inappropriate implementation in PasswordsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11696 Uninitialized Use in VideoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11697 Insufficient validation of untrusted input in UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11698 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11699 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11700 Use after free in TracingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11647 Use after free in PrintingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11648 Use after free in FullScreenThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11651 Use after free in NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11649 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11652 Use after free in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11650 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11653 Insufficient validation of untrusted input in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11654 Use after free in CameraCaptureThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11656 Use after free in ServiceWorkerThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11655 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
15 JunAnthropic Models Blocked, FBI Takes Down $1.9B Phishing Network, Critical Splunk Flaw, and moreThe U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk. David Shipley examines what may be behind the decision and what it means for countries and businesses that depend on A…CYBERSECURITYTODAY.LIBSYN.COM
15 JunLiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway ServersA default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model provid…THEHACKERNEWS.COM
15 Jun⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and MoreStuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail…THEHACKERNEWS.COM
15 JunSniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser AlertsCybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake of…THEHACKERNEWS.COM
15 JunThe US government’s Anthropic models ban was never about an AI jailbreakThe Trump administration's decision that forced Anthropic to pull its latest cybersecurity models could be reactionary, retaliatory, or both, but the message is clear: The AI industry isn't immune from U.S. government interference.TECHCRUNCH.COM
15 JunMaine forced to take down data breach portal after fake notices filed with authoritiesThe US state of Maine has taken its public data breach notification portal offline after someone submitted fraudulent breach disclosures impersonating two well-known technology companies. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
15 JunJune 2026 Stealer Logs - 56,278,397 breached accountsIn June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to Pwned Passwor…HAVEIBEENPWNED.COM
15 JunBerkadia - 305,216 breached accountsIn March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as w…HAVEIBEENPWNED.COM
15 JunAttackers can turn AI agent guardrails into denial-of-service weaponsAttackers can turn AI agent guardrails into denial-of-service weapons, according to new research that found a single poisoned document can dramatically slow shared AI agent workflows by trapping reasoning-based safety systems in extended thinking loops. “Reasoning-based guardrail…CSOONLINE.COM
15 JunGoverning the ghost workforceEvery enterprise security team is fighting a workforce problem they cannot see on any org chart. Bots, service accounts, API keys, OAuth tokens, machine certificates — non-human identities now outnumber human ones in most large organisations, often by a factor of ten to one. They…CSOONLINE.COM
15 JunSovereign cloud won’t fix your AI risk. Identity governance willYour board is asking. Your legal team is asking. Your auditors will be asking: Should AI workloads move to sovereign cloud, or stay on AWS, Azure or GCP? European enterprises have already run this experiment — under real regulatory pressure, with real money and real consequences.…CSOONLINE.COM
15 Jun5 runtime signals for catching a compromised AI agentIn June 2025, Simon Willison, the engineer who coined the term “prompt injection,” published a warning that circulated widely through the security community. He called it the lethal trifecta — three capabilities that, when combined in a single AI agent, create a near-guaranteed p…CSOONLINE.COM
15 JunAI Agents Break Data PerimetersThe discussion highlights a shift in security architecture driven by agentic AI systems. Instead of traditional network perimeters, the focus is moving toward data-centric security, including lineage, contextualization, and data security posture management (DSPM). As AI agents in…YOUTUBE.COM
15 JunSafe AI at scale, what happens after initial access, and the weekly enterprise news - ESW #463Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That’s the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than j…YOUTUBE.COM
15 JunPublic and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense ResearchWritten by: Patrick Whitsell, John McGuiness Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical, and military …CLOUD.GOOGLE.COM
15 JunCyberattack on Russian tech firm Astral disrupts business, government services for weekAccording to customer complaints, the disruption affected a range of services used by businesses, leading to interruptions in cash register operations, difficulties selling certain regulated goods, loss of access to customer portals and corporate email and problems with electroni…THERECORD.MEDIA
15 JunAnthropic says US government forced it to disable cybersecurity AI modelsAccording to the company, the directive cited national security authorities. It appears to be the first time such authorities have been used to curtail the export of AI models rather than chips or hardware.THERECORD.MEDIA
15 JunGoogle exposes China espionage group that’s been lurking in networks undetected since 2023The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to intercept research and steal data with national security implications. The post Google exposes China espionage group that’s been lurking in networks undetecte…CYBERSCOOP.COM
15 JunMS-ISAC enters uncertain new era after losing federal funding and thousands of membersThe information-sharing group, a vital resource for state and local governments, has cut staff and pinned its hopes on a membership surge.CYBERSECURITYDIVE.COM
15 JunSimpleHelp bug lets hackers create rogue remote support accountsA vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. [...]BLEEPINGCOMPUTER.COM
15 JunNew attack turned Microsoft 365 Copilot into 1-click data theft toolA critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]BLEEPINGCOMPUTER.COM
15 JunInfinite Campus data breach affects 137,000 school staff accountsThe ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...]BLEEPINGCOMPUTER.COM
15 JunChinese hackers breached North American research institutions via REDCap serversA China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent access and collect sensitive information, Google’s Threat Intelligence Group (GTIG) researchers found. …HELPNETSECURITY.COM
15 Jun1Password Credential Broker reduces secret sprawl through identity-based credential delivery1Password has announced 1Password Credential Broker, a new product that securely brokers credentials, tokens, and federated access from 1Password to trusted requesters. The 1Password Credential Broker is available in private beta today, with support for GitHub Actions and a roadm…HELPNETSECURITY.COM
15 JunPhishLumos: Exposing phishing campaigns that evade detection by hiding contentPhishing remains one of the most stubbornly persistent threats in cybersecurity: humans are tired, distracted, trusting, and susceptible to urgency and authority in ways that no amount of awareness training can completely overcome. The security community has largely accepted this…HELPNETSECURITY.COM
15 JunNIS2 is raising the bar. Here’s how to turn readiness into resilience.The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope of who may be covered, raises expectations around management body accountability, introduces cleare…RAPID7.COM
15 JunDoes Your Security Programme Align With NIS2 Requirements?If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors than its predecessor, the original NIS Directive (Directive (EU) 2016/1148), and it comes with real …RAPID7.COM
15 JunBeyond the Score: Using AI to Translate CVEs into Real-World Business RiskSecurity leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might receive a report listing hundreds or even thousands of vulnerabilities, most of them accompanied by CVS…RAPID7.COM
📢 SECURITY ADVISORIES 5[−]
15 JunPopular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on SitesAn attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under…THEHACKERNEWS.COM
15 JunCybersecurity Experts Urge US to Lift Ban on Anthropic's Frontier AI ModelsAccess to two Anthropic large language models, Mythos 5 and Fable 5, has effectively been banned to any non-US nationals by the Trump administrationINFOSECURITY-MAGAZINE.COM
15 JunSupply-chain attack hits OptinMonster plugin used in 1.2 million WordPress sitesA supply-chain attack targeting the WordPress plugins OptinMonster, TrustPulse, and PushEngage exposed more than 1.2 million websites to potential compromise after attackers injected malicious JavaScript into files distributed through official CDN infrastructure. The malware crea…CYBERINSIDER.COM
15 JunTrust3 AI’s AgentDOS monitors AI agent activity, data access, and token consumptionTrust3 AI has announced AgentDOS, an enterprise control plane that provides visibility into AI agents, including real-time token consumption monitoring across platforms such as Databricks Agent Bricks and Microsoft Copilot Studio. As enterprises rapidly scale AI adoption, a new c…HELPNETSECURITY.COM
15 JunOmada Agent Governance helps organizations manage AI agent access, risk, and complianceOmada has announced Omada Agent Governance, a new solution designed to help organizations bring the same governance discipline to AI agents and non-human identities that they already apply to people. AI agents are rapidly becoming a new class of digital actor inside enterprises. …HELPNETSECURITY.COM
🔥 INCIDENT REPORTING 21[−]
15 JunWeekly Update 508Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Light switches. How on earth is it so hard to find decent light switches?! It sounds ridiculous until you actually spend enough time lo…TROYHUNT.COM
15 JunOne-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA CodesA single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Be…THEHACKERNEWS.COM
15 JunInfinite Campus - 137,123 breached accountsIn March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone number…HAVEIBEENPWNED.COM
15 JunAnthropic suspends Fable and Mythos over US national security concerns.US state attorneys general open an investigation into OpenAI. Maine takes its breach reporting database offline.THECYBERWIRE.COM
15 JunMaine closes data breach portal to the public after fake reportsMaine is still allowing companies to report breaches, but won’t make the portal easily available to the public until after it completes an audit of its procedures to stop such incidents, according to a press release from the Maine attorney general’s office.THERECORD.MEDIA
15 JunAdriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security RisksHow the Anubis ransomware group stole and leaked an Italian Adriatic port authority's dataINFOSECURITY-MAGAZINE.COM
15 JunMaine Takes Breach Reporting Portal Offline After Fake EntriesThe Office of the Maine Attorney General has suspended its breach reporting portalINFOSECURITY-MAGAZINE.COM
15 Jun15th June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 15th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Nottingham, a UK research university, has suffered a data breach after ShinyHunters accessed its student records sy…RESEARCH.CHECKPOINT.COM
15 JunAkira ransomware spotted using LimeWire service for data theftAn Akira ransomware affiliate used Easyupload.io, a file-sharing service operated by LimeWire, to exfiltrate stolen data during a recent attack. The incident was detected on May 29 after Huntress' SOC identified unauthorized remote access to a domain controller. Although the init…CYBERINSIDER.COM
15 JunOptinMonster WordPress plugin hacked in CDN supply-chain attackWordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). [...]BLEEPINGCOMPUTER.COM
15 JunCouncil of Europe investigates ShinyHunters data breach claimsThe Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...]BLEEPINGCOMPUTER.COM
15 JunChinese hackers breach REDCap servers, steal medical researchA China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. [...]BLEEPINGCOMPUTER.COM
15 JunRansomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar ProducerMackay Sugar was targeted in a cyberattack carried out by a threat group known as The Gentlemen. The post Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunUkrainian Man Pleads Guilty in US to Conti Ransomware ChargesOleksii Oleksiyovych Lytvynenko admitted to working on the development of a loader for the Conti gang. The post Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunOzempic Maker Novo Nordisk Says Hackers Breached IT SystemsThe pharmaceutical giant says the attackers gained access to personal data stored on the compromised systems. The post Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunFrench Government Messaging Platform Breached by Mysterious ‘Misere’ HackerFrench officials say roughly 73,000 government accounts were affected, while the threat actor claims to have stolen messages and user data from the sovereign Tchap platform. The post French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker appeared first on Sec…SECURITYWEEK.COM
15 JunMaine Disables Data Breach Portal Due to Fake SubmissionsSomeone posted fake VRChat and Discord data breach reports on the system, prompting the Maine AG to take action. The post Maine Disables Data Breach Portal Due to Fake Submissions appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunChina-Nexus Actor Spy on US Researchers Undetected for a YearGoogle discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions and exfiltrate sensitive data.DARKREADING.COM
15 JunThe Beginning of the End of Social EngineeringAI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.DARKREADING.COM
15 JunUkrainian national pleads guilty in connection with Conti ransomwareA Ukrainian national pleaded guilty to conspiracy to commit wire fraud in connection with the deployment of Conti ransomware, which targeted more than 1,000 victims worldwide. According to the U.S. Department of Justice, 44-year-old Oleksii Oleksiyovych Lytvynenko joined the Cont…HELPNETSECURITY.COM
15 JunInside the Modern SOC: The 72-Minute RaceAttackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The 72-Minute Race appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
🕵️ THREAT INTELLIGENCE 15[−]
15 JunThe FCC Wants to Eliminate Burner PhonesA proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information about essentially all phone customers, including a gover…SCHNEIER.COM
15 JunEvil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: " The Evil MSI Background is Back! ". ISC.SANS.EDU
15 JunISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 JunPost Quantum Rollouts Break SystemsReadiness for post-quantum cryptography is uneven, with estimates suggesting a large portion of client software is prepared while only a small fraction of enterprise and server systems are ready. Concerns around deployment include system incompatibility, unreachable environments,…YOUTUBE.COM
15 JunCybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threatDozens of practitioners said the decision to place export controls on the foreign use of Fable are misguided, and recent jailbreak reports don’t show the model providing unique hacking capabilities. The post Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique …CYBERSCOOP.COM
15 JunChina-nexus group linked to multiyear campaign targeting US, Canadian medical researchA report from Google links a sophisticated espionage effort targeting information about viruses, AI and military information.CYBERSECURITYDIVE.COM
15 JunCybersecurity experts blast US government for restricting Anthropic’s AI modelsChief information security officers and prominent researchers called a recent export-control ban “dangerous.”CYBERSECURITYDIVE.COM
15 JunChinese Hackers Target Medical, Military, and AI Research in North AmericaGoogle’s Threat Intelligence Group has been tracking the cyberespionage group as UNC6508 since early 2025. The post Chinese Hackers Target Medical, Military, and AI Research in North America appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunNewCore Emerges From Stealth Mode With $66 Million in FundingThe startup has built a security-first identity platform to protect humans, machines, and AI agents. The post NewCore Emerges From Stealth Mode With $66 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunShinyHunters Claims Council of Europe HackThe extortion group threatens to leak 297 GB of data allegedly stolen from the Council of Europe, including employee personal information. The post ShinyHunters Claims Council of Europe Hack appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunFBI, Google Dismantle ‘Outsider Enterprise’ Phishing ServiceThe platform used more than 9,000 phishing sites, stealing nearly 4 million credit cards and causing roughly $1.9 billion in losses. The post FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunChina-linked spies backdoored authentication stack to stay hidden for yearsA China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the results of a forensic investigation published by cybersecurity firm Sygnia. The group’s defining ch…HELPNETSECURITY.COM
15 JunDelinea and Cyera integrate for data-aware identity securityDelinea and Cyera announced a product integration that connects privileged access to sensitive data exposure, automatically correlating identities with the data they can access. Together, Delinea and Cyera help security teams identify, prioritize, and remediate the highest-risk a…HELPNETSECURITY.COM
15 JunRed Sift, GMO GlobalSign partnership simplifies email authentication and BIMI adoptionRed Sift has announced a partnership with GMO GlobalSign to provide organizations with a direct path from email authentication to verified brand visibility in the inbox. Red Sift OnDMARC is now available through GMO GlobalSign, enabling secure outbound email protection and the ac…HELPNETSECURITY.COM
15 JunMicrosoft Defender email security benchmarking: Key insights from one year of dataSee how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. The post Microsoft Defender email security benchmarking: Key insights from one year of data appeared first on Microsoft Security Blog .MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
15 JunInside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious softwareWe found EtherRAT malware being distributed by a website with a strange homepage. Following the trail, we discovered a vast network of malicious infrastructures, distributing malware, malicious documents, remote desktop software, and phishing pages.MALWAREBYTES.COM
15 JunA week in security (June 8 – June 14)A list of topics we covered in the week of June 8 to June 14 of 2026MALWAREBYTES.COM
15 JunAttackers Hijack Popular WordPress Plugins to Deploy BackdoorsTampered OptinMonster and sister plugins plant hidden backdoors on 1.2 million WordPress sitesINFOSECURITY-MAGAZINE.COM
🎙️ PODCASTS 1[−]
15 JunDeepfake porn sites are going offline (re-air) (Lock and Code S07E12)This week on the Lock and Code podcast, we revisit an episode from 2024 with David Chiu that shows the progress made against deepfake porn.MALWAREBYTES.COM
📡 INFOSEC NEWS 17[−]
15 JunThe Onboarding Password Mistake That Creates Unnecessary RiskEmployee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The iss…THEHACKERNEWS.COM
15 Jun152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake TrafficCybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: ta…THEHACKERNEWS.COM
15 JunCybersecurity vets protest ‘dangerous’ US government ban on Anthropic’s most powerful modelsA group made up of dozens of cybersecurity experts urged the White House to remove export-control restrictions on Anthropic’s Fable and Mythos models, arguing that the order is going to limit the ability of cybersecurity defenders to secure their software and products.TECHCRUNCH.COM
15 JunAs AI agents become employees, NewCore emerges with $66M to give them identitiesNewCore argues the next challenge in enterprise security will be managing AI agents, not people.TECHCRUNCH.COM
15 JunClaude Fable 5 and Mythos 5 “abruptly disabled” after US gov. banAnthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse.MALWAREBYTES.COM
15 JunThe fable ends before it begins.Anthropic pulls Fable 5. OpenAI faces a multistate probe. Handala targets a California water utility. ShinyHunters claims another victim. The FBI and Google take down a major phishing platform. The latest cybersecurity business news. Our guest is Bogdan Botezatu, Senior Director,…THECYBERWIRE.COM
15 JunFinland brings charges against cargo ship officers for cutting submarine cablesAccording to the deputy prosecutor general, the ship’s officers have now been charged with “having damaged two subsea telecommunications cables and of having attempted to damage a total of eight other subsea connections.”THERECORD.MEDIA
15 JunMeta Tapped a Pentagon Supplier to Prototype Face Recognition for Its GlassesRank One, whose board includes a former CIA deputy director and a former FBI science chief, supplied face recognition to Meta for internal development of its smart glasses app.WIRED.COM
15 JunUK Government Finds 400+ Vulnerabilities in AI HackathonsGovernment departments find hundreds of vulnerabilities after testing frontier modelsINFOSECURITY-MAGAZINE.COM
15 JunDOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN ActThe U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN A…BLEEPINGCOMPUTER.COM
15 JunFBI: Fraudsters use couriers to steal money in crypto scamsThe U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. [...]BLEEPINGCOMPUTER.COM
15 JunVibe coders are gonna vibe code: How CISOs are tackling code sprawlEmployees are increasingly building automations, agents, and apps with AI tools outside traditional security oversight. Tines explores how CISOs are handling AI-driven code sprawl, shadow tooling, and governance challenges. [...]BLEEPINGCOMPUTER.COM
15 JunWebinar: How behavioral AI stops phishing and account takeoversModern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and acce…BLEEPINGCOMPUTER.COM
15 JunCopilot 'SearchLeak' Attack Allows 1-Click Data TheftThe critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.DARKREADING.COM
15 JunMost CISOs Report Pressure to Bury Bad Security NewsExecutive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures.DARKREADING.COM
15 JunUS Cracks Down on Anthropic AI Models Amid Abuse ConcernsAnthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the technology.DARKREADING.COM