1. Microsoft released a record number of security patches for June 2026 including fixes for YellowKey and GreenPlasma zero day vulnerabilities (https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-yellowkey-greenplasma-miniplasma-zero-days/)
2. A new Microsoft Defender zero day exploit named RoguePlanet was released by a researcher granting SYSTEM privileges on updated Windows systems (https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/)
3. ServiceNow confirmed that threat actors exploited a flaw to gain unauthorized access to customer instances (https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html)
4. Ivanti patched a critical pre auth OS command injection vulnerability CVE 2026 10520 in its Sentry mobile gateway allowing root level code execution (https://www.bleepingcomputer.com/news/security/new-max-severity-ivanti-sentry-flaw-allows-code-execution-as-root/)
5. Six vulnerabilities in protobuf.js were identified exposing Node.js applications to remote code execution and denial of service attacks (https://thehackernews.com/2026/06/six-proto6-vulnerabilities-in.html)
6. Malware was discovered in the official WooCommerce Kiosko theme for WordPress which creates hidden admin users and corrupts sitemaps (https://www.reddit.com/r/Malware/comments/1u1x4qj/wordpress_malware_in_official_woocommerce_theme/)
7. DPRK linked actors are using backdoors distributed via the VS Code Marketplace to target technology firms (https://www.reddit.com/r/Malware/comments/1u1gfav/inside_the_dprklinked_backdoor_loitering_in_the/)
8. A ransomware attack forced an Illinois high school to suspend operations until Wednesday (https://www.reddit.com/r/cybersecurity/comments/1u13281/ransomware_attack_shuts_illinois_high_school/)
9. Researchers reported that a proof of concept AI worm successfully spread to 62 percent of a test network within seven days (https://www.reddit.com/r/cybersecurity/comments/1u17y7b/university_of_toronto_proofofconcept_ai_worm/)
10. Source code for the Miasma supply chain attack toolkit was leaked on GitHub (https://www.reddit.com/r/cybersecurity/comments/1u152zy/someone_actually_leaked_the_miasma_supply_chain/)
11. Unit 42 researchers warned of ongoing abuse of cloud logging services for defense evasion and visibility manipulation (https://unit42.paloaltonetworks.com/cloud-logging-defense-evasion/)
12. UK authorities weakened proposed cybersecurity protections for telecoms networks following industry lobbying (https://therecord.media/uk-weakens-telecoms-defenses-after-industry-lobbying)
Be First to Comment