2026-06-10: Microsoft patches 206 vulnerabilities in the largest Patch Tuesday on record

2026-06-10: Microsoft patches 206 vulnerabilities in the largest Patch Tuesday on record

SHOW NOTES - 2026-06-10 STORIES COVERED * Today: * Veeam Backup & Replication RCE (CVE-2026-44963) [https://www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/] [Critical Alerts] * Cisco SD-WAN Zero-Day (CVE-2026-20245) [https://cyberscoop.com/cisco-sdwan-zero-day-vulnerability-exploited-cve202620245/] [Critical Alerts] * Check Point VPN RCE (CVE-2026-50751) [https://databreaches.net/2026/06/09/cisa-gives-feds-3-days-to-patch-check-point-vpn-bug-exploited-as-zero-day/] [Critical Alerts] * Chrome V8 Zero-Day (CVE-2026-11645) [https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html] [Critical Alerts] * Microsoft June 2026 Patch Tuesday (206 Vulnerabilities) [https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-3-zero-day-200-flaws/] [Windows / AD Security] * Microsoft Defender RoguePlanet Zero-Day [https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/] [Windows / AD Security] * Microsoft Exchange Ghost-Sender Spoofing [https://www.darkreading.com/vulnerabilities-threats/exchange-flaw-attackers-spoof-email-address] [Windows / AD Security] * Windows 10 KB5094127 Extended Security Update [https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5094127-extended-security-update/] [Windows / AD Security] * Windows 11 KB5094126 & KB5093998 Updates [https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5094126-and-kb5093998-cumulative-updates-released/] [Windows / AD Security] * Microsoft AI Activity Investigation Playbook [https://www.microsoft.com/en-us/security/blog/2026/06/09/reconstructing-ai-activity-investigations/] [Windows / AD Security] * WinRAR Exploitation in Ukraine [https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html] [Business & Infrastructure Threats] * GitHub/Microsoft Repository Compromise (Miasma/Shai-Hulud) [https://www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/] [Business & Infrastructure Threats] * Hades PyPI Attack (37 Malicious Packages) [https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html] [Business & Infrastructure Threats] * CISA KEV Additions (June 9) [https://www.cisa.gov/news-events/alerts/2026/06/09/cisa-adds-three-known-exploited-vulnerabilities-catalog] [Vulnerability Disclosures] * ICS Patch Tuesday [https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-fixed-by-siemens-schneider-phoenix-contact/] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-15467, CVE-2025-40946, CVE-2025-8088, CVE-2026-11645, CVE-2026-20127, CVE-2026-20182, CVE-2026-20245, CVE-2026-2441, CVE-2026-26142, CVE-2026-32193, CVE-2026-3909, CVE-2026-3910, CVE-2026-41108, CVE-2026-41125, CVE-2026-42985, CVE-2026-42987, CVE-2026-44803, CVE-2026-44812, CVE-2026-44815, CVE-2026-44963, CVE-2026-45467, CVE-2026-45469, CVE-2026-45485, CVE-2026-45586, CVE-2026-45602, CVE-2026-45607, CVE-2026-45641, CVE-2026-45648, CVE-2026-45657, CVE-2026-47288, CVE-2026-47291, CVE-2026-47292, CVE-2026-47652, CVE-2026-48574, CVE-2026-49160, CVE-2026-50507, CVE-2026-50508, CVE-2026-50751, CVE-2026-5281, CVE-2026-7473 Read the full brief [https://carolinacleartech.com/brief/2026-06-10/]

2026-06-09: Check Point VPN users have three days to patch CVE-2026-50751

SHOW NOTES - 2026-06-09 STORIES COVERED * June 9, 2026 * Today: * Check Point VPN Zero-Day Exploited by Qilin Ransomware (CVE-2026-50751) [https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-check-point-flaw-exploited-by-ransomware-gangs/] [Critical Alerts] * Gogs RCE Zero-Day Affects Default Configurations [https://www.bleepingcomputer.com/news/security/gogs-patches-critical-zero-day-enabling-remote-code-execution/] [Critical Alerts] * Google Patches Fifth Chrome Zero-Day of 2026 (CVE-2026-11645) [https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/] [Critical Alerts] * LiteLLM RCE Exploited in the Wild (CVE-2026-42271) [https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html] [Critical Alerts] * TeamPCP Supply Chain Campaign Continues with Hades PyPI Variant [https://isc.sans.edu/diary/rss/33060] [Critical Alerts] * Silent Ransom Group Uses DNS Fast Flux in Attacks [https://www.securityweek.com/silent-ransom-group-uses-dns-fast-flux-in-attacks/] [Ransomware & Extortion] * Ransomware Closes Illinois High Schools [https://www.theregister.com/cyber-crime/2026/06/08/ransomware-attack-shuts-illinois-high-school-until-wednesday/5252322] [Ransomware & Extortion] * Qilin NHS Breach Tally Grows [https://www.theregister.com/cyber-crime/2026/06/09/qilin-nhs-breach-tally-grows-as-essex-trust-confirms-stolen-records/5252663] [Ransomware & Extortion] * Microsoft Teams Phishing Campaigns Bypass Email Defenses [https://unit42.paloaltonetworks.com/microsoft-teams-phishing/] [Business & Infrastructure Threats] * AI Brands Used as Social Engineering Lures [https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/] [Business & Infrastructure Threats] * NSO Group Spyware Campaigns Defy Court Injunction [https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/] [Business & Infrastructure Threats] * Linux Kernel One-Character Flaw Enables Local Root (CVE-2026-23111) [https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html] [Vulnerability Disclosures] * Android Framework Privilege Escalation Under Exploitation (CVE-2025-48595) [https://thehackernews.com/2026/06/weekly-recap-instagram-account-hacks.html] [Vulnerability Disclosures] * Multiple MSRC CVE Publications [https://msrc.microsoft.com/update-guide/] [Vulnerability Disclosures] * Instagram Recovery Tool Bug Exposed 20,225 Accounts [https://databreaches.net/2026/06/08/instagram-recovery-tool-bug-exposed-20225-accounts-to-password-reset-abuse/?pk_campaign=feed&pk_kwd=instagram-recovery-tool-bug-exposed-20225-accounts-to-password-reset-abuse] [Vulnerability Disclosures] * Apple Announces AI-Powered Automatic Password Fixer [https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/] [General Security News] CVES REFERENCED CVE-2024-39930, CVE-2024-39932, CVE-2024-39933, CVE-2025-48595, CVE-2025-8110, CVE-2026-10879, CVE-2026-11463, CVE-2026-11645, CVE-2026-23111, CVE-2026-2441, CVE-2026-26194, CVE-2026-35429, CVE-2026-3909, CVE-2026-3910, CVE-2026-40930, CVE-2026-42208, CVE-2026-42271, CVE-2026-45321, CVE-2026-46250, CVE-2026-46272, CVE-2026-48027, CVE-2026-48710, CVE-2026-49975, CVE-2026-50031, CVE-2026-50256, CVE-2026-50260, CVE-2026-50262, CVE-2026-50292, CVE-2026-50751, CVE-2026-50752, CVE-2026-5281 INDICATORS OF COMPROMISE Domains: ep6pheij[.]com, business-data-leaks[.]com., business-data-leaks[.]com, grupoconstat[.]bitrix24, com[.]br, ikhwancast[.]com, ghazacast[.]com, fr24cast[.]com., fr24cast[.]com Read the full brief [https://carolinacleartech.com/brief/2026-06-09/]

2026-06-08: SolarWinds Serv-U exploit is live in the wild with CISA adding CVE-2026-28318 to the KEV catalog

SHOW NOTES - 2026-06-08 STORIES COVERED * Date: * Today: * SolarWinds Serv-U Vulnerability Exploited in the Wild (CVE-2026-28318) [https://www.securityweek.com/solarwinds-patches-exploited-serv-u-vulnerability/] [Critical Alerts] * UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign [https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html] [Critical Alerts] * Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse [https://www.securityweek.com/meta-says-20000-instagram-accounts-hacked-via-ai-tool-abuse/] [Business & Infrastructure Threats] * UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency [https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal] [Business & Infrastructure Threats] * C0XMO Botnet Spreads via DD-WRT Router Flaw, Kills Rival Malware [https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/] [Business & Infrastructure Threats] * RubyGems Adds Dependency Cooldowns to Counter Supply Chain Attacks [https://news.risky.biz/risky-bulletin-rubygems-adds-dependency-cooldowns-to-counter-supply-chain-attacks/] [General Security News] * VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks [https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html] [General Security News] * OpenAI Rolling Out ChatGPT Account Security Controls [https://www.securityweek.com/openai-rolling-out-chatgpt-account-security-controls/] [General Security News] CVES REFERENCED CVE-2021-27137, CVE-2026-28318 INDICATORS OF COMPROMISE Domains: privnote[.]com, -itdesk[.]com, -it[.]com, -helpdesk[.]com. Read the full brief [https://carolinacleartech.com/brief/2026-06-08/]

2026-06-07: WordPress site takeovers are spreading via a critical Everest Forms Pro exploit that creates rogue

SHOW NOTES - 2026-06-07 STORIES COVERED * 2026-06-07 * Today: * Cisco SD-WAN Zero-Day Under Active Attack [https://www.theregister.com/personal-tech/2026/06/07/uk-exam-watchdog-frets-over-smart-specs-turning-gcses-into-google-searches/5251365] [Critical Alerts] * Critical Everest Forms Pro Flaw Exploited to Take Over WordPress Sites (CVE-2026-3300) [https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/] [Critical Alerts] * Exposed Fuel Tank Gauges Under Attack in the US [https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us] [Critical Alerts] * Adaptive AI Worms Loom as Next Enterprise Threat [https://www.darkreading.com/cyber-risk/adaptive-agentic-ai-worms-enterprise-cyber-threat] [Business & Infrastructure Threats] * ChatGPT Lockdown Mode Limits Data Exfiltration Tools [https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html] [Business & Infrastructure Threats] * CVE-2026-3300: Everest Forms Pro Unauthenticated RCE [https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/] [Vulnerability Disclosures] * CVE-2026-50219: libexpat Use-After-Free Vulnerability [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50219] [Vulnerability Disclosures] * CVE-2026-8643: pip Path Traversal in Script Installation [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8643] [Vulnerability Disclosures] * CVE-2026-7774: Python tarfile Path Traversal Bypass [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7774] [Vulnerability Disclosures] * CVE-2026-11332: Ansible-core Argument Injection in ansible-galaxy [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11332] [Vulnerability Disclosures] * CVE-2026-3276: Python DoS via Quadratic Complexity in unicodedata.normalize() [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3276] [Vulnerability Disclosures] * CVE-2026-43958: RRDtool Stack Buffer Overflow [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43958] [Vulnerability Disclosures] * CVE-2026-10722: cilium eBPF Integer Overflow [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10722] [Vulnerability Disclosures] * CVE-2026-37460: FRRouting BGP DoS Vulnerability [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-37460] [Vulnerability Disclosures] * CVE-2026-42504: Go mime Package Quadratic Complexity DoS [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42504] [Vulnerability Disclosures] * CVE-2026-42507: Go net/textproto Unescaped Input in Errors [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42507] [Vulnerability Disclosures] * CVE-2026-27145: Go Inefficient Hostname Parsing in crypto/x509 [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27145] [Vulnerability Disclosures] * CVE-2026-8829: Perl HTML::Entities Use-After-Free [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8829] [Vulnerability Disclosures] * CVE-2026-5419: GnuTLS Timing Side-Channel in PKCS#7 Padding [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5419] [Vulnerability Disclosures] * Opal Security Raises $23 Million for AI-Native Identity Governance [https://www.securityweek.com/opal-security-raises-23-million-for-ai-native-identity-governance/] [General Security News] CVES REFERENCED CVE-2026-10722, CVE-2026-11332, CVE-2026-27145, CVE-2026-3276, CVE-2026-3300, CVE-2026-37460, CVE-2026-42504, CVE-2026-42507, CVE-2026-43958, CVE-2026-50219, CVE-2026-5419, CVE-2026-7774, CVE-2026-8643, CVE-2026-8829 INDICATORS OF COMPROMISE IP Addresses: 202.56.2.126, 209.146.60.26 Read the full brief [https://carolinacleartech.com/brief/2026-06-07/]

2026-06-06: SolarWinds Serv-U and Cisco SD-WAN vulnerabilities are being exploited in the wild with no patch

SHOW NOTES - 2026-06-06 STORIES COVERED * Today: * SolarWinds Serv-U CVE-2026-28318 Denial-of-Service Vulnerability (CISA KEV) [https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/] [Critical Alerts] * Cisco Catalyst SD-WAN Manager CVE-2026-20245 Actively Exploited (No Patch Available) [https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html] [Critical Alerts] * Palo Alto PAN-OS CVE-2026-0257 GlobalProtect Authentication Bypass [https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/] [Critical Alerts] * UNC3753 (Luna Moth, Chatty Spider) Vishing Campaign Targets US Law Firms [https://cloud.google.com/blog/topics/threat-intelligence/targeted-campaign-us-law-firms/] [Ransomware & Extortion] * Over 900 US Automatic Tank Gauge Systems Exposed to Attacks [https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/] [Business & Infrastructure Threats] * IronWorm and Miasma Worm Hit npm Supply Chain [https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html] [Business & Infrastructure Threats] * Smart TV Apps Turn Devices Into Web-Scraping Proxies for AI [https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html] [Business & Infrastructure Threats] * Microsoft Claude Code GitHub Action Exposes CI/CD Secrets [https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case/] [Business & Infrastructure Threats] * Chinese APT UNC5221 Deploys New Malware (Plenet, AgentPSD) for Persistent Access [https://www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/] [Windows / AD Security] * OP-512 Threat Cluster Targets Microsoft IIS Servers with Custom Web Shell Framework [https://thehackernews.com/2026/06/new-threat-cluster-op-512-targets.html] [Windows / AD Security] * Polyfill Service Reactivation Causes Login Prompts on Major Websites [https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/] [General Security News] * 2026 Verizon DBIR Highlights Browser-Based Attacks and Shadow AI [https://www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/] [General Security News] * Vulnerability Disclosure Dispute Between Microsoft and Nightmare Eclipse Researcher [https://cyberscoop.com/microsoft-coordinated-vulnerability-disclosure-debacle/] [General Security News] * AI Agent Discovers 21 Zero-Days in FFmpeg [https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html] [Vulnerability Disclosures] * Chrome 149 Patches Record 429 Vulnerabilities [https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html] [Vulnerability Disclosures] * Sound Blaster Katana V2X Speaker Remote Code Execution via Bluetooth [https://arstechnica.com/security/2026/06/highly-reviewed-speaker-can-be-hacked-over-the-air-to-infect-connected-devices/] [Vulnerability Disclosures] CVES REFERENCED CVE-2021-35211, CVE-2022-20775, CVE-2024-28995, CVE-2026-0257, CVE-2026-10881, CVE-2026-20122, CVE-2026-20127, CVE-2026-20128, CVE-2026-20133, CVE-2026-20182, CVE-2026-20245, CVE-2026-28318, CVE-2026-39210, CVE-2026-39218 INDICATORS OF COMPROMISE Domains: lhlsjcb[.]com., polyfill[.]io IP Addresses: 23.128.228.6, 104.207.144.154, 146.19.216.119, 146.19.216.120, 146.19.216.125, 179.43.172.213, 185.195.232.139, 198.12.106.60, 202.144.192.47 Read the full brief [https://carolinacleartech.com/brief/2026-06-06/]