2026-06-08: SolarWinds Serv-U exploit is live in the wild with CISA adding CVE-2026-28318 to the KEV catalog

2026-06-09: Check Point VPN users have three days to patch CVE-2026-50751

SHOW NOTES - 2026-06-09 STORIES COVERED * June 9, 2026 * Today: * Check Point VPN Zero-Day Exploited by Qilin Ransomware (CVE-2026-50751) [https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-check-point-flaw-exploited-by-ransomware-gangs/] [Critical Alerts] * Gogs RCE Zero-Day Affects Default Configurations [https://www.bleepingcomputer.com/news/security/gogs-patches-critical-zero-day-enabling-remote-code-execution/] [Critical Alerts] * Google Patches Fifth Chrome Zero-Day of 2026 (CVE-2026-11645) [https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/] [Critical Alerts] * LiteLLM RCE Exploited in the Wild (CVE-2026-42271) [https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html] [Critical Alerts] * TeamPCP Supply Chain Campaign Continues with Hades PyPI Variant [https://isc.sans.edu/diary/rss/33060] [Critical Alerts] * Silent Ransom Group Uses DNS Fast Flux in Attacks [https://www.securityweek.com/silent-ransom-group-uses-dns-fast-flux-in-attacks/] [Ransomware & Extortion] * Ransomware Closes Illinois High Schools [https://www.theregister.com/cyber-crime/2026/06/08/ransomware-attack-shuts-illinois-high-school-until-wednesday/5252322] [Ransomware & Extortion] * Qilin NHS Breach Tally Grows [https://www.theregister.com/cyber-crime/2026/06/09/qilin-nhs-breach-tally-grows-as-essex-trust-confirms-stolen-records/5252663] [Ransomware & Extortion] * Microsoft Teams Phishing Campaigns Bypass Email Defenses [https://unit42.paloaltonetworks.com/microsoft-teams-phishing/] [Business & Infrastructure Threats] * AI Brands Used as Social Engineering Lures [https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/] [Business & Infrastructure Threats] * NSO Group Spyware Campaigns Defy Court Injunction [https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/] [Business & Infrastructure Threats] * Linux Kernel One-Character Flaw Enables Local Root (CVE-2026-23111) [https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html] [Vulnerability Disclosures] * Android Framework Privilege Escalation Under Exploitation (CVE-2025-48595) [https://thehackernews.com/2026/06/weekly-recap-instagram-account-hacks.html] [Vulnerability Disclosures] * Multiple MSRC CVE Publications [https://msrc.microsoft.com/update-guide/] [Vulnerability Disclosures] * Instagram Recovery Tool Bug Exposed 20,225 Accounts [https://databreaches.net/2026/06/08/instagram-recovery-tool-bug-exposed-20225-accounts-to-password-reset-abuse/?pk_campaign=feed&pk_kwd=instagram-recovery-tool-bug-exposed-20225-accounts-to-password-reset-abuse] [Vulnerability Disclosures] * Apple Announces AI-Powered Automatic Password Fixer [https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/] [General Security News] CVES REFERENCED CVE-2024-39930, CVE-2024-39932, CVE-2024-39933, CVE-2025-48595, CVE-2025-8110, CVE-2026-10879, CVE-2026-11463, CVE-2026-11645, CVE-2026-23111, CVE-2026-2441, CVE-2026-26194, CVE-2026-35429, CVE-2026-3909, CVE-2026-3910, CVE-2026-40930, CVE-2026-42208, CVE-2026-42271, CVE-2026-45321, CVE-2026-46250, CVE-2026-46272, CVE-2026-48027, CVE-2026-48710, CVE-2026-49975, CVE-2026-50031, CVE-2026-50256, CVE-2026-50260, CVE-2026-50262, CVE-2026-50292, CVE-2026-50751, CVE-2026-50752, CVE-2026-5281 INDICATORS OF COMPROMISE Domains: ep6pheij[.]com, business-data-leaks[.]com., business-data-leaks[.]com, grupoconstat[.]bitrix24, com[.]br, ikhwancast[.]com, ghazacast[.]com, fr24cast[.]com., fr24cast[.]com Read the full brief [https://carolinacleartech.com/brief/2026-06-09/]

2026-06-08: SolarWinds Serv-U exploit is live in the wild with CISA adding CVE-2026-28318 to the KEV catalog

SHOW NOTES - 2026-06-08 STORIES COVERED * Date: * Today: * SolarWinds Serv-U Vulnerability Exploited in the Wild (CVE-2026-28318) [https://www.securityweek.com/solarwinds-patches-exploited-serv-u-vulnerability/] [Critical Alerts] * UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign [https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html] [Critical Alerts] * Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse [https://www.securityweek.com/meta-says-20000-instagram-accounts-hacked-via-ai-tool-abuse/] [Business & Infrastructure Threats] * UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency [https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal] [Business & Infrastructure Threats] * C0XMO Botnet Spreads via DD-WRT Router Flaw, Kills Rival Malware [https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/] [Business & Infrastructure Threats] * RubyGems Adds Dependency Cooldowns to Counter Supply Chain Attacks [https://news.risky.biz/risky-bulletin-rubygems-adds-dependency-cooldowns-to-counter-supply-chain-attacks/] [General Security News] * VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks [https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html] [General Security News] * OpenAI Rolling Out ChatGPT Account Security Controls [https://www.securityweek.com/openai-rolling-out-chatgpt-account-security-controls/] [General Security News] CVES REFERENCED CVE-2021-27137, CVE-2026-28318 INDICATORS OF COMPROMISE Domains: privnote[.]com, -itdesk[.]com, -it[.]com, -helpdesk[.]com. Read the full brief [https://carolinacleartech.com/brief/2026-06-08/]

2026-06-07: WordPress site takeovers are spreading via a critical Everest Forms Pro exploit that creates rogue

SHOW NOTES - 2026-06-07 STORIES COVERED * 2026-06-07 * Today: * Cisco SD-WAN Zero-Day Under Active Attack [https://www.theregister.com/personal-tech/2026/06/07/uk-exam-watchdog-frets-over-smart-specs-turning-gcses-into-google-searches/5251365] [Critical Alerts] * Critical Everest Forms Pro Flaw Exploited to Take Over WordPress Sites (CVE-2026-3300) [https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/] [Critical Alerts] * Exposed Fuel Tank Gauges Under Attack in the US [https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us] [Critical Alerts] * Adaptive AI Worms Loom as Next Enterprise Threat [https://www.darkreading.com/cyber-risk/adaptive-agentic-ai-worms-enterprise-cyber-threat] [Business & Infrastructure Threats] * ChatGPT Lockdown Mode Limits Data Exfiltration Tools [https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html] [Business & Infrastructure Threats] * CVE-2026-3300: Everest Forms Pro Unauthenticated RCE [https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/] [Vulnerability Disclosures] * CVE-2026-50219: libexpat Use-After-Free Vulnerability [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50219] [Vulnerability Disclosures] * CVE-2026-8643: pip Path Traversal in Script Installation [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8643] [Vulnerability Disclosures] * CVE-2026-7774: Python tarfile Path Traversal Bypass [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7774] [Vulnerability Disclosures] * CVE-2026-11332: Ansible-core Argument Injection in ansible-galaxy [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11332] [Vulnerability Disclosures] * CVE-2026-3276: Python DoS via Quadratic Complexity in unicodedata.normalize() [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3276] [Vulnerability Disclosures] * CVE-2026-43958: RRDtool Stack Buffer Overflow [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43958] [Vulnerability Disclosures] * CVE-2026-10722: cilium eBPF Integer Overflow [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10722] [Vulnerability Disclosures] * CVE-2026-37460: FRRouting BGP DoS Vulnerability [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-37460] [Vulnerability Disclosures] * CVE-2026-42504: Go mime Package Quadratic Complexity DoS [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42504] [Vulnerability Disclosures] * CVE-2026-42507: Go net/textproto Unescaped Input in Errors [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42507] [Vulnerability Disclosures] * CVE-2026-27145: Go Inefficient Hostname Parsing in crypto/x509 [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27145] [Vulnerability Disclosures] * CVE-2026-8829: Perl HTML::Entities Use-After-Free [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8829] [Vulnerability Disclosures] * CVE-2026-5419: GnuTLS Timing Side-Channel in PKCS#7 Padding [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5419] [Vulnerability Disclosures] * Opal Security Raises $23 Million for AI-Native Identity Governance [https://www.securityweek.com/opal-security-raises-23-million-for-ai-native-identity-governance/] [General Security News] CVES REFERENCED CVE-2026-10722, CVE-2026-11332, CVE-2026-27145, CVE-2026-3276, CVE-2026-3300, CVE-2026-37460, CVE-2026-42504, CVE-2026-42507, CVE-2026-43958, CVE-2026-50219, CVE-2026-5419, CVE-2026-7774, CVE-2026-8643, CVE-2026-8829 INDICATORS OF COMPROMISE IP Addresses: 202.56.2.126, 209.146.60.26 Read the full brief [https://carolinacleartech.com/brief/2026-06-07/]

2026-06-06: SolarWinds Serv-U and Cisco SD-WAN vulnerabilities are being exploited in the wild with no patch

SHOW NOTES - 2026-06-06 STORIES COVERED * Today: * SolarWinds Serv-U CVE-2026-28318 Denial-of-Service Vulnerability (CISA KEV) [https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/] [Critical Alerts] * Cisco Catalyst SD-WAN Manager CVE-2026-20245 Actively Exploited (No Patch Available) [https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html] [Critical Alerts] * Palo Alto PAN-OS CVE-2026-0257 GlobalProtect Authentication Bypass [https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/] [Critical Alerts] * UNC3753 (Luna Moth, Chatty Spider) Vishing Campaign Targets US Law Firms [https://cloud.google.com/blog/topics/threat-intelligence/targeted-campaign-us-law-firms/] [Ransomware & Extortion] * Over 900 US Automatic Tank Gauge Systems Exposed to Attacks [https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/] [Business & Infrastructure Threats] * IronWorm and Miasma Worm Hit npm Supply Chain [https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html] [Business & Infrastructure Threats] * Smart TV Apps Turn Devices Into Web-Scraping Proxies for AI [https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html] [Business & Infrastructure Threats] * Microsoft Claude Code GitHub Action Exposes CI/CD Secrets [https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case/] [Business & Infrastructure Threats] * Chinese APT UNC5221 Deploys New Malware (Plenet, AgentPSD) for Persistent Access [https://www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/] [Windows / AD Security] * OP-512 Threat Cluster Targets Microsoft IIS Servers with Custom Web Shell Framework [https://thehackernews.com/2026/06/new-threat-cluster-op-512-targets.html] [Windows / AD Security] * Polyfill Service Reactivation Causes Login Prompts on Major Websites [https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/] [General Security News] * 2026 Verizon DBIR Highlights Browser-Based Attacks and Shadow AI [https://www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/] [General Security News] * Vulnerability Disclosure Dispute Between Microsoft and Nightmare Eclipse Researcher [https://cyberscoop.com/microsoft-coordinated-vulnerability-disclosure-debacle/] [General Security News] * AI Agent Discovers 21 Zero-Days in FFmpeg [https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html] [Vulnerability Disclosures] * Chrome 149 Patches Record 429 Vulnerabilities [https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html] [Vulnerability Disclosures] * Sound Blaster Katana V2X Speaker Remote Code Execution via Bluetooth [https://arstechnica.com/security/2026/06/highly-reviewed-speaker-can-be-hacked-over-the-air-to-infect-connected-devices/] [Vulnerability Disclosures] CVES REFERENCED CVE-2021-35211, CVE-2022-20775, CVE-2024-28995, CVE-2026-0257, CVE-2026-10881, CVE-2026-20122, CVE-2026-20127, CVE-2026-20128, CVE-2026-20133, CVE-2026-20182, CVE-2026-20245, CVE-2026-28318, CVE-2026-39210, CVE-2026-39218 INDICATORS OF COMPROMISE Domains: lhlsjcb[.]com., polyfill[.]io IP Addresses: 23.128.228.6, 104.207.144.154, 146.19.216.119, 146.19.216.120, 146.19.216.125, 179.43.172.213, 185.195.232.139, 198.12.106.60, 202.144.192.47 Read the full brief [https://carolinacleartech.com/brief/2026-06-06/]

2026-06-05: Cisco discloses seventh SD-WAN zero-day this year, now actively exploited for root escalation with

SHOW NOTES - 2026-06-05 STORIES COVERED * June 5, 2026 * Today: * Cisco SD-WAN Zero-Day Actively Exploited (CVE-2026-20245) [https://www.bleepingcomputer.com/news/security/new-cisco-sd-wan-flaw-exploited-in-zero-day-attacks-to-gain-root/] [Critical Alerts] * Cisco Unified CM Critical SSRF with Public PoC (CVE-2026-20230) [https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-unified-cm-flaw-with-poc-exploit-code/] [Critical Alerts] * Windows 11 Zero-Day (CVE-2026-0257) [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-23-7/] [Critical Alerts] * AI Agents as Insider Threat [https://cyberscoop.com/ai-agent-insider-threat-cybersecurity-dtex/] [Business & Infrastructure Threats] * Claude Code GitHub Action Repository Takeover [https://thehackernews.com/2026/06/claude-code-github-action-flaw-let-one.html] [Business & Infrastructure Threats] * Microsoft Agentic AI Failure Modes v2.0 [https://www.microsoft.com/en-us/security/blog/2026/06/04/updating-taxonomy-failure-modes-agentic-ai-systems-year-red-teaming-taught-us/] [Business & Infrastructure Threats] * UN World Food Programme Gaza Breach (600,000 Households) [https://www.bleepingcomputer.com/news/security/un-world-food-programme-breach-affects-600-000-gaza-households/] [Business & Infrastructure Threats] * DentaQuest Breach (2.6 Million Accounts) [https://www.bleepingcomputer.com/news/security/dentaquest-data-breach-exposed-info-of-26-million-accounts/] [Business & Infrastructure Threats] * China-Linked TA4922 Expands to Europe [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-23-7/] [Ransomware & Extortion] * IronWorm npm Supply Chain Attack (36 Packages) [https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/] [Ransomware & Extortion] * Russian Mobile Spyware Operation [https://thehackernews.com/2026/06/threatsday-bulletin-ai-agents-gone.html] [Ransomware & Extortion] * Microsoft M365 Copilot RCE (CVE-2026-45497) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45497] [Windows / AD Security] * Windows Driver Update Issue [https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-unexpected-windows-driver-updates-on-caching-issue/] [Windows / AD Security] * Chrome 149 Patches Record 429 Vulnerabilities [https://www.securityweek.com/chrome-149-patches-429-vulnerabilities/] [General Security News] * Hola Browser Supply Chain Compromise [https://www.bleepingcomputer.com/news/security/hola-browser-for-windows-compromised-to-deliver-cryptominer/] [General Security News] * Everest Forms Pro WordPress RCE Actively Exploited (CVE-2026-3300) [https://thehackernews.com/2026/06/hackers-exploit-critical-everest-forms.html] [General Security News] * Magecart Campaign Abuses Stripe API [https://www.bleepingcomputer.com/news/security/credit-card-theft-campaign-abuses-stripe-to-host-stolen-payment-info/] [General Security News] * VIP Keylogger via JavaScript Loaders [https://isc.sans.edu/diary/rss/33054] [General Security News] * FlutterShell macOS Malvertising [https://thehackernews.com/2026/06/fluttershell-backdoor-spreads-to-macos.html] [General Security News] * FIFA World Cup 2026 Scams [https://thehackernews.com/2026/06/fifa-world-cup-2026-scams-are-already.html] [General Security News] * Hitachi Energy ICS Vulnerabilities [https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-04] [Vulnerability Disclosures] * B&R PPT30 OPC-UA DoS (CVE-2025-11482) [https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-03] [Vulnerability Disclosures] CVES REFERENCED CVE-2024-8176, CVE-2025-11482, CVE-2025-20309, CVE-2025-59375, CVE-2026-0257, CVE-2026-10881, CVE-2026-10882, CVE-2026-10883, CVE-2026-20045, CVE-2026-20127, CVE-2026-20182, CVE-2026-20230, CVE-2026-20245, CVE-2026-25253, CVE-2026-3300, CVE-2026-45497, CVE-2026-7310 INDICATORS OF COMPROMISE IP Addresses: 202.56.2.126, 209.146.60.26, 15.235.166.18, 185.78.165.153 Read the full brief [https://carolinacleartech.com/brief/2026-06-05/]