2026-06-02: Critical Alerts

2026-06-03: CISA adds Oracle WebLogic CVE-2024-21182 to KEV catalog after active exploitation with federal

SHOW NOTES - 2026-06-03 STORIES COVERED * June 3, 2026 * Today: * Oracle WebLogic CVE-2024-21182 Actively Exploited (CVE-2024-21182) [https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-weblogic-flaw/] [Critical Alerts] * Google Patches Exploited Android Zero-Day (CVE-2025-48595) [https://www.bleepingcomputer.com/news/security/google-fixes-one-actively-exploited-android-zero-day-124-flaws/] [Critical Alerts] * Linux Kernel Privilege Escalation Added to KEV (CVE-2022-0492) [https://www.cisa.gov/news-events/alerts/2026/06/02/cisa-adds-two-known-exploited-vulnerabilities-catalog] [Critical Alerts] * Unpatched NTLM Coercion in Windows Search URI Handler (No CVE) [https://www.huntress.com/blog/unpatched-ntlm-coercion-windows-search-uri-handler] [Windows / AD Security] * Microsoft Backtracks on Zero-Day Researcher Legal Threats [https://www.securityweek.com/microsoft-tries-to-calm-legal-threat-fears-after-zero-day-disclosure-backlash/] [General Security News] * VS Code Zero-Day Allows GitHub Token Theft via Link Click [https://www.bleepingcomputer.com/news/security/vs-code-zero-day-lets-hackers-steal-github-tokens-in-one-click/] [General Security News] * AI-Built Ransomware Toolkit Automates EDR Evasion [https://www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/] [General Security News] * DriveSurge Campaign Hijacks Thousands of Sites for Malware Delivery [https://www.darkreading.com/cyberattacks-data-breaches/drivesurge-hijacks-thousands-sites-clickfix-fakeupdate-attacks] [General Security News] * Exchange Online Outage Causes Email Delays and Failures [https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-causes-email-delays-failures/] [General Security News] * Gamaredon Exploits WinRAR to Deliver Malware Against Ukraine [https://thehackernews.com/2026/06/gamaredon-exploits-winrar-to-deliver.html] [Ransomware & Extortion] * WordPress Kirki Plugin Privilege Escalation Exploited (CVE-2026-8206) [https://www.bleepingcomputer.com/news/security/critical-kirki-flaw-exploited-to-hijack-wordpress-admin-accounts/] [Vulnerability Disclosures] * Microsoft Office Vulnerability (CVE-2026-21509) Used by APT28 [https://thehackernews.com/2026/06/gamaredon-exploits-winrar-to-deliver.html] [Vulnerability Disclosures] CVES REFERENCED CVE-2022-0492, CVE-2024-21182, CVE-2025-48595, CVE-2025-8088, CVE-2026-21509, CVE-2026-33825, CVE-2026-33829, CVE-2026-41091, CVE-2026-45498, CVE-2026-8206 INDICATORS OF COMPROMISE IP Addresses: 12.2.1.4, 14.1.1.0 Read the full brief [https://carolinacleartech.com/brief/2026-06-03/]

2026-06-02: Critical Alerts

SHOW NOTES - 2026-06-02 STORIES COVERED * CVE-2026-21182: Oracle WebLogic Server Added to CISA KEV [https://www.cisa.gov/news-events/alerts/2026/06/01/cisa-adds-one-known-exploited-vulnerability-catalog] [Critical Alerts] * CVE-2026-41089: Windows Netlogon RCE Under Active Exploitation [https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/] [Critical Alerts] * CVE-2026-0257: Palo Alto Networks GlobalProtect Authentication Bypass Exploited [https://www.securityweek.com/recent-palo-alto-networks-vulnerability-exploited-for-weeks/] [Critical Alerts] * Gogs Remote Code Execution Zero-Day (No CVE Yet) [https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html] [Critical Alerts] * Red Hat npm Packages Compromised in Supply Chain Attack [https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/] [Business & Infrastructure Threats] * DriveSurge Campaign Hijacks Thousands of Sites for Malware Distribution [https://www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/] [Business & Infrastructure Threats] * codexui-android npm Package Steals OpenAI Codex Tokens [https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html] [Business & Infrastructure Threats] * Meta AI Support Bot Exploited for Instagram Account Takeover [https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/] [Business & Infrastructure Threats] * WordPress Malware Hides C2 Data in Steam Profile Comments [https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/] [Business & Infrastructure Threats] * CVE-2026-45498, CVE-2026-33825, CVE-2026-41091: Additional Windows Zero-Days Under Exploitation [https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/] [Windows / AD Security] * Microsoft Outages Affecting MFA Setup and Office Apps [https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outage-affecting-mfa-setup-mysignin-service/] [Windows / AD Security] * KB5089549 Windows 11 Security Update Installation Issues Resolved [https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/] [Windows / AD Security] * CVE-2026-26980: Ghost CMS SQL Injection Under Active Exploitation [https://research.checkpoint.com/2026/1st-june-threat-intelligence-report/] [General Security News] * CVE-2026-8732: WP Maps Pro WordPress Plugin Exploited for Site Takeover [https://www.securityweek.com/wp-maps-pro-vulnerability-exploited-to-take-over-wordpress-sites/] [General Security News] * Dashlane Brute-Force Attack Results in Limited Vault Downloads [https://www.bleepingcomputer.com/news/security/dashlane-password-manager-users-locked-out-by-brute-force-attacks/] [General Security News] * SVG Files Used in Phishing Campaigns [https://isc.sans.edu/diary/rss/33040] [General Security News] * GlassWorm C2 Infrastructure Taken Down [https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html] [General Security News] * Carnival Corporation, Charter Communications, Lithuania Data Breaches [https://research.checkpoint.com/2026/1st-june-threat-intelligence-report/] [General Security News] * Spain Arrests Doxer Targeting Government Employees [https://www.bleepingcomputer.com/news/security/spain-arrests-doxer-leaking-sensitive-data-of-govt-employees/] [General Security News] * Check Point Security Gateways: CVE-2026-48131, CVE-2026-48132 [https://research.checkpoint.com/2026/1st-june-threat-intelligence-report/] [Vulnerability Disclosures] * China-Aligned Threat Activity Targeting Czech Republic, Taiwan, India [https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html] [Vulnerability Disclosures] * Pakistan-Linked SideCopy Targets Afghanistan with Xeno RAT [https://thehackernews.com/2026/06/pakistan-linked-sidecopy-targets.html] [Vulnerability Disclosures] CVES REFERENCED CVE-2026-0257, CVE-2026-21182, CVE-2026-26980, CVE-2026-33825, CVE-2026-41089, CVE-2026-41091, CVE-2026-45498, CVE-2026-45585, CVE-2026-48131, CVE-2026-48132, CVE-2026-8732 INDICATORS OF COMPROMISE IP Addresses: 164.92.88.210 Read the full brief [https://carolinacleartech.com/brief/2026-06-02/]

2026-06-01: Critical WordPress plugin flaw under active exploitation allows unauthenticated admin account

SHOW NOTES - 2026-06-01 STORIES COVERED * Today: * Critical WP Maps Pro Flaw Actively Exploited (CVE-2026-8732) [https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html] [Critical Alerts] * Dutch Authorities Dismantle 17 Million Device Botnet [https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html] [Business & Infrastructure Threats] * Container Attack Vectors Continue to Threaten Cloud Environments (CVE-2019-5736, CVE-2022-0492) [https://securelist.com/container-attack-vectors/120010/] [Business & Infrastructure Threats] * SmartApeSG ClickFix Campaign Delivers Multi-Stage RAT Infections [https://isc.sans.edu/diary/rss/33034] [Business & Infrastructure Threats] * Ransomware Group Claims HDFC AMC Data Theft [https://databreaches.net/2026/05/31/bombay-high-court-issues-injunction-prohibiting-hackers-from-publishing-allegedly-hacked-hdfc-investor-data/?pk_campaign=feed&pk_kwd=bombay-high-court-issues-injunction-prohibiting-hackers-from-publishing-allegedly-hacked-hdfc-investor-data] [Business & Infrastructure Threats] * Russia Expands SORM Surveillance Requirements [https://news.risky.biz/risky-bulletin-russia-greatly-expands-sorm-surveillance-requirements/] [General Security News] * 2026 Election Threats Target Campaign Infrastructure, Not Voting Systems [https://cyberscoop.com/2026-election-cyber-threats-campaign-systems/] [General Security News] * YARA-X 1.17.0 Released [https://isc.sans.edu/diary/rss/33032] [General Security News] * CVE-2026-8732 - WP Maps Pro Privilege Escalation [https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html] [Vulnerability Disclosures] * CVE-2019-5736 - Container Runtime Escape [https://securelist.com/container-attack-vectors/120010/] [Vulnerability Disclosures] * CVE-2022-0492 - Container Escape Vulnerability [https://securelist.com/container-attack-vectors/120010/] [Vulnerability Disclosures] CVES REFERENCED CVE-2019-5736, CVE-2022-0492, CVE-2026-8732 INDICATORS OF COMPROMISE IP Addresses: 89.110.110.119, 185.163.47.217, 178.156.165.82, 178.156.173.194 Read the full brief [https://carolinacleartech.com/brief/2026-06-01/]

2026-05-31: Palo Alto GlobalProtect VPN suffers active exploitation of an authentication bypass (CVE-2026-0257

SHOW NOTES - 2026-05-31 STORIES COVERED * Today: * Palo Alto GlobalProtect VPN Authentication Bypass (CVE-2026-0257) [https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/] [Critical Alerts] * CIFSwitch Linux Privilege Escalation [https://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/] [Critical Alerts] * Flowise AI Platform RCE (CVE-2026-40933) [https://www.securityweek.com/exploit-code-published-for-critical-flowise-rce-vulnerability/] [Critical Alerts] * Russian Intelligence Technology Procurement Escalation [https://www.securityweek.com/russian-spies-are-aggressively-seeking-western-technology-as-sanctions-bite-officials-say/] [Business & Infrastructure Threats] * GnuTLS Certificate Validation Bypass Flaws [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42012] [Vulnerability Disclosures] * Additional Certificate Validation Flaws [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42790] [Vulnerability Disclosures] * KubeVirt Security Flaws [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7374] [Vulnerability Disclosures] * Node.js Permission Model Flaws [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-36137] [Vulnerability Disclosures] * Other Disclosed Vulnerabilities [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46242] [Vulnerability Disclosures] * Microsoft Incident Response Criticized [https://databreaches.net/2026/05/30/microsofts-incident-response-is-getting-a-failing-grade-from-researchers/?pk_campaign=feed&pk_kwd=microsofts-incident-response-is-getting-a-failing-grade-from-researchers] [General Security News] CVES REFERENCED CVE-2024-22018, CVE-2024-36137, CVE-2025-15649, CVE-2025-23167, CVE-2026-0257, CVE-2026-40034, CVE-2026-40510, CVE-2026-40528, CVE-2026-40933, CVE-2026-42012, CVE-2026-42013, CVE-2026-42015, CVE-2026-42789, CVE-2026-42790, CVE-2026-44839, CVE-2026-46242, CVE-2026-48864, CVE-2026-48962, CVE-2026-5260, CVE-2026-7374, CVE-2026-9804 Read the full brief [https://carolinacleartech.com/brief/2026-05-31/]

2026-05-30: Palo Alto GlobalProtect bypass is now actively exploited with CISA adding CVE-2026-0257 to KEV

SHOW NOTES - 2026-05-30 STORIES COVERED * Today: * Gogs Zero-Day Exposes Servers to Remote Code Execution (CVE-2025-8110) [https://www.securityweek.com/gogs-zero-day-exposes-servers-to-remote-code-execution/] [Critical Alerts] * PAN-OS GlobalProtect Authentication Bypass Under Active Exploitation (CVE-2026-0257) [https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html] [Critical Alerts] * Marimo Post-Exploitation via LLM Agent (CVE-2026-39987) [https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html] [Critical Alerts] * Silent Ransom Group Escalates to Physical Intrusions [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-22-7/] [Ransomware & Extortion] * Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Campaigns [https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html] [Ransomware & Extortion] * The Com Criminal Collective Funds Violence via Cybercrime [https://www.darkreading.com/threat-intelligence/the-com-cyberattacks-violence-sexploitation] [Ransomware & Extortion] * Malicious npm Packages Abuse Dependency Confusion to Profile Environments [https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/] [Business & Infrastructure Threats] * Malicious Sicoob NuGet Package Steals Brazilian Banking Credentials [https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html] [Business & Infrastructure Threats] * 14 Malicious npm Packages Target AWS and CI/CD Secrets [https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html] [Business & Infrastructure Threats] * TrapDoor Supply Chain Campaign Hits 176 npm Packages [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-22-7/] [Business & Infrastructure Threats] * ChatGPT Share Links Abused for Malware Distribution [https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/] [Business & Infrastructure Threats] * Shadow AI: 2,000+ Vibe-Coded Apps Exposed Corporate Data [https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html] [Business & Infrastructure Threats] * Zapier Nearly Compromised via Multi-Step Exploit Chain [https://www.darkreading.com/vulnerabilities-threats/complex-cloud-integrations-small-errors-compromises] [Business & Infrastructure Threats] * Dutch Authorities Disrupt 17 Million Device Botnet [https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/] [General Security News] * Stark Industries Hosting Network Dismantled [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-22-7/] [General Security News] * Google Chrome Rolls Out Device Bound Session Credentials [https://www.bleepingcomputer.com/news/security/google-chrome-adds-session-cookie-theft-protection-for-all-users/] [General Security News] * California AG Sues 23andMe Over 2023 Breach [https://www.bleepingcomputer.com/news/security/california-ag-sues-23andme-over-2023-breach-exposing-health-data/] [General Security News] * DDoS-as-a-Service Market Evolves from Scripts to Polished Products [https://www.bleepingcomputer.com/news/security/from-5-attacks-to-botnet-powered-platforms-inside-the-ddos-as-a-service-market/] [General Security News] * Chrome 148 Patches 151 Vulnerabilities [https://www.securityweek.com/chrome-148-update-patches-151-vulnerabilities/] [Vulnerability Disclosures] * VS Code Remote SSH Extension Vulnerability [https://www.securityweek.com/in-other-news-trump-mobile-data-breach-fifa-world-cup-phishing-cisa-responds-to-supply-chain-attacks/] [Vulnerability Disclosures] * Veeam, Notepad++, Roundcube Patches [https://www.securityweek.com/in-other-news-trump-mobile-data-breach-fifa-world-cup-phishing-cisa-responds-to-supply-chain-attacks/] [Vulnerability Disclosures] * CISA Expands KEV Catalog with Supply Chain Attack CVEs [https://www.securityweek.com/in-other-news-trump-mobile-data-breach-fifa-world-cup-phishing-cisa-responds-to-supply-chain-attacks/] [Vulnerability Disclosures] * ChatGPhish Vulnerability in ChatGPT Web Summaries [https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html] [Vulnerability Disclosures] * SymJack and TrustFall: AI Coding Agent Attacks [https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html] [Vulnerability Disclosures] * CIFSwitch: Linux Local Root Vulnerability [https://www.schneier.com/blog/archives/2026/05/friday-squid-blogging-another-squid.html] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-8110, CVE-2026-0257, CVE-2026-39987, CVE-2026-9872, CVE-2026-9873, CVE-2026-9874, CVE-2026-9875, CVE-2026-9876 INDICATORS OF COMPROMISE Domains: openew[.]app Read the full brief [https://carolinacleartech.com/brief/2026-05-30/]