2026-06-11: A new Windows zero-day exploit bypassing Microsoft Defender was released hours after Patch Tuesday

2026-06-11: A new Windows zero-day exploit bypassing Microsoft Defender was released hours after Patch Tuesday

SHOW NOTES - 2026-06-11 STORIES COVERED * Today: * New Windows Zero-Day Exploit 'RoguePlanet' Released [https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/] [Critical Alerts] * 'GreatXML' Zero-Day Exploit Bypasses BitLocker [https://www.securityweek.com/greatxml-zero-day-exploit-bypasses-bitlocker/] [Critical Alerts] * Microsoft Patches Exchange Server Zero-Day Exploited in Attacks (CVE-2026-42897) [https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-exchange-server-zero-day-exploited-in-attacks/] [Critical Alerts] * CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog [https://thehackernews.com/2026/06/cisa-adds-cisco-chrome-and-arista-flaws.html] [Critical Alerts] * Path Traversal Flaw in AI Dev Platform Langflow Exploited in Attacks (CVE-2026-5027) [https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/] [Critical Alerts] * Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs [https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html] [Vulnerability Disclosures] * Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities [https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html] [Vulnerability Disclosures] * Who Runs the Ransomware Group 'The Gentlemen?' [https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/] [Ransomware & Extortion] * WA: Chelan County Enters Third Week of Disruptions with No Recovery Timeline [https://databreaches.net/2026/06/10/wa-chelan-county-enters-third-week-of-disruptions-with-no-recovery-timeline/?pk_campaign=feed&pk_kwd=wa-chelan-county-enters-third-week-of-disruptions-with-no-recovery-timeline] [Ransomware & Extortion] * Infostealers Turn Millions of Devices Into Credential Theft Machines [https://www.securityweek.com/infostealers-turn-millions-of-devices-into-credential-theft-machines/] [Business & Infrastructure Threats] * Deceptive Installers: How Fake Apps Target macOS [https://www.huntress.com/blog/deceptive-installers-macos-infostealers] [Business & Infrastructure Threats] * GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks [https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html] [General Security News] * Microsoft Fixes BitLocker Recovery Bug on Windows Server 2025 [https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bitlocker-recovery-bug-on-windows-server-2025/] [General Security News] * Microsoft: Some Windows PCs Fail to Install Latest Monthly Updates [https://www.bleepingcomputer.com/news/microsoft/microsoft-some-upgraded-windows-pcs-fail-to-install-monthly-updates/] [General Security News] CVES REFERENCED CVE-2026-10520, CVE-2026-10523, CVE-2026-11645, CVE-2026-20245, CVE-2026-22732, CVE-2026-25089, CVE-2026-27671, CVE-2026-33017, CVE-2026-40128, CVE-2026-42897, CVE-2026-44748, CVE-2026-44815, CVE-2026-45586, CVE-2026-45657, CVE-2026-47291, CVE-2026-49160, CVE-2026-5027, CVE-2026-50507, CVE-2026-7473 Read the full brief [https://carolinacleartech.com/brief/2026-06-11/]

2026-06-10: Microsoft patches 206 vulnerabilities in the largest Patch Tuesday on record

SHOW NOTES - 2026-06-10 STORIES COVERED * Today: * Veeam Backup & Replication RCE (CVE-2026-44963) [https://www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/] [Critical Alerts] * Cisco SD-WAN Zero-Day (CVE-2026-20245) [https://cyberscoop.com/cisco-sdwan-zero-day-vulnerability-exploited-cve202620245/] [Critical Alerts] * Check Point VPN RCE (CVE-2026-50751) [https://databreaches.net/2026/06/09/cisa-gives-feds-3-days-to-patch-check-point-vpn-bug-exploited-as-zero-day/] [Critical Alerts] * Chrome V8 Zero-Day (CVE-2026-11645) [https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html] [Critical Alerts] * Microsoft June 2026 Patch Tuesday (206 Vulnerabilities) [https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-3-zero-day-200-flaws/] [Windows / AD Security] * Microsoft Defender RoguePlanet Zero-Day [https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/] [Windows / AD Security] * Microsoft Exchange Ghost-Sender Spoofing [https://www.darkreading.com/vulnerabilities-threats/exchange-flaw-attackers-spoof-email-address] [Windows / AD Security] * Windows 10 KB5094127 Extended Security Update [https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5094127-extended-security-update/] [Windows / AD Security] * Windows 11 KB5094126 & KB5093998 Updates [https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5094126-and-kb5093998-cumulative-updates-released/] [Windows / AD Security] * Microsoft AI Activity Investigation Playbook [https://www.microsoft.com/en-us/security/blog/2026/06/09/reconstructing-ai-activity-investigations/] [Windows / AD Security] * WinRAR Exploitation in Ukraine [https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html] [Business & Infrastructure Threats] * GitHub/Microsoft Repository Compromise (Miasma/Shai-Hulud) [https://www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/] [Business & Infrastructure Threats] * Hades PyPI Attack (37 Malicious Packages) [https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html] [Business & Infrastructure Threats] * CISA KEV Additions (June 9) [https://www.cisa.gov/news-events/alerts/2026/06/09/cisa-adds-three-known-exploited-vulnerabilities-catalog] [Vulnerability Disclosures] * ICS Patch Tuesday [https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-fixed-by-siemens-schneider-phoenix-contact/] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-15467, CVE-2025-40946, CVE-2025-8088, CVE-2026-11645, CVE-2026-20127, CVE-2026-20182, CVE-2026-20245, CVE-2026-2441, CVE-2026-26142, CVE-2026-32193, CVE-2026-3909, CVE-2026-3910, CVE-2026-41108, CVE-2026-41125, CVE-2026-42985, CVE-2026-42987, CVE-2026-44803, CVE-2026-44812, CVE-2026-44815, CVE-2026-44963, CVE-2026-45467, CVE-2026-45469, CVE-2026-45485, CVE-2026-45586, CVE-2026-45602, CVE-2026-45607, CVE-2026-45641, CVE-2026-45648, CVE-2026-45657, CVE-2026-47288, CVE-2026-47291, CVE-2026-47292, CVE-2026-47652, CVE-2026-48574, CVE-2026-49160, CVE-2026-50507, CVE-2026-50508, CVE-2026-50751, CVE-2026-5281, CVE-2026-7473 Read the full brief [https://carolinacleartech.com/brief/2026-06-10/]

2026-06-09: Check Point VPN users have three days to patch CVE-2026-50751

SHOW NOTES - 2026-06-09 STORIES COVERED * June 9, 2026 * Today: * Check Point VPN Zero-Day Exploited by Qilin Ransomware (CVE-2026-50751) [https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-check-point-flaw-exploited-by-ransomware-gangs/] [Critical Alerts] * Gogs RCE Zero-Day Affects Default Configurations [https://www.bleepingcomputer.com/news/security/gogs-patches-critical-zero-day-enabling-remote-code-execution/] [Critical Alerts] * Google Patches Fifth Chrome Zero-Day of 2026 (CVE-2026-11645) [https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/] [Critical Alerts] * LiteLLM RCE Exploited in the Wild (CVE-2026-42271) [https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html] [Critical Alerts] * TeamPCP Supply Chain Campaign Continues with Hades PyPI Variant [https://isc.sans.edu/diary/rss/33060] [Critical Alerts] * Silent Ransom Group Uses DNS Fast Flux in Attacks [https://www.securityweek.com/silent-ransom-group-uses-dns-fast-flux-in-attacks/] [Ransomware & Extortion] * Ransomware Closes Illinois High Schools [https://www.theregister.com/cyber-crime/2026/06/08/ransomware-attack-shuts-illinois-high-school-until-wednesday/5252322] [Ransomware & Extortion] * Qilin NHS Breach Tally Grows [https://www.theregister.com/cyber-crime/2026/06/09/qilin-nhs-breach-tally-grows-as-essex-trust-confirms-stolen-records/5252663] [Ransomware & Extortion] * Microsoft Teams Phishing Campaigns Bypass Email Defenses [https://unit42.paloaltonetworks.com/microsoft-teams-phishing/] [Business & Infrastructure Threats] * AI Brands Used as Social Engineering Lures [https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/] [Business & Infrastructure Threats] * NSO Group Spyware Campaigns Defy Court Injunction [https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/] [Business & Infrastructure Threats] * Linux Kernel One-Character Flaw Enables Local Root (CVE-2026-23111) [https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html] [Vulnerability Disclosures] * Android Framework Privilege Escalation Under Exploitation (CVE-2025-48595) [https://thehackernews.com/2026/06/weekly-recap-instagram-account-hacks.html] [Vulnerability Disclosures] * Multiple MSRC CVE Publications [https://msrc.microsoft.com/update-guide/] [Vulnerability Disclosures] * Instagram Recovery Tool Bug Exposed 20,225 Accounts [https://databreaches.net/2026/06/08/instagram-recovery-tool-bug-exposed-20225-accounts-to-password-reset-abuse/?pk_campaign=feed&pk_kwd=instagram-recovery-tool-bug-exposed-20225-accounts-to-password-reset-abuse] [Vulnerability Disclosures] * Apple Announces AI-Powered Automatic Password Fixer [https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/] [General Security News] CVES REFERENCED CVE-2024-39930, CVE-2024-39932, CVE-2024-39933, CVE-2025-48595, CVE-2025-8110, CVE-2026-10879, CVE-2026-11463, CVE-2026-11645, CVE-2026-23111, CVE-2026-2441, CVE-2026-26194, CVE-2026-35429, CVE-2026-3909, CVE-2026-3910, CVE-2026-40930, CVE-2026-42208, CVE-2026-42271, CVE-2026-45321, CVE-2026-46250, CVE-2026-46272, CVE-2026-48027, CVE-2026-48710, CVE-2026-49975, CVE-2026-50031, CVE-2026-50256, CVE-2026-50260, CVE-2026-50262, CVE-2026-50292, CVE-2026-50751, CVE-2026-50752, CVE-2026-5281 INDICATORS OF COMPROMISE Domains: ep6pheij[.]com, business-data-leaks[.]com., business-data-leaks[.]com, grupoconstat[.]bitrix24, com[.]br, ikhwancast[.]com, ghazacast[.]com, fr24cast[.]com., fr24cast[.]com Read the full brief [https://carolinacleartech.com/brief/2026-06-09/]

2026-06-08: SolarWinds Serv-U exploit is live in the wild with CISA adding CVE-2026-28318 to the KEV catalog

SHOW NOTES - 2026-06-08 STORIES COVERED * Date: * Today: * SolarWinds Serv-U Vulnerability Exploited in the Wild (CVE-2026-28318) [https://www.securityweek.com/solarwinds-patches-exploited-serv-u-vulnerability/] [Critical Alerts] * UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign [https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html] [Critical Alerts] * Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse [https://www.securityweek.com/meta-says-20000-instagram-accounts-hacked-via-ai-tool-abuse/] [Business & Infrastructure Threats] * UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency [https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal] [Business & Infrastructure Threats] * C0XMO Botnet Spreads via DD-WRT Router Flaw, Kills Rival Malware [https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/] [Business & Infrastructure Threats] * RubyGems Adds Dependency Cooldowns to Counter Supply Chain Attacks [https://news.risky.biz/risky-bulletin-rubygems-adds-dependency-cooldowns-to-counter-supply-chain-attacks/] [General Security News] * VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks [https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html] [General Security News] * OpenAI Rolling Out ChatGPT Account Security Controls [https://www.securityweek.com/openai-rolling-out-chatgpt-account-security-controls/] [General Security News] CVES REFERENCED CVE-2021-27137, CVE-2026-28318 INDICATORS OF COMPROMISE Domains: privnote[.]com, -itdesk[.]com, -it[.]com, -helpdesk[.]com. Read the full brief [https://carolinacleartech.com/brief/2026-06-08/]

2026-06-07: WordPress site takeovers are spreading via a critical Everest Forms Pro exploit that creates rogue

SHOW NOTES - 2026-06-07 STORIES COVERED * 2026-06-07 * Today: * Cisco SD-WAN Zero-Day Under Active Attack [https://www.theregister.com/personal-tech/2026/06/07/uk-exam-watchdog-frets-over-smart-specs-turning-gcses-into-google-searches/5251365] [Critical Alerts] * Critical Everest Forms Pro Flaw Exploited to Take Over WordPress Sites (CVE-2026-3300) [https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/] [Critical Alerts] * Exposed Fuel Tank Gauges Under Attack in the US [https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us] [Critical Alerts] * Adaptive AI Worms Loom as Next Enterprise Threat [https://www.darkreading.com/cyber-risk/adaptive-agentic-ai-worms-enterprise-cyber-threat] [Business & Infrastructure Threats] * ChatGPT Lockdown Mode Limits Data Exfiltration Tools [https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html] [Business & Infrastructure Threats] * CVE-2026-3300: Everest Forms Pro Unauthenticated RCE [https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/] [Vulnerability Disclosures] * CVE-2026-50219: libexpat Use-After-Free Vulnerability [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50219] [Vulnerability Disclosures] * CVE-2026-8643: pip Path Traversal in Script Installation [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8643] [Vulnerability Disclosures] * CVE-2026-7774: Python tarfile Path Traversal Bypass [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7774] [Vulnerability Disclosures] * CVE-2026-11332: Ansible-core Argument Injection in ansible-galaxy [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11332] [Vulnerability Disclosures] * CVE-2026-3276: Python DoS via Quadratic Complexity in unicodedata.normalize() [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3276] [Vulnerability Disclosures] * CVE-2026-43958: RRDtool Stack Buffer Overflow [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43958] [Vulnerability Disclosures] * CVE-2026-10722: cilium eBPF Integer Overflow [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10722] [Vulnerability Disclosures] * CVE-2026-37460: FRRouting BGP DoS Vulnerability [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-37460] [Vulnerability Disclosures] * CVE-2026-42504: Go mime Package Quadratic Complexity DoS [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42504] [Vulnerability Disclosures] * CVE-2026-42507: Go net/textproto Unescaped Input in Errors [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42507] [Vulnerability Disclosures] * CVE-2026-27145: Go Inefficient Hostname Parsing in crypto/x509 [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27145] [Vulnerability Disclosures] * CVE-2026-8829: Perl HTML::Entities Use-After-Free [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8829] [Vulnerability Disclosures] * CVE-2026-5419: GnuTLS Timing Side-Channel in PKCS#7 Padding [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5419] [Vulnerability Disclosures] * Opal Security Raises $23 Million for AI-Native Identity Governance [https://www.securityweek.com/opal-security-raises-23-million-for-ai-native-identity-governance/] [General Security News] CVES REFERENCED CVE-2026-10722, CVE-2026-11332, CVE-2026-27145, CVE-2026-3276, CVE-2026-3300, CVE-2026-37460, CVE-2026-42504, CVE-2026-42507, CVE-2026-43958, CVE-2026-50219, CVE-2026-5419, CVE-2026-7774, CVE-2026-8643, CVE-2026-8829 INDICATORS OF COMPROMISE IP Addresses: 202.56.2.126, 209.146.60.26 Read the full brief [https://carolinacleartech.com/brief/2026-06-07/]