A Record-Breaking Patch Tuesday for June 2026
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of f...
Threat Intelligence Feed
Aggregating 4508 articles from trusted cybersecurity sources
LATEST CVEs
CVE-2026-9669
bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError
CVE-2026-44541
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based
CVE-2026-40215
A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cau
MED · CVE-2026-11585
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of
HIGH · CVE-2026-49141
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authent
CVE-2026-47345
Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting
CVE-2026-47344
When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sa
HIGH · CVE-2026-46484
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable
HIGH · CVE-2026-40519
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execut
CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 t
MED · CVE-2026-11584
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the
MED · CVE-2026-11583
A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function o
HIGH · CVE-2026-11582
A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function
CRIT · CVE-2026-52778
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar f
HIGH · CVE-2026-46490
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only esca
CVE-2026-46486
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potentia
MED · CVE-2026-11559
A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account
MED · CVE-2026-11558
A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function
HIGH · CVE-2026-11557
A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the f
CRIT · CVE-2026-11393
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might a
MED · CVE-2026-10787
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user t
MED · CVE-2026-10786
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileg
MED · CVE-2026-10544
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Serv
CVE-2026-8913
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutra
HIGH · CVE-2026-11556
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file
CVE-2026-11555
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file
MED · CVE-2026-11554
A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/v
HIGH · CVE-2026-11553
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file
MED · CVE-2026-11552
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Lea
HIGH · CVE-2026-48507
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user ho
HIGH · CVE-2026-46481
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION
CVE-2026-46314
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Reject empty multisync extension to preven
CVE-2026-46313
In the Linux kernel, the following vulnerability has been resolved:
media: intel/ipu6: fix error pointer dereference
I
CVE-2026-46312
In the Linux kernel, the following vulnerability has been resolved:
media: videobuf2: Set vma_flags in vb2_dma_sg_mmap
CVE-2026-46311
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/userq: fix access to stale wptr mapping
CVE-2026-46310
In the Linux kernel, the following vulnerability has been resolved:
media: renesas: vsp1: Fix NULL pointer deref on mod
CVE-2026-46309
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/uapi: Reject coh_none PAT index for CPU cach
CVE-2026-46308
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: mediatek: fix use-after-free in scpsys_ge
CVE-2026-46307
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath5k: do not access array OOB
Vincent repor
CVE-2026-46306
In the Linux kernel, the following vulnerability has been resolved:
flow_dissector: do not dissect PPPoE PFC frames
RF
Latest News
Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility
Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion.
ServiceNow discloses security incident exposing customer data
ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to ...
OpenClaw AI agent found falling for phishing attacks, spills user data
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise huma...
Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, ...
Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland... - SWN #588
Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review
Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, deli...
Microsoft breaks Patch Tuesday record with 206 vulnerabilities
Fears and warnings about a roaring flood of error-riddled software have materialized. And the disease is spreading.
Anthropic releases Mythos-class Fable 5 model with safeguards for cyber risks
Anthropic unveiled two new powerful AI models built on its previously restricted Mythos architecture: Claude Fable 5, which is being made broadly available, ...
SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver...
Microsoft Patches 200 Vulnerabilities
Three of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them. The post Microsoft Patches ...
CISA to transform how it assesses cyber vulnerabilities and risks, Andersen says
A binding operational directive being released Wednesday will direct federal agencies to change the way they address vulnerabilities by elevating some while ...
Data Breaches
Microsoft investigates breach of open-source projects after malware injection
The compromised projects, many of which are related to Microsoft's Azure cloud service and AI development tools, allowed attackers to steal user passwords an...
SoFi Hong Kong warns of data breach after third-party vendor compromise
The breach involves a database managed by a third-party vendor used by SoFi Securities (Hong Kong) Limited.
Maine Govt Portal Lists 10M Discord Data Breach Notice, But Filing Shows Red Flags
Maine Attorney General portal lists a Discord breach notice claiming 10 million affected, but odd filing details leave it unverified and questionable.
Apple Intelligence can now replace weak passwords without user intervention
Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in P...
French govt messaging service breached in account hijacking attack
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's en...
Malware ships with bugs that defenders could use against it
Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and mal...
FTC orders Illuminate Education to improve data security after student data breach
The FTC's order stems from allegations that Illuminate failed to implement reasonable security controls, contributing to a December 2021 cyberattack.
WhatsApp Says It Blocked Pegasus Spyware Campaign Linked to NSO
WhatsApp says it blocked Israeli firm NSO’s Pegasus spyware activity and is asking a US court to treat the targeting as an injunction breach.
University of Oxford discloses data breach via third-party career platform
The breach occurred on May 28, with attackers gaining access to users' first names, last names, email addresses, and encrypted passwords for those not using ...
SoFi confirms third-party data breach at Hong Kong subsidiary
SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. [.
8th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES DentaQuest,...
Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites
Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing.