Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
June 9, 2026
Microsoft’s June Patch Tuesday closes the actively exploited Exchange Server CVE-2026-42897 and sets a 17-day countdown to a critical Secure
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Microsoft's June Patch Tuesday closes the actively exploited Exchange Server CVE-2026-42897 and sets a 17-day countdown to a critical Secure Boot deadline.
WhatsApp Files Contempt Motion Over New NSO Group Spyware Activity
WhatsApp detected new NSO Group activity violating a permanent court injunction and filed a federal contempt motion against the Israeli surveillance firm.
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Gogs version 0.14.3 patches a critical CVSSv4 9.4 RCE zero-day that had exposed 2,300 internet-facing servers for ten days with a public Metasploit exploit.
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Depthfirst's autonomous AI security agent spent $1,000 to find 21 zero-days in FFmpeg, including an unauthenticated RCE triggered by a 183-byte packet.
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Anthropic has deployed six engineers inside NSA to operate Mythos, an AI reported capable of zero-day exploitation across major operating systems and browsers.
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Researcher Taylor Hornby used Claude Opus 4.8 to uncover a four-year-old Zcash Orchard flaw that could have enabled undetectable counterfeit ZEC creation.
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
Volexity found Chinese APT VerdantBamboo used new PLENET and AGENTPSD malware to maintain 18 months of undetected Microsoft 365 access via MSP compromise.
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
JFrog researchers discovered IronWorm, a Rust-based infostealer with an eBPF rootkit, injected into 36 npm packages to steal AI API keys and self-propagate.
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
AppEsteem found a Monero cryptominer bundled inside Hola Browser's Windows installer, hidden as a Windows service and excluded from Windows Defender scanning.
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000 e-commerce stores worldwide.
WhatsApp Files Contempt Motion Over New NSO Group Spyware Activity
June 9, 2026
WhatsApp detected new NSO Group activity violating a permanent court injunction and filed a federal contempt motion against the Israeli
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
June 9, 2026
Gogs version 0.14.3 patches a critical CVSSv4 9.4 RCE zero-day that had exposed 2,300 internet-facing servers for ten days with
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
June 8, 2026
Depthfirst’s autonomous AI security agent spent $1,000 to find 21 zero-days in FFmpeg, including an unauthenticated RCE triggered by a
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
June 8, 2026
Anthropic has deployed six engineers inside NSA to operate Mythos, an AI reported capable of zero-day exploitation across major operating
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
June 8, 2026
Researcher Taylor Hornby used Claude Opus 4.8 to uncover a four-year-old Zcash Orchard flaw that could have enabled undetectable counterfeit
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
June 8, 2026
Volexity found Chinese APT VerdantBamboo used new PLENET and AGENTPSD malware to maintain 18 months of undetected Microsoft 365 access
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
June 5, 2026
JFrog researchers discovered IronWorm, a Rust-based infostealer with an eBPF rootkit, injected into 36 npm packages to steal AI API
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
June 5, 2026
AppEsteem found a Monero cryptominer bundled inside Hola Browser’s Windows installer, hidden as a Windows service and excluded from Windows
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
June 4, 2026
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.