China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
June 11, 2026
Black Lotus Labs tracked the JDY botnet’s growth to 1,500-plus compromised devices, with U.S. military networks identified as the primary
News
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
Black Lotus Labs tracked the JDY botnet's growth to 1,500-plus compromised devices, with U.S. military networks identified as the primary target sector.
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
CISA BOD 26-04 requires all federal civilian agencies to patch critical KEV-listed exploited vulnerabilities within three days, cutting the two-week timeline.
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Security researcher Nightmare Eclipse dropped RoguePlanet, an unpatched LPE zero-day in Microsoft Defender that grants SYSTEM on fully patched Windows.
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Ivanti Sentry CVE-2026-10520 is a CVSS 10.0 unauthenticated root RCE under active exploitation. Two instances were confirmed backdoored on disclosure day.
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
CVE-2026-5027 in Langflow allows unauthenticated attackers to write arbitrary files via path traversal, achieving RCE on 7,000 publicly exposed AI instances.
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
WorldLeaks, the rebranded Hunters International group, posted three new victims: Tata Electronics, First Federal Savings & Loan, and India's Reliance Group.
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
Google patched CVE-2026-11645, a V8 out-of-bounds flaw being chained with a sandbox escape to achieve OS code execution. The fifth Chrome zero-day of 2026.
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
CISA added BerriAI LiteLLM CVE-2026-42271 to the KEV catalog. The command injection flaw enables OS access and theft of all configured AI provider API keys.
France’s Tchap Messaging App Breached, 643K Messages Exposed
ANSSI detected attackers who used a hijacked account and hardcoded LDAP credentials to breach Tchap, exposing 643,000 messages across 73,000 accounts.
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
SAP's June 2026 Patch Day addressed 15 security notes including CVE-2026-44748, a CVSS 9.9 XML Signature Wrapping flaw in NetWeaver SAML authentication.
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
June 11, 2026
CISA BOD 26-04 requires all federal civilian agencies to patch critical KEV-listed exploited vulnerabilities within three days, cutting the two-week
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
June 11, 2026
Security researcher Nightmare Eclipse dropped RoguePlanet, an unpatched LPE zero-day in Microsoft Defender that grants SYSTEM on fully patched Windows.
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
June 11, 2026
Ivanti Sentry CVE-2026-10520 is a CVSS 10.0 unauthenticated root RCE under active exploitation. Two instances were confirmed backdoored on disclosure
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
June 11, 2026
CVE-2026-5027 in Langflow allows unauthenticated attackers to write arbitrary files via path traversal, achieving RCE on 7,000 publicly exposed AI
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
June 11, 2026
WorldLeaks, the rebranded Hunters International group, posted three new victims: Tata Electronics, First Federal Savings & Loan, and India’s Reliance
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
June 10, 2026
Google patched CVE-2026-11645, a V8 out-of-bounds flaw being chained with a sandbox escape to achieve OS code execution. The fifth
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
June 10, 2026
CISA added BerriAI LiteLLM CVE-2026-42271 to the KEV catalog. The command injection flaw enables OS access and theft of all
France’s Tchap Messaging App Breached, 643K Messages Exposed
June 10, 2026
ANSSI detected attackers who used a hijacked account and hardcoded LDAP credentials to breach Tchap, exposing 643,000 messages across 73,000
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
June 10, 2026
SAP’s June 2026 Patch Day addressed 15 security notes including CVE-2026-44748, a CVSS 9.9 XML Signature Wrapping flaw in NetWeaver
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.