Exploit Published for Linux Kernel nf_tables CVE-2026-23111
June 10, 2026
Exodus Intelligence released a working exploit for Linux kernel CVE-2026-23111, a nf_tables flaw enabling root escalation on unpatched Ubuntu and
News
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
Exodus Intelligence released a working exploit for Linux kernel CVE-2026-23111, a nf_tables flaw enabling root escalation on unpatched Ubuntu and Debian.
Qilin Ransomware Hits Isuzu Motors, Opéra Comique, and 3 Others
Qilin ransomware posted six victims including Isuzu Motors, Opéra Comique, and Australian healthcare provider The Banyans in a cross-sector June 8 batch.
Nova, Stormous, and Akira Target European Organizations
Nova claimed Trevi S.p.A., Stormous listed a Dutch Catholic group, and Akira hit a French ambulatory clinic in coordinated European ransomware postings.
Turkish Police Detain 357 in Nationwide Cybercrime Raids
Turkish police detained 357 and arrested 194 in raids across 18 provinces targeting online gambling, financial fraud, and child sexual abuse material.
Apache HTTP Server 2.4.68 Patches 13 CVEs Including HTTP/2 DoS
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Microsoft identified Storm-3075 using ChatGPT, Claude, and DeepSeek brands in AiTM phishing that targeted over 2,000 organizations across the US, UK, and India.
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer install base.
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox's Web UI exploitable by unauthenticated attackers via crafted HTTP requests.
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via crafted S/MIME messages.
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway River Country Club, and SMPC ...
Qilin Ransomware Hits Isuzu Motors, Opéra Comique, and 3 Others
June 10, 2026
Qilin ransomware posted six victims including Isuzu Motors, Opéra Comique, and Australian healthcare provider The Banyans in a cross-sector June
Nova, Stormous, and Akira Target European Organizations
June 10, 2026
Nova claimed Trevi S.p.A., Stormous listed a Dutch Catholic group, and Akira hit a French ambulatory clinic in coordinated European
Turkish Police Detain 357 in Nationwide Cybercrime Raids
June 10, 2026
Turkish police detained 357 and arrested 194 in raids across 18 provinces targeting online gambling, financial fraud, and child sexual
Apache HTTP Server 2.4.68 Patches 13 CVEs Including HTTP/2 DoS
June 10, 2026
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
June 10, 2026
Microsoft identified Storm-3075 using ChatGPT, Claude, and DeepSeek brands in AiTM phishing that targeted over 2,000 organizations across the US,
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
June 10, 2026
Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
June 10, 2026
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox’s Web UI exploitable by unauthenticated attackers via crafted HTTP
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
June 10, 2026
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
June 10, 2026
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.