> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02

Wednesday, June 10, 2026

  1. 1
    0
    Krebs on Security threat-intel
    A Record-Breaking Patch Tuesday for June 2026

    Microsoft's June 2026 Patch Tuesday set a record with nearly 200 security fixes, including close to three dozen rated 'critical' and exploit code publicly available for at least three vulnerabilities. This record-breaking update volume is being attributed in part to AI-accelerated vulnerability discovery, signaling a structural shift in patch management workload for defenders.

  2. 2
    0
    BleepingComputer general
    Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws

    Microsoft's June 2026 Patch Tuesday addressed 200 vulnerabilities including three publicly disclosed zero-days, making it the largest single monthly patch release in the company's history. Security teams running Windows environments face an immediate prioritization challenge given the combination of publicly available exploits and critical-rated flaws across Windows OS and supported software.

  3. 3
    0
    SecurityWeek general
    Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks

    A critical authentication bypass zero-day in Check Point Remote Access VPN and Mobile Access has been actively exploited since early May 2026 by a Qilin ransomware affiliate, allowing VPN connections without valid credentials. CISA issued a binding directive giving U.S. federal agencies just three days to patch the flaw, reflecting the severity and active exploitation in the wild.

  4. 4
    0
    The Hacker News general
    Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now

    Google patched CVE-2026-11645, a CVSS 8.8 out-of-bounds read/write vulnerability in the Chrome V8 JavaScript engine, marking the fifth Chrome zero-day exploited in 2026. The fix is included in Chrome 149.0.7827.103, and users should update immediately given active in-the-wild exploitation reported by an anonymous researcher in late April.

  5. 5
    0
    The Hacker News general
    Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

    Veeam patched CVE-2026-44963, a CVSS 9.4 critical RCE flaw in Backup & Replication that allows any authenticated domain user to execute remote code on the backup server. Given Veeam's prevalence in enterprise backup infrastructure and its history as a ransomware target, this vulnerability warrants urgent patching.

  6. 6
    0
    The Hacker News general
    Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

    The Miasma supply chain worm compromised 73 Microsoft GitHub repositories across Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations, injecting an information stealer into open-source code and disrupting CI/CD pipelines. Microsoft temporarily took repositories offline while investigating; the attack originated from a GitHub account previously compromised in an earlier Miasma campaign against Microsoft.

  7. 7
    0
    The Hacker News general
    WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

    Russia-aligned threat actors Earth Dahu (Gamaredon) and SHADOW-EARTH-066 (UAC-0226) are actively exploiting CVE-2025-8088, a WinRAR path traversal flaw patched in July 2025, in ongoing campaigns targeting Ukrainian military and government organizations. Trend Micro attributes the attacks to data theft and cyberespionage objectives, demonstrating that patched vulnerabilities remain effective against organizations slow to update.

  8. 8
    0
    BleepingComputer general
    ServiceNow discloses security incident exposing customer data

    ServiceNow disclosed a security incident in which attackers exploited an unauthenticated access flaw via a vulnerable API endpoint to query data from customer instances. The breach affects customers using ServiceNow's SaaS platform and underscores risks from unauthenticated API exposure in enterprise workflow systems.

  9. 9
    0
    The Hacker News general
    Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

    University of Toronto researchers published a preprint on arXiv demonstrating a proof-of-concept self-replicating AI worm that uses a locally hosted open-weight LLM to autonomously traverse networks, generate target-specific attack strategies, and replicate—entirely without human intervention or commercial AI services. The research demonstrates that capable offensive AI agents no longer require cloud-connected frontier models, lowering the barrier for autonomous cyberattacks.

  10. 10
    0
    CyberScoop general
    Cisco customers encounter another SD-WAN zero-day under attack

    Cisco's SD-WAN products are under active exploitation from a seventh zero-day vulnerability discovered so far in 2026, with no patch yet available from the vendor. The sustained pattern of unpatched SD-WAN zero-days in Cisco products represents a critical ongoing risk for enterprise network perimeters relying on this infrastructure.