Actively exploited critical unauthenticated remote code execution vulnerability via PHP eval() injection in Everest Forms Pro WordPress plugin. Allows attackers to execute arbitrary code without authentication.
Update Everest Forms Pro immediately to version beyond 1.9.12. Review WordPress access logs for exploitation attempts. Scan website for webshells or malicious code. Change all WordPress credentials and API keys.
Source: WordPress • Published: 2026-06-10
Microsoft June 2026 Patch Tuesday addresses 200 unique CVEs, representing largest monthly security release since 2017. Includes five publicly disclosed zero-day vulnerabilities and one actively exploited in attacks. Historic volume indicates significant security technical debt accumulation requiring immediate organizational response.
Establish emergency patching task force. Prioritize systems by exposure and criticality. Deploy patches in accelerated rings starting with internet-facing systems. Monitor for exploitation attempts during patching window. Document patching status for compliance. Consider maintenance windows for critical systems requiring downtime.
Source: Microsoft • Published: 2026-06-10
Incomplete comparison with missing factors vulnerability in Arista Extensible Operating System. Added to CISA KEV catalog based on evidence of active exploitation in the wild.
Apply Arista security updates immediately. Review network device logs for unauthorized access attempts. Implement network segmentation to limit lateral movement. Follow CISA binding operational directive to remediate by specified deadline.
Source: CISA • Published: 2026-06-10
Out-of-bounds read and write vulnerability in Google Chromium V8 JavaScript engine. Added to CISA KEV catalog due to active exploitation, affecting all Chromium-based browsers including Chrome, Edge, and Brave.
Update all Chromium-based browsers immediately to latest versions. Deploy browser updates via automated management systems. Consider blocking JavaScript on untrusted sites. Monitor for suspicious browser crashes or behavior.
Source: CISA • Published: 2026-06-10
Series of ongoing attacks on open source developers resulted in massive hacks targeting big tech companies and customers. Compromised security tools including Aqua Security's Trivy, Bitwarden, and Checkmarx. Backdoored software stole passwords, credentials, and tokens from users, enabling downstream compromises of OpenAI and Vercel among others.
Audit all open source dependencies for malicious code. Implement software composition analysis tools. Monitor for suspicious auto-updates. Rotate all credentials and tokens potentially exposed. Review supply chain security practices. Implement dependency pinning and verification. Subscribe to security advisories for critical dependencies.
Source: BleepingComputer • Published: 2026-06-10
NSA published comprehensive guidance on Model Context Protocol security in May 2026. MCP's rapid adoption by OpenAI, Google, Microsoft, and Block has created significant attack surface. Each wired MCP server provides AI agents access to databases, source code, email, cloud APIs, and production systems, creating urgent security concerns with real CVEs and exploitation incidents.
Implement authentication and authorization for all MCP servers. Align tools and models with data classification zones per NSA guidance. Deploy monitoring and logging for MCP communications. Conduct security review of all MCP integrations. Implement principle of least privilege for AI agent access. Establish MCP security governance framework.
Source: NSA • Published: 2026-05-01
BadHost header validation bypass vulnerability in Starlette ASGI framework with CVSS 6.5. Enables authentication bypass when chained with CVE-2026-42271, resulting in unauthenticated remote code execution against LiteLLM deployments.
Update Starlette to version 1.0.1 or later immediately. Implement strict Host header validation at reverse proxy level. Review authentication logs for bypass attempts. Deploy web application firewall rules to block malicious Host headers.
Source: Horizon3.ai • Published: 2026-06-10
Cross-site scripting vulnerability in Discourse AI-powered content triage feature. Raw LLM output rendered using htmlSafe in Review Queue without adequate sanitization. Enables prompt injection attacks forcing AI to return malicious JavaScript executing when Staff members view flagged posts.
Update Discourse to latest patched version. Implement strict output sanitization for all AI-generated content. Review Review Queue access logs. Enable Content Security Policy headers. Train moderators on prompt injection risks.
Source: Discourse • Published: 2026-06-10
Qilin ransomware is the most active ransomware operation in 2026 with over 500 victims claimed in 2026 alone (1,500 total since launch). Between June 2-5, 2026, claimed 15 new victims across nine countries in 72 hours. Confirmed exploitation of Check Point VPN zero-day CVE-2026-50751. Healthcare sector particularly targeted with 168 confirmed victims.
Implement comprehensive backup strategy with offline copies. Deploy EDR solutions and monitor for Qilin indicators of compromise. Patch Check Point VPN systems immediately. Segment networks to limit lateral movement. Conduct tabletop exercises for ransomware response. Review and test incident response plans.
Source: MOXFIVE • Published: 2026-06-10
China-aligned nation-state actor Salt Typhoon achieved deep, persistent access to U.S. government communications. Successfully targeted U.S. House Committee staff emails, focusing on national security committees with China oversight. Confirms persistent access to U.S. telecommunications carriers.
Conduct comprehensive threat hunting across government networks. Implement zero trust architecture for sensitive communications. Deploy enhanced monitoring on telecommunications infrastructure. Review and rotate credentials for compromised personnel. Engage federal incident response resources for remediation.
Source: NJCCIC • Published: 2026-01-09
Most significant wartime cyberattack by Iran against American targets following February 28, 2026 military strikes that killed Iran's Supreme Leader. Stryker Corporation, one of world's largest medical device companies, had tens of thousands of employees forced offline, causing global operational disruption.
Implement enhanced monitoring for Iranian threat actor TTPs. Establish crisis communication protocols. Deploy DDoS mitigation services. Conduct business continuity exercises. Engage with CISA for threat intelligence sharing. Harden critical systems against destructive attacks.
Source: U.S. Government Officials • Published: 2026-03-11
China-linked group UNC3886 breached all four of Singapore's major telecommunications providers in months-long espionage campaign. Used zero-day exploits and rootkits for persistent access. Singapore mounted 11-month counteroperation CYBER GUARDIAN, its largest ever, to evict attackers.
Conduct comprehensive telecommunications infrastructure security assessment. Deploy rootkit detection tools. Implement enhanced logging and monitoring. Review zero-day protection strategies. Establish information sharing with national cybersecurity agencies. Conduct threat hunting for UNC3886 indicators.
Source: Singapore Cyber Security Agency • Published: 2026-06-10
ShinyHunters threat group breached Instructure's Canvas LMS twice, stealing data of 30+ million students and staff. After ransom non-payment, hackers returned and defaced school login screens during finals period, disrupting exams across United States. Instructure eventually paid ransom despite FBI discouragement.
For educational institutions using Canvas: Reset all credentials immediately. Monitor for identity theft affecting students and staff. Provide credit monitoring services. Review data access logs. For Instructure: Implement enhanced security controls. Conduct third-party security assessment. Establish bug bounty program to identify vulnerabilities before exploitation.
Source: BleepingComputer • Published: 2026-06-10
The Gentlemen ransomware group, appearing in August 2025, expanded rapidly from 35 victims in Q4 2025 to 182 in Q1 2026, making it second most active group. Highly adaptive threat using dual-extortion tactics, advanced evasion techniques, and cross-platform deployment. Indicates participation of experienced affiliates and operators.
Implement multi-layered defense strategy including network segmentation, EDR deployment, and privileged access management. Monitor for The Gentlemen tactics, techniques, and procedures. Enhance email security to block initial access attempts. Deploy deception technologies. Maintain offline encrypted backups.
Source: CYFIRMA • Published: 2026-06-10
Russia's GRU military intelligence agency compromising home and small office routers to redirect internet traffic through controlled servers. Enables credential interception and network mapping for further targeting. Large-scale campaign affecting civilian infrastructure.
Update router firmware immediately. Change default credentials on all network devices. Disable remote management features if not required. Implement network traffic monitoring. Use VPN for sensitive communications. Review router logs for unauthorized configuration changes.
Source: NCSC • Published: 2026-06-01
Russian threat group APT28 targeting government and military entities using Microsoft Office vulnerability CVE-2026-21509. Multi-stage attack chain designed for stealth during post-exploitation, consistent with sophisticated nation-state operations.
Apply Microsoft Office security patches immediately. Implement advanced email security with sandboxing. Deploy endpoint detection and response solutions. Conduct user awareness training on APT28 tactics. Monitor for lateral movement and data exfiltration. Engage threat intelligence feeds for APT28 indicators.
Source: GTIG • Published: 2026-06-10
Qilin ransomware claimed responsibility for cyberattack against Sysco, world's largest food distributor. Listed on dark web leak site with May 12, 2026 deadline. Published screenshots of alleged internal documents as proof of compromise, threatening additional data release if demands not met.
For Sysco: Engage incident response team immediately. Preserve evidence for law enforcement. Assess data exfiltration scope. Notify affected parties per regulatory requirements. For other organizations: Review food supply chain security. Implement Qilin-specific detection rules. Enhance monitoring of critical business systems.
Source: BleepingComputer • Published: 2026-05-12
ServiceNow disclosed security issue on June 5, 2026 allowing unauthenticated users to gain greater access to ServiceNow instances than intended. Confirmed that attackers exploited flaw to successfully query customer instance tables. Security update applied to hosted customer instances.
For ServiceNow customers: Review instance access logs for unauthorized queries. Audit data accessed during vulnerability window. Reset credentials and API keys. For ServiceNow: Conduct thorough security assessment of platform. Implement enhanced authentication controls. Establish bug bounty program. Improve security transparency and customer notification procedures.
Source: ServiceNow • Published: 2026-06-05
UN World Food Programme disclosed breach of Palestine self-registration application affecting 600,000 Gaza households. Compromised data included names, ID numbers, phone numbers, and location information including neighborhood data recorded during registration.
For WFP: Notify affected individuals. Secure application and conduct security assessment. Review access controls and authentication. For aid organizations: Implement security by design for humanitarian applications. Encrypt sensitive beneficiary data. Conduct regular security audits. Establish incident response procedures for humanitarian operations.
Source: UN World Food Programme • Published: 2026-06-10
UK handling four nationally significant cyber incidents every week, with majority now traced to hostile foreign governments rather than criminal hackers. NCSC Chief Executive Richard Horne confirmed shift from criminal to nation-state attribution. UK government unveiled £90 million package to bolster digital defences.
Implement enhanced nation-state threat detection capabilities. Engage with NCSC for threat intelligence sharing. Deploy advanced persistent threat hunting programs. Review and update incident response plans for nation-state scenarios. Participate in UK government cybersecurity initiatives. Enhance critical infrastructure protection measures.
Source: NCSC • Published: 2026-06-10
At least 35 new CVE entries disclosed in March 2026 directly resulting from AI-generated code, up from 6 in January and 15 in February 2026. Represents emerging threat where AI coding assistants introduce vulnerabilities into production codebases at scale.
Implement mandatory code review for all AI-generated code. Deploy static and dynamic application security testing. Establish secure AI coding guidelines. Train developers on AI code generation risks. Monitor CVE feeds for AI-generated code vulnerabilities. Consider limiting AI code generation in security-critical components.
Source: GTIG • Published: 2026-03-31
CVE-2026-3300: Actively exploited critical unauthenticated remote code execution vulnerability via PHP eval() injection in Everest Forms Pro WordPress plugin. Allows attackers to execute arbitrary code without authentication.