Archive for June 2026
The biggest Patch Tuesday in Microsoft history dropped yesterday: 200 vulnerabilities. 33 Critical. 3 disclosed zero-days.
The biggest Patch Tuesday in Microsoft history dropped yesterday: 200 vulnerabilities. 33 Critical. 3 disclosed zero-days. And then â hours after the patches shipped â a researcher published an unpatched one that works on fully updated Windows 10 and 11. You patched everything available. You still have a gap. Here is what the June 9…
Read MoreMay 2026 Cybersecurity Roundup: Pharma, Social Engineering, and Critical CVEs
The May 2026 Cybersecurity Roundup covers a month where attackers targeted pharmaceutical supply chains, municipal finances, retail franchise networks, and advanced electronics manufacturing. The victims differed significantly in sector and geography, but the underlying patterns were consistent: ransomware operators, financially motivated groups, and state-linked actors all pursued access to trusted systems — and found it.…
Read MoreYour Check Point VPN has a zero-day. Qilin ransomware is already using it.
Your Check Point VPN has a zero-day. Qilin ransomware is already using it. The vulnerability requires no stolen credentials, no phishing, no user interaction. It requires only that your VPN still supports a protocol from 2005. CVE-2026-50751, disclosed on June 8, is an authentication bypass in Check Point Remote Access VPN and Mobile Access. The…
Read MoreOpening a repository is now an attack surface. Microsoft learned this the hard way.
Opening a repository is now an attack surface. Microsoft learned this the hard way. The Miasma supply chain worm did not wait for developers to run code. It executed the moment they opened a repository in their AI coding assistant. On June 5â6, GitHub disabled 73 repositories across Microsoft’s Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations…
Read MoreOne click. Full access to every private repository your developer can reach.
One click. Full access to every private repository your developer can reach. Researcher Ammar Askar published a working exploit for a VS Code zero-day on June 2 â after going through Microsoft’s disclosure process and losing confidence in the response timeline. He dropped it publicly. Microsoft patched within 24 hours. The target: GitHub’s browser-based editor,…
Read More
