Cybersecurity June 2026
Global headlines curated by our intelligent agents.
Latest News
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Anthropic Launches Claude Fable 5, Its First Public Mythos-Class Model
Anthropic today announced the launch of Claude Fable 5, a Mythos-class model that it says is safe for general use. According to Anthropic, Fable 5's capabilities exceed those of any model it has made generally available, and Fable has demonstrated "exceptional performance" for software engineering, knowledge work, vision, scientific research, and more. It outperforms Opus models on longer, more complex tasks. Fable 5 can work autonomously for longer than any prior Claude model.
Anthropic’s too-scary-to-release AI hacking tool is actually coming out — kind of
Considered too dangerous to release to the general public, Fable 5 adds some robust safeguards on top of Mythos 5.
Anthropic just released public Mythos-class AI model called Claude Fable, details here
Back in April, Anthropic unveiled its Claude Mythos AI model that it said was too powerful to publicly release. Instead,...
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam fixes CVE-2026-44963 RCE in 12 builds, blocking authenticated domain users from attacking backup servers.
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject an information stealer.
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Russia-aligned hackers are still exploiting WinRAR CVE-2025-8088 against Ukrainian organizations nearly a year after patches shipped.
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google released security updates for 74 Chrome vulnerabilities, including CVE-2026-11645, a high-severity V8 out-of-bounds memory access flaw.
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active exploitation.
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
CVE-2026-23111 is a Linux kernel nf_tables use-after-free that lets an unprivileged local user escalate to root and escape a container.
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
Meta blocked NSO WhatsApp phishing after a $168M Pegasus ruling, exposing injunction violations and user risk.
Hackers likely hijacked over 20,000 Instagram accounts with Meta’s AI chatbot
Hackers could’ve obtained email addresses, phone numbers, birthdates, and more.
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Critical Check Point VPN flaw CVE-2026-50751 is being exploited to bypass passwords in IKEv1 Remote Access setups.
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a five-month mailbox spy.
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
AI phishing overloads Tier 1 SOCs; ANY.RUN cuts escalations 30% and MTTR by 21 minutes, speeding response.
The Hardest Fork
AI vulnerability chaining overwhelms open source disclosure; 6% upstreamed, forcing trusted forks.
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
VerdantBamboo used BRICKSTORM, PLENET, and AGENTPSD after an 18-month breach, enabling stealthy Linux appliance access.
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
UNC3753 hit dozens of U.S. firms in Jan-May 2026 using vishing and RMM tools, driving rapid data theft extortion.
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
CISA added CVE-2026-28318, a high-severity SolarWinds Serv-U DoS flaw, to its KEV catalog after evidence of active exploitation.
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Cisco Catalyst SD-WAN Manager vulnerability CVE-2026-20245 is under active exploitation and has a CVSS score of 7.8.
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Arabic-speaking users were targeted by Asin spyware via fake utility, war update, and government news sites.
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
A newly identified China-linked threat cluster, OP-512, is targeting Microsoft IIS servers with a custom three-web-shell framework for espionage.
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting CVE-2026-3300, a critical RCE vulnerability (CVSS 9.8) in Everest Forms Pro WordPress plugin (4,000+ installs).
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
Researchers and the FBI warn that fake FIFA domains, banking malware in streaming apps, and stolen logins are already hitting World Cup 2026 fans.