June 6, 2026

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

Microsoft held their Build 2026 conference this week, and there were all sorts of announcements, many revolving around Artificial Intelligence of course, with a few other interesting and surprising items such as a new category of wearable items debuting, a new Majorana Quantum chip, and a new Windows command line based on Linux. Of course, this week brought the usual vulnerabilities, exploits and other, so onward.

Headline NEWS:

  • Acer Wave 7 routers max severity zero-day. Two separate vulnerabilities allow an unauthenticated threat actor to access information and functions on the router. As of publication, there were no firmware update to address this defect. Acer expects to have an update by the end of the month. What day is this?! In the meantime, disable remote management from the internet, if possible, or restrict it to only specific IP addresses. If this isn’t possible, replace this router. Having a known vulnerability like this out there for so long is not acceptable.
  • Cisco Unified Communications Manager and SD-WAN Manager are both in the news. The first has received a patch to plug a critical defect that can allow could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. The danger is that once achieved, the Threat Actor could elevate to root permission. Thankfully, Cisco notes that, “To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.” If you use this, patch quickly. If you can’t make sure the the WebDialer is disabled. The second Cisco item this week is an Authenticated Privilege Escalation Vulnerability in the SD-WAN Manager, and there isn’t a patch yet to specifically address this item, although the May 14, 2026 advisory lists fixed versions that should not be susceptible to this defect that allows “an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.” If the attacker manages to chain a few of the other recent SD-WAN defects (there have been seven so far this year alone) then they are in like Flynn. There are some reports already of active exploitation, so if you have this, don’t wait to address it.
  • Google Chrome version 149 just came out with 429 security fixes, 22 of which are listed as critical. Yep, 429! That’s unbelievable. So far none are reported as being exploited. Please update your browser soon. Expect that most Chromium browsers will be receiving these updates relatively quickly as well. When they show up, don’t put off updating, just do it.
  • Oracle is switching to a new Critical Security Patch Update (CSPU) that will be released monthly. It is high time, their quarterly updates are beyond voluminous and too infrequent, allowing threat actors way too much time to do their evil work before clients receive patches. Unlike Microsoft, and a host of other vendors, Oracle is mercifully releasing their monthly patches on the third Tuesday giving overworked admins a week between major patching. This first release contains fixes for 35 defects, 11 of which are critical. Oracle’s patches are all behind an Oracle paywall. So unless you have an active subscription, no patch for you.

In Ransomware, Malware, and Vulnerabilities News:

  • City of Aurora, IL lost nearly $1.1 million after employee fell for phone scam. It still amazes me that this is a thing in 2026. I would think that anyone handling money would have the required training and safeguards in place to prevent this from happening. But perhaps I’m expecting too much of my fellow human beings.
  • The Newest Instagram “Exploit” is the Goofiest I’ve Seen reinforces that people are the problem (and the solution). Apparently, up until just recently, all you needed to do to hijack someone’s Instagram account was to “tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address” you control. The AI would send a password reset link that even bypassed 2FA. Unbelievable! How did this ever get past the development team and the security checks?

In Other News Events of Note and Interest:

  • Microsoft Office 2019 for Mac will no longer edit documents after July 13. You read that right, if you own a purchased, licensed, copy of Microsoft Office 2019 for Mac, it will stop being able to edit documents after July 13, 2026. According to the Jimmy Tech blog, “Microsoft says a certificate they use to validate your Office license is expiring. When it does, the apps cannot confirm that you have a valid license, so they stop letting you make changes.” That is why I detest software that requires any form of online validation. If I’m paying for subscription, fine, validate me. But, if I’ve purchased software, as long as I stay on a version of the operating system that it was written to function on, it should work until the silicon in my device turns back into sand! Microsoft could certainly renew the certificate, they just won’t. This is just plain wrong.

Musings

Staying up to date with what is going on out there seems like a full-time job these days. I personally invest eight to ten hours a week of my own time to read, understand, and disseminate article links to content that I find relevant and interesting. There are times that I wonder if it is worth it, but in reading and researching, I very quickly realize that it is, at least for me. There’s very little that takes me by surprise in the world of cyber and the daily battle against the hordes of evil threat actors.

Visc. Jan Broucinek

As Sun Tzu said in The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” So, I persevere.

Keep the shields up!

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Tags
Share this with:

Leave a Reply

Your email address will not be published. Required fields are marked *