Hello all,
This week has brought a patchacopalipse with a surprisingly large number of vendors releasing critical or high severity patches to plug holes and defects. Microsoft was one of the top gift-givers with 200 or more patches for Patch Tuesday, 3 of which are classified as zero-days. I’ll round them all up in a moment. There’s a lot to get through, so onward.
Headline NEWS:
- Anthropic launched Claude Fable 5 to bring Claude Mythos class AI to the masses. Apparently, someone quickly bypassed the guardrails that Anthropic had built, prompting the US Government to order the vendor to immediately restrict Fable to only US based consumers. Anthropic replied that it wasn’t possible to limit to that subset of users, so they took Claude Fable 5 offline. This is all still very fresh, so it’ll be interesting to see what Monday brings. But, for now, Fable is offline.
- Ghost-Sender is the name given to a newly exposed way that threat actors have been abusing the Microsoft Exchange Online infrastructure to send malicious emails to organizations, that bypass most restrictions and checks. The linked article provides information on determining if you are vulnerable, and how to mitigate.
- Patch, patch, and patch some more. Adobe, Check Point, FFmpeg, Fortinet, Gogs, Google, Ivanti, LiteLLM, Microsoft, OpenSSL, Oracle, SAP, Splunk, Palo Alto, Ubiquiti, Veeam, and Broadcom VMware all released patches this week that need to be vetted and prioritized. Most are critical and need attention now. Be sure you check the full listing of links to go to the detailed information.
In Ransomware, Malware, and Vulnerabilities News:
- CISA new directive on patching sets out requirements for Federal agencies that score vulnerabilities based on four criteria. If all four are present, then the vulnerability must be patched within three days. The next level is 14 days, and then 60 days, depending on the score the defect achieves. It seems like a well measured response to an increasingly difficult task. Their BSOD is worth reading to get details.
In Other News Events of Note and Interest:
- Apple’s WWDC was last week, and as expected, lots of announcements and reveals happened at the event. Apparently, there were more than 250 changes to iOS27, the Apple AI is finally getting some more love, and there are lots more items to read about in the linked articles.
Musings
As I write this, I’m being assaulted by a tiny blood-sucking evil threat actor straight from the pits of hell, a mosquito. It is amazing how much disruption and unpleasantness just a single tiny thing can cause. Cyber Threat Actors are like that mosquito, persistent, blood-sucking evil. And all it takes to royally mess with your day is just one getting past your defenses.
Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Adobe Patches 123 Vulnerabilities
- Anthropic brings Mythos to the masses with Claude Fable 5, its most powerful generally available model ever
- Anthropic suspends new AI models after government directive
- Statement on the US government directive to suspend access to Fable 5 and Mythos 5 \ Anthropic
- Ghost-Sender – Universal Email Spoofing against Exchange Online
- Exchange Flaw Lets Attackers Spoof Any Email Address
- Google Patches 5th Chrome Zero-Day Exploited in 2026
- Ivanti: Max severity Sentry flaw allows code execution as root
- Critical Vulnerabilities Patched in Fortinet, Ivanti Products
- Ivanti urges Sentry users to patch two critical bugs
- Microsoft Patches 200 Vulnerabilities
- Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
- Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks
- SAP fixes critical flaws in NetWeaver and Commerce Cloud
- SAP Security Patch Day June – Critical Vulnerabilities in SAP
- Splunk, Palo Alto Networks Patch Severe Vulnerabilities
- UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials
Ransomware, Malware, and Vulnerabilities News
- Good News, Government News, and Interesting
- FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs
- CMMC has moved from planning to enforcement and contractors are feeling it
- CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
- CISA orders feds to patch actively exploited Ivanti flaw by Sunday
- CISA directive orders agencies to prioritize vulnerability patching in a new way
- CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
- Anthropic Embeds Engineers in the NSA to Deploy Mythos
- FBI Boston Supports International Takedown of First VPN Service Used by Ransomware Actors to Compromise Businesses Worldwide
- FBI launches Operation Riptide to crack down on cybercrime networks
- Suspected Russian hacker from ‘Void Blizzard’ group charged in US
- Vulnerabilities and Exploits
- Attackers had month-long head start on patched Check Point VPN zero-day
- Check Point VPN Flaw Exploited Since Early May
- Gogs patches critical zero-day enabling remote code execution
- One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
- New Linux Kernel Vulnerability Lets Attackers Escalate Privileges to Root
- LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
- Linux Sees Patches For “Critical” Vulnerability Affecting Many Arm CPUs
- China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
- Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
- 21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks
- Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
- OpenSSL Patches High-Severity Vulnerability Found With AI
- Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
- Windows BitLocker 0-Day Vulnerability Allow Attackers to Bypass Security Feature
- ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker
- Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
- ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
- Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
- No Patch Planned for Exploited Arista EOS Vulnerability
- Every employee’s password was stored in a single Excel file
- Palo Alto PAN-OS Vulnerability Allow Attackers to Arbitrary Commands as a Root User
- phpBB forum fixes auth bypass bug lurking for a decade
- Phishing, Malware, and Similar
- Cybercriminals are moving away from mass phishing campaigns
- Pirated PC games are delivering password-stealing malware
- WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order
- AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
- For the 2nd time in weeks, Microsoft packages laced with credential stealer
- C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
- Hackers Impersonate Ghidra, dnSpy, and SpiderFoot to Spread Malware
- China-linked JDY botnet expands targeting of U.S. military networks
- Hackers Use Tax Phishing Emails to Deploy In-Memory Malware on Windows Systems
- Breaches, Leaks, and Ransomware
- Silent Ransom Group targets law firms with fake IT support calls
- Meta confirms thousands of Instagram accounts were hacked by abusing its AI chatbot
- Oxford University hit by second data breach in a month
- Troy Hunt: 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
- New Pink Hacking Group Attacking Enterprise Users to Steal Cloud Storage Passwords
- 174,000 Impacted by Lansing Community College Data Breach
- Dashlane explains how attackers managed to download encrypted password vaults
- French govt messaging service breached in account hijacking attack
- Check Point links VPN zero-day attacks to Qilin ransomware gang
- Coupang hit with record $409 million data breach fine in Korea
- UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
- 4M+ VRChat users’ data accessed following cloud breach
- The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
- Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
- ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
Other News Events of Note and Interest
- Smart Glasses Would Legally Require a Recording Light Under Proposed Law
- Motorola effectively bricked its entire line of WiFi routers without explanation
- Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow
- I can’t wait for this new Chrome security feature to take off
- These parody Google icons are better than the new update
- Apple introduces systemwide dictation
- Apple’s iOS 27, macOS 27 Golden Gate, and other updates focus on refinement
- The Document Foundation Slams Euro-Office Before Public Launch
- LibreOffice gives its Ribbon-style UI a pop of color
- FBI reveals 22,000-square-foot fake town in Alabama used to train agents for cyber warfare
- AI, LLM’s, and Skynet
- Initial impressions of Claude Fable 5
- What it feels like to work with Mythos
- Anthropic Says ‘We Made the Wrong Tradeoff’ in New Model Guardrails
- Satya Nadella Says AI Agents Should Be Treated Like Human Employees
- Anthropic: Mythos AI rapidly exploits new software flaws
- Apple Reveals New A.I.-Powered Version of Its Siri Digital Assistant
- Apple Shares Massive List of Over 250 Changes Across iOS 27, macOS Golden Gate, and More
- Microsoft just made the agent runtime free — and kept everything around it
- AI is making Patch Tuesday (kinda) fun again
- Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
- Google Sues Chinese Cybercrime Network for Using Gemini AI to Launch Cyberattacks
- Microsoft
- Microsoft released new Defender update for Windows 11, 10, Server ISO installations
- Microsoft releases new Windows 11 Media Creation Tool with the latest updates
- Microsoft Defender now monitors RPC activity
- Microsoft making much needed change to Windows 11, 10 Patch Tuesday security updates
- Microsoft Entra ID security updates: What organizations need to do now
- Windows 10 KB5094127 Patch Tuesday improves File Explorer search and more
- Released: June 2026 Exchange Server Security Updates
- Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
- Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
- Microsoft explains why PowerToys 0.100.0 is faster and slimmer, there are new features too
- Major Microsoft Edge versions will now ship every two weeks: Microsoft confirms plans to ship new Edge features and changes twice a month
- Microsoft wants to end printer driver headaches with Windows Ready Print
- Introducing Windows Ready Print and Modernized Driver Selection
- Microsoft explains how it made Teams so much faster in 2026
- Microsoft: Some Windows PCs fail to install latest monthly updates
- Microsoft fixes BitLocker recovery bug on Windows Server 2025
- Windows 11 KB5094126 BSODs some PCs (HP?), breaks OneDrive in File Explorer, and other issues confirmed