Security advisories, patches, and warnings
Alerts
A high-severity flaw in Amazon Q Developer (CVE-2026-12957, CVSS 8.5) let a single config file in a cloned repo run commands and steal live AWS credentials. Amazon patched it in Language Servers for AWS 1.65.0. Update to 1.69.0.
Alerts
Lantronix EDS5000 serial-to-IP converters are under active attack via CVE-2025-67038, a CVSS 9.8 unauthenticated command-injection flaw that yields root code execution. Forescout saw it exploited before public details existed, and CISA has added it to KEV with a 26 June federal deadline.
Alerts
Splunk has patched CVE-2026-20253, a CVSS 9.8 flaw in Splunk Enterprise where an unauthenticated PostgreSQL sidecar endpoint allows arbitrary file writes. watchTowr Labs chained it to pre-auth remote code execution. Splunk Cloud is unaffected - patch to 10.0.7 or 10.2.4 now.
Alerts
A public PoC named GreatXML bypasses BitLocker on Windows systems that have ever run a Defender Offline Scan. With brief physical access, an attacker copies two files to the recovery partition, reboots into WinRE, and gets a SYSTEM shell on the encrypted volume. No patch, no CVE.
Alerts
Nightmare Eclipse has released "RoguePlanet," a Microsoft Defender race-condition zero-day that spawns a SYSTEM shell on fully patched Windows 10 and 11 — including systems with this week's June updates. ThreatLocker independently reproduced it against patched Windows 11. No fix exists yet.
Alerts
SAP's June 2026 Security Patch Day addresses 15 vulnerabilities, four of them critical — led by a CVSS 9.9 XML Signature Wrapping flaw enabling SAML authentication bypass in NetWeaver and an unauthenticated CVSS 9.8 memory corruption bug exploitable via crafted RFC requests.
Alerts
"Ghost-Sender" lets attackers send email as any address — internal or external — to orgs running Exchange Online or hybrid Exchange behind a third-party MX record. SPF, DKIM, and DMARC are all bypassed, fewer than half of exposed orgs have mitigations, and Microsoft says no patch is coming.
Alerts
Veeam has patched CVE-2026-44963, a CVSS 9.4 flaw in Backup & Replication that lets any authenticated domain user execute remote code on the backup server. All version 12 builds are affected — version 13 is immune due to architectural changes. Ransomware groups routinely target Veeam first.
Alerts
Microsoft's June 2026 Patch Tuesday addresses 200 vulnerabilities, including three publicly disclosed zero-days covering a CTFMON privilege escalation, the "HTTP/2 Bomb" denial-of-service technique, and the YellowKey BitLocker bypass released by Nightmare Eclipse.
Alerts
Google has released emergency Chrome 149 updates to patch CVE-2026-11645, a high-severity V8 out-of-bounds read/write zero-day exploited in the wild — the fifth Chrome zero-day patched this year.
Alerts
Three chained vulnerabilities in Ubiquiti UniFi OS Server allow attackers to bypass authentication, execute commands, and escalate to root with no credentials or user interaction — granting full control over network infrastructure, surveillance cameras, and door access systems.
Alerts
Check Point has disclosed active exploitation of a critical authentication bypass vulnerability in its Remote Access VPN and Mobile Access products, tracked as CVE-2026-50751 with a CVSS score of 9.3. The flaw allows an unauthenticated remote attacker to establish a VPN session without a valid password by