Your Security Digest · 05 jun

Today, 271 things to read.

68 critical · 203 to skim · nothing on fire

Data source: supabase

tracked271

critical68

active exploit0

271 incidents · last 30 daysupdated live

Jun 051d ago

…

criticalzero-dayexploited in the wild

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245 ) actively exploited in attacks enabling root privilege escalation.

aeo—socialX 0% · Reddit 0% · GitHub 100%

Today, 271 things to read.

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

UN food agency discloses breach affecting 600,000 Gaza households

Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook

Cisco warns of critical Unified CM flaw with PoC exploit code

Credit card theft campaign abuses Stripe to host stolen payment info

Brave Software releases Origin for a paid, bloat-free browsing experience

Hola Browser for Windows compromised to deliver cryptominer

DentaQuest data breach exposed info of 2.6 million accounts

New IronWorm malware hits 36 packages in npm supply-chain attack

Microsoft blames unexpected Windows driver updates on caching issue

Police dismantles fake ID marketplace used by migrant smugglers

NAVTOR NavBox

Hitachi Energy MACH HiDraw

Hitachi Energy ITT600 Explorer

Hitachi Energy RTU500

B&R PPT30 Operating System

U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors

CISA warns of cyberattacks targeting fuel tank monitoring systems

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute

CISA warns of active attacks exploiting Android, Linux bugs

Acer working to patch max severity zero-days in Wave 7 routers

CISA Adds One Known Exploited Vulnerability to Catalog

Chinese hackers use new Atlas RAT malware in European cyberattacks

What 345 Days of Untested Exposure Looks Like at a Bank

Police dismantles 9 crime groups in illegal streaming crackdown

Google adds Android protection against AI deepfake scam calls

VS Code zero-day lets hackers steal GitHub tokens in one click

CISA flags two-year-old Oracle flaw as actively exploited in attacks

Google fixes one actively exploited Android zero-day, 124 flaws

Critical Kirki flaw exploited to hijack WordPress admin accounts

AI-built ransomware toolkit automates EDR evasion, AD discovery

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Microsoft's Coreutils project brings Linux commands to Windows

OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models

Over 116,000 Minecraft systems infected in WeedHack malware campaign

Microsoft Exchange Online outage causes email delays, failures

CISA and Partners Urge Hardening Automatic Tank Gauge Systems

Race Against Time: Why Faster Vulnerability Alerts Matter

Critical Windows Netlogon RCE flaw now exploited in attacks

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Spain arrests doxer leaking sensitive data of govt employees

CISA Adds One Known Exploited Vulnerability to Catalog

Red Hat npm packages compromised to steal developer credentials

Dashlane password manager users locked out by brute force attacks

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

WordPress malware campaign hides payloads in Steam profiles

Microsoft investigates Office Apps, Teams file access issues

Webinar tomorrow: From alert to resolution in network incident response

Microsoft fixes outage affecting MFA setup, MySignIn service

Microsoft fixes KB5089549 Windows security update install issues

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

New CIFSwitch Linux flaw gives root on multiple distributions

Google Chrome adds session cookie theft protection for all users

Dutch govt disrupts malware botnet with 17 million infected devices

CISA Adds One Known Exploited Vulnerability to Catalog

ChatGPT share links abused to host fake outage pages to deliver malware

California AG sues 23andMe over 2023 breach exposing health data

From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market

Man sent to prison for selling data of 7 millions elderly Americans

US charges Google security engineer with Polymarket insider trading

Charter Communications data breach affects 4.9 million accounts

Anthropic confirms Claude Mythos-class models will roll out to the public

Hackers exploit FortiClient EMS flaw to push infostealer malware

New Gogs zero-day flaw lets hackers get remote code execution

Romanian gets 5 years in prison for hacking Oregon govt network

Supply Chain Compromises Impact Nx Console and GitHub Repositories

Carnival Cruise confirms data breach affecting nearly 6 million people

Sextortionist sentenced to 33 years for targeting 145 children

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

BTMOB Android malware service generates custom phishing payloads

FBI warns of fake FIFA websites running World Cup fraud schemes

ABB EIBPORT

Schnieider Electric EcoStruxure Machine Expert HVAC

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter

ABB Busch-Welcome 2 Wire Door Opener Actuator

Fourth Frontier Frontier X Mobile Application, Frontier X2

CP Plus 8 Ch. Network Video Recorder

XCharge C6