Your Security Digest · 12 jun

Today, 250 things to read.

69 critical · 181 to skim · nothing on fire

Data source: supabase

tracked250

critical69

active exploit0

250 incidents · last 30 daysupdated live

Jun 111d ago

…

criticalzero-dayexploited in the wild

CISA tells govt agencies to patch critical exploited flaws in 3 days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies.

aeo—socialX 0% · Reddit 0% · GitHub 100%

Jun 111d ago

…

criticalzero-day

Nottingham University data breach affects over 450,000 students

The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums.

aeo—socialX 0% · Reddit 0% · GitHub 100%

Today, 250 things to read.

CISA tells govt agencies to patch critical exploited flaws in 3 days

Nottingham University data breach affects over 450,000 students

Max severity Ivanti Sentry vulnerability now exploited in attacks

Coupang hit with record $409 million data breach fine in Korea

Microsoft fixes BitLocker recovery bug on Windows Server 2025

Path traversal flaw in AI dev platform Langflow exploited in attacks

Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks

Who Runs the Ransomware Group ‘The Gentlemen?’

Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days

Ivanti: Max severity Sentry flaw allows code execution as root

Anthropic rolls out Claude Fable 5, but it's available for a limited time

China-linked JDY botnet expands targeting of U.S. military networks

The ‘Miasma’ worm source code briefly leaked on GitHub

GitHub announces npm security changes to tackle supply-chain attacks

Microsoft: Some Windows PCs fail to install latest monthly updates

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges

SAP fixes critical flaws in NetWeaver and Commerce Cloud

Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

Google patches new Chrome zero-day flaw exploited in the wild

A Record-Breaking Patch Tuesday for June 2026

ServiceNow discloses security incident exposing customer data

CISA Adds Three Known Exploited Vulnerabilities to Catalog

OpenClaw AI agent found falling for phishing attacks, spills user data

Microsoft releases Windows 10 KB5094127 extended security update

Siemens KACO Blueplanet Inverters

Schneider Electric EcoStruxure Panel Server

Schneider Electric Modicon Network Managed Switches

French govt messaging service breached in account hijacking attack

WhatsApp says it disrupted new NSO spyware phishing attacks

Gogs patches critical zero-day enabling remote code execution

Critical UniFi OS bug lets hackers gain root without authentication

Check Point links VPN zero-day attacks to Qilin ransomware gang

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Over 20,000 Instagram accounts stolen in Meta AI support hack

NFCShare Android malware spreads via fake banking app updates on GitHub

SoFi confirms third-party data breach at Hong Kong subsidiary

New Apple feature automatically changes your compromised passwords

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Oxford University discloses data breach after careers platform hack

C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

Silent Ransom Group targets law firms with fake IT support calls

Hands on with Intelligent Terminal, an AI-powered Windows Terminal

Critical Everest Forms Pro flaw exploited to take over WordPress sites

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

Chinese APT deploys new malware to keep access to hacked networks

Over 900 US gas station tank gauge systems exposed to attacks

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

What 2026 DBIR Confirms: Attacks Are Living in the Browser

CISA Adds One Known Exploited Vulnerability to Catalog

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Dark web Nemesis Market vendor gets 26 years for selling drugs

UN food agency discloses breach affecting 600,000 Gaza households

Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook

Cisco warns of critical Unified CM flaw with PoC exploit code

Credit card theft campaign abuses Stripe to host stolen payment info

Brave Software releases Origin for a paid, bloat-free browsing experience

Hola Browser for Windows compromised to deliver cryptominer

DentaQuest data breach exposed info of 2.6 million accounts

New IronWorm malware hits 36 packages in npm supply-chain attack

Microsoft blames unexpected Windows driver updates on caching issue

Police dismantles fake ID marketplace used by migrant smugglers

NAVTOR NavBox

Hitachi Energy MACH HiDraw

Hitachi Energy ITT600 Explorer

Hitachi Energy RTU500

B&R PPT30 Operating System

U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors

CISA warns of cyberattacks targeting fuel tank monitoring systems

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute

CISA warns of active attacks exploiting Android, Linux bugs

Acer working to patch max severity zero-days in Wave 7 routers

CISA Adds One Known Exploited Vulnerability to Catalog

Chinese hackers use new Atlas RAT malware in European cyberattacks

What 345 Days of Untested Exposure Looks Like at a Bank

Police dismantles 9 crime groups in illegal streaming crackdown

Google adds Android protection against AI deepfake scam calls

VS Code zero-day lets hackers steal GitHub tokens in one click

CISA flags two-year-old Oracle flaw as actively exploited in attacks