Daily Threat Briefing — Jun 01, 2026

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 1, 2026.

1. Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)
   — SANS ISC
   
   Introduction
2. YARA-X 1.17.0 Release, (Sun, May 31st)
   — SANS ISC
   
   YARA-X's 1.17.0 release brings 5 improvements (several performance improvements) and 1 bugfix.
3. WP Maps Pro bug exploited to create admin accounts on WordPress sites
   — Bleeping Computer
   
   Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator a…
4. Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
   — The Hacker News
   
   Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartpho…
5. Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
   — Bleeping Computer
   
   Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, i…
6. New CIFSwitch Linux flaw gives root on multiple distributions
   — Bleeping Computer
   
   A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authe…
7. PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
   — The Hacker News
   
   Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under acti…
8. Name That Toon: Mark of (Cybersecurity) Progress
   — Dark Reading
   
   As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about …
9. ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
   — The Hacker News
   
   Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assist…
10. Asia's Cyber Insurance Market Shows Signs of Life
    — Dark Reading
    
    The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing.
11. With Complex Cloud Integrations, Small Errors Lead to Major Compromises
    — Dark Reading
    
    Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have comprom…
12. ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th)
    — SANS ISC
    
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6724 in last 30 days).
Critical: 1 · High: 7 · Medium: 8 · Low: 4. View full dashboard →

1. CVE-2026-10204
   — CVSS 6.3 (MEDIUM)
   
   A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query I…
2. CVE-2026-10203
   — CVSS 6.3 (MEDIUM)
   
   A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java of the component JSON Query Inte…
3. CVE-2026-10202
   — CVSS 6.3 (MEDIUM)
   
   A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemDictController.java of the component JSON Query Int…
4. CVE-2026-10201
   — CVSS 3.3 (LOW)
   
   A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead t…
5. CVE-2026-10200
   — CVSS 5.3 (MEDIUM)
   
   A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4×4 Matrix Parser. Performing a manipulation results in heap-based buffer over…
6. CVE-2026-10199
   — CVSS 3.3 (LOW)
   
   A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. Th…
7. CVE-2026-10198
   — CVSS 3.3 (LOW)
   
   A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null poi…
8. CVE-2026-48210
   — CVSS 5.7 (MEDIUM)
   
   An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unint…
9. CVE-2026-10197
   — CVSS 3.3 (LOW)
   
   A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation r…
10. CVE-2026-10194
    — CVSS 6.3 (MEDIUM)
    
    A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipul…
11. CVE-2026-10193
    — CVSS 6.3 (MEDIUM)
    
    A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollerComnController.java of the component ComnControll…
12. CVE-2026-10192
    — CVSS 8.8 (HIGH)
    
    A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The at…
13. CVE-2026-10191
    — CVSS 8.8 (HIGH)
    
    A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer ove…
14. CVE-2026-10190
    — CVSS 6.5 (MEDIUM)
    
    A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time r…
15. CVE-2026-10189
    — CVSS 8.8 (HIGH)
    
    A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It i…
16. CVE-2026-10188
    — CVSS 8.8 (HIGH)
    
    A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be…
17. CVE-2026-10187
    — CVSS 9.8 (CRITICAL)
    
    A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation …
18. CVE-2026-10186
    — CVSS 7.3 (HIGH)
    
    A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument ed…
19. CVE-2026-10185
    — CVSS 7.3 (HIGH)
    
    A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql inj…
20. CVE-2026-10184
    — CVSS 7.3 (HIGH)
    
    A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 1, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com