📰 DAILY THREAT BRIEFING
Wednesday, June 3, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 3, 2026.

  1. Microsoft's Coreutils project brings Linux commands to Windows
    — Bleeping Computer

    Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux com…
  2. OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
    — Bleeping Computer

    OpenAI says it's rolling out a new update that improves the existing GPT-5.5 Instant model, and this move comes ahead of the scheduled retir…
  3. Critical Kirki flaw exploited to hijack WordPress admin accounts
    — Bleeping Computer

    Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user…
  4. Zoom CISO: AI as Security Enabler, Not Role-Replacer
    — Dark Reading

    As Zoom's CISO, Sandra McLeod, discusses the challenges of securing a global communication platform, the promise of AI-driven security workf…
  5. FBI-Flagged Phishing Kit Kali365 Expands Its Reach
    — Dark Reading

    Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device …
  6. DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
    — Dark Reading

    A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that …
  7. Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
    — The Hacker News

    Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, includ…
  8. Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
    — The Hacker News

    The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple…
  9. Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
    — The Hacker News

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Ser…
  10. The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
    — Unit 42

    Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The…
  11. Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
    — Unit 42

    Operation FlutterBridge is a malvertising campaign targeting macOS users. It distributed the new backdoor FlutterShell, built using the Flut…
  12. New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)
    — SANS ISC

    For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG ("Scalable Vector Graphic") is a web-friendly vec…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7207 in last 30 days).
Critical: 1 · High: 6 · Medium: 13 · Low: 0. View full dashboard →

  1. CVE-2026-9732
    — CVSS 4.3 (MEDIUM)

    The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validatio…
  2. CVE-2026-7421
    — CVSS 4.4 (MEDIUM)

    The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the `get_shop_url()` method returning the `shop_name` setting value withou…
  3. CVE-2026-10692
    — CVSS 4.3 (MEDIUM)

    A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the argument regex can lead to…
  4. CVE-2026-10691
    — CVSS 4.3 (MEDIUM)

    A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the arg…
  5. CVE-2026-10690
    — CVSS 6.3 (MEDIUM)

    A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url l…
  6. CVE-2026-44653
    — CVSS 6.5 (MEDIUM)

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets …
  7. CVE-2026-41412
    — CVSS 4.9 (MEDIUM)

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client (`simpleHttpClien…
  8. CVE-2026-35482
    — CVSS 8.0 (HIGH)

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authen…
  9. CVE-2026-32625
    — CVSS 9.6 (CRITICAL)

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders against the server's pro…
  10. CVE-2026-31942
    — CVSS 7.1 (HIGH)

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT …
  11. CVE-2026-25861
    — CVSS 5.9 (MEDIUM)

    QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::e…
  12. CVE-2026-10688
    — CVSS 5.5 (MEDIUM)

    A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation o…
  13. CVE-2026-10662
    — CVSS 6.3 (MEDIUM)

    A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the component ZIP File Handler.…
  14. CVE-2026-10661
    — CVSS 4.3 (MEDIUM)

    A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the argument input_image_url…
  15. CVE-2026-10650
    — CVSS 5.3 (MEDIUM)

    A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol Handler. Executing a mani…
  16. CVE-2025-15653
    — CVSS 6.8 (MEDIUM)

    Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB…
  17. CVE-2024-14036
    — CVSS 7.5 (HIGH)

    Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages…
  18. CVE-2022-4992
    — CVSS 8.6 (HIGH)

    Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote at…
  19. CVE-2021-4481
    — CVSS 8.2 (HIGH)

    Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges…
  20. CVE-2021-4480
    — CVSS 8.2 (HIGH)

    Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 3, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com