📰 DAILY THREAT BRIEFING
Saturday, June 6, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 6, 2026.

  1. Suspicious Polyfill login prompts pop up on Toshiba, Muji websites
    — Bleeping Computer

    Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credent…
  2. CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
    — Bleeping Computer

    CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. […]
  3. Exposed Fuel Tank Gauges Under Attack in the US
    — Dark Reading

    Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.
  4. Chinese APT deploys new malware to keep access to hacked networks
    — Bleeping Computer

    A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undo…
  5. IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
    — The Hacker News

    Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 …
  6. Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
    — The Hacker News

    Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cyb…
  7. Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
    — Dark Reading

    AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, res…
  8. Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
    — Unit 42

    We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-…
  9. Trump AI Order Seeks Voluntary Frontier Model Testing
    — Dark Reading

    The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal …
  10. New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
    — The Hacker News

    Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has b…
  11. The Evil MSI Background is Back!, (Fri, Jun 5th)
    — SANS ISC

    A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[1]. Yesterday, I sp…
  12. ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7277 in last 30 days).
Critical: 2 · High: 10 · Medium: 8 · Low: 0. View full dashboard →

  1. CVE-2026-7654
    — CVSS 8.8 (HIGH)

    The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes`…
  2. CVE-2026-7523
    — CVSS 4.3 (MEDIUM)

    The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This…
  3. CVE-2026-11416
    — CVSS 8.1 (HIGH)

    MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a…
  4. CVE-2026-11422
    — CVSS 7.1 (HIGH)

    Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content…
  5. CVE-2026-46493
    — CVSS 7.5 (HIGH)

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.
  6. CVE-2026-46397
    — CVSS 6.5 (MEDIUM)

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to r…
  7. CVE-2026-46357
    — CVSS 6.5 (MEDIUM)

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the c…
  8. CVE-2026-45758
    — CVSS 9.6 (CRITICAL)

    Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who install…
  9. CVE-2026-45300
    — CVSS 7.4 (HIGH)

    The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak `Co…
  10. CVE-2026-25624
    — CVSS 5.7 (MEDIUM)

    An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management – Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables …
  11. CVE-2026-25623
    — CVSS 6.0 (MEDIUM)

    An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management – Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this expo…
  12. CVE-2026-25622
    — CVSS 6.0 (MEDIUM)

    A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management – Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user inte…
  13. CVE-2026-25621
    — CVSS 6.0 (MEDIUM)

    A Reports application infrastructure vulnerability exists in Arista Edge Threat Management – Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier so…
  14. CVE-2026-25620
    — CVSS 6.0 (MEDIUM)

    An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management – Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4…
  15. CVE-2026-11401
    — CVSS 8.0 (HIGH)

    An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amaz…
  16. CVE-2026-11400
    — CVSS 8.0 (HIGH)

    An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Am…
  17. CVE-2026-5415
    — CVSS 8.8 (HIGH)

    The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is du…
  18. CVE-2026-5411
    — CVSS 8.8 (HIGH)

    The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is du…
  19. CVE-2026-46392
    — CVSS 8.7 (HIGH)

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim…
  20. CVE-2026-46389
    — CVSS 10.0 (CRITICAL)

    UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the `client-kubernetes…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 6, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com