📰 DAILY THREAT BRIEFING
Monday, June 8, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 8, 2026.

  1. Hands on with Intelligent Terminal, an AI-powered Windows Terminal
    — Bleeping Computer

    Microsoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Ter…
  2. C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
    — Bleeping Computer

    A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU arch…
  3. Silent Ransom Group targets law firms with fake IT support calls
    — Bleeping Computer

    The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering at…
  4. New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
    — The Hacker News

    OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising f…
  5. Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
    — The Hacker News

    A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including alwa…
  6. CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
    — The Hacker News

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-p…
  7. Exposed Fuel Tank Gauges Under Attack in the US
    — Dark Reading

    Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.
  8. Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
    — Dark Reading

    AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, res…
  9. Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
    — Unit 42

    We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-…
  10. Trump AI Order Seeks Voluntary Frontier Model Testing
    — Dark Reading

    The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal …
  11. The Evil MSI Background is Back!, (Fri, Jun 5th)
    — SANS ISC

    A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[1]. Yesterday, I sp…
  12. ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6723 in last 30 days).
Critical: 0 · High: 9 · Medium: 7 · Low: 4. View full dashboard →

  1. CVE-2026-11469
    — CVSS 4.7 (MEDIUM)

    A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add…
  2. CVE-2026-11468
    — CVSS 2.4 (LOW)

    A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room_types. Performing a manipulation of the argument ro…
  3. CVE-2026-11467
    — CVSS 5.4 (MEDIUM)

    A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java…
  4. CVE-2026-11466
    — CVSS 5.4 (MEDIUM)

    A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs caus…
  5. CVE-2026-11465
    — CVSS 3.1 (LOW)

    A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The mani…
  6. CVE-2026-11464
    — CVSS 3.1 (LOW)

    A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file srcmainjavaorgjeecgmodulessystemcontrollerSysUserController.java of the component …
  7. CVE-2026-11463
    — CVSS 7.3 (HIGH)

    A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remot…
  8. CVE-2026-11462
    — CVSS 7.3 (HIGH)

    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. P…
  9. CVE-2026-11461
    — CVSS 6.3 (MEDIUM)

    A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument…
  10. CVE-2026-11460
    — CVSS 7.3 (HIGH)

    A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotel…
  11. CVE-2026-49494
    — CVSS 7.5 (HIGH)

    Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload le…
  12. CVE-2026-11459
    — CVSS 3.3 (LOW)

    A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosur…
  13. CVE-2026-11458
    — CVSS 5.3 (MEDIUM)

    A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Exec…
  14. CVE-2026-11457
    — CVSS 7.3 (HIGH)

    A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport …
  15. CVE-2026-11456
    — CVSS 7.3 (HIGH)

    A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql …
  16. CVE-2026-11455
    — CVSS 5.0 (MEDIUM)

    A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes c…
  17. CVE-2026-11453
    — CVSS 6.3 (MEDIUM)

    A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation o…
  18. CVE-2026-11452
    — CVSS 7.3 (HIGH)

    A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN_0042e200 of the file /cgi-bin/glc of the component SET_USER_PWD Handler. The manipulation of the argument Password leads to co…
  19. CVE-2026-11451
    — CVSS 7.3 (HIGH)

    A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media_dir can lead to command …
  20. CVE-2026-11450
    — CVSS 7.3 (HIGH)

    A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev_…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 8, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com