📰 DAILY THREAT BRIEFING
Wednesday, June 10, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of June 10, 2026.

  1. Anthropic rolls out Claude Fable 5, but it's available for a limited time
    — Bleeping Computer

    Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI mode…
  2. ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  3. Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
    — Bleeping Computer

    […]
  4. A Record-Breaking Patch Tuesday for June 2026
    — Krebs on Security

    Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a r…
  5. Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility
    — Unit 42

    Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasio…
  6. Blame AI: Patch Tuesday Hits Record 206 CVEs
    — Dark Reading

    Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.
  7. ServiceNow discloses security incident exposing customer data
    — Bleeping Computer

    ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, …
  8. Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
    — Dark Reading

    "Ghost-Sender" uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spo…
  9. Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
    — Dark Reading

    The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month.
  10. Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
    — SANS ISC

    Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed…
  11. Meta to Use Off-Site Business Data for Feed and AI Personalization
    — The Hacker News

    Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artifici…
  12. Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
    — The Hacker News

    Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code executi…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (7558 in last 30 days).
Critical: 1 · High: 11 · Medium: 8 · Low: 0. View full dashboard →

  1. CVE-2026-46532
    — CVSS 4.6 (MEDIUM)

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() …
  2. CVE-2026-45542
    — CVSS 7.1 (HIGH)

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm…
  3. CVE-2026-45541
    — CVSS 7.5 (HIGH)

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_se…
  4. CVE-2026-45329
    — CVSS 7.1 (HIGH)

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of t…
  5. CVE-2026-45328
    — CVSS 9.3 (CRITICAL)

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridg…
  6. CVE-2026-45160
    — CVSS 6.5 (MEDIUM)

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in component…
  7. CVE-2026-53675
    — CVSS 4.3 (MEDIUM)

    BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friend…
  8. CVE-2026-53674
    — CVSS 7.1 (HIGH)

    BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by craft…
  9. CVE-2026-53673
    — CVSS 8.1 (HIGH)

    BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in th…
  10. CVE-2026-47838
    — CVSS 6.8 (MEDIUM)

    SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an…
  11. CVE-2026-46545
    — CVSS 7.5 (HIGH)

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_ch…
  12. CVE-2026-46543
    — CVSS 5.3 (MEDIUM)

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containin…
  13. CVE-2026-46542
    — CVSS 4.3 (MEDIUM)

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization cod…
  14. CVE-2026-46541
    — CVSS 7.5 (HIGH)

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initialized when the first …
  15. CVE-2026-46540
    — CVSS 6.5 (MEDIUM)

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (che…
  16. CVE-2026-46539
    — CVSS 5.9 (MEDIUM)

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the function to return t…
  17. CVE-2026-46518
    — CVSS 7.7 (HIGH)

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feat…
  18. CVE-2026-46517
    — CVSS 7.8 (HIGH)

    LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publicatio…
  19. CVE-2026-46491
    — CVSS 8.6 (HIGH)

    SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by dir…
  20. CVE-2026-46432
    — CVSS 7.8 (HIGH)

    LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_code=True" in multiple…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · June 10, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com