Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Google's June 2026 Android update addresses 124 CVEs, with CVE-2025-48595 (CVSS 8.4) in the Framework component confirmed actively exploited — a zero-interaction privilege escalation requiring immediate patching.
CVE-2026-40817: high vulnerability (CVSS 7.5)
CVE-2026-40817 is an unauthenticated SQLi in the getAlarmProfiles function, exploitable remotely with no credentials required. CVSS 7.5 reflects full confidentiality loss—attackers can exfiltrate the entire dataset reachable by the query. No integrity or availability impact is listed, but data exposure alone is critical in alarm/monitoring contexts.
Microsoft's Coreutils project brings Linux commands to Windows
Microsoft's Build 2026 debut of Coreutils for Windows ships native GNU-equivalent binaries (grep, find, curl, chmod, etc.) directly into the Windows ecosystem. This expands the living-off-the-land binary (LOLBin) surface and introduces Unix permission semantics onto NTFS, creating potential ACL confusion. Defenders must update detection baselines immediately.
Instagram users locked out after Meta AI abused to steal accounts
Attackers exploited Meta's AI-powered account recovery tools by constructing convincing ownership narratives, bypassing identity verification and seizing Instagram accounts. The AI's intent to be helpful became its attack surface — social engineering shifted from humans to LLMs.
Regional credit union says ransomware gang stole member data
A regional credit union confirmed a ransomware gang exfiltrated member PII prior to encrypting systems, following the now-standard double-extortion playbook. Operations have been shifted to backups while the breach is investigated. Member financial and personal data is at risk of dark-web exposure or sale.
Critical unauthenticated RCE in widely-deployed edge VPN appliance (CVSS 9.8)
A pre-auth remote code execution flaw in a popular SSL-VPN appliance is now on CISA's KEV list with confirmed in-the-wild exploitation. Patch or disconnect immediately.
Regional US bank discloses breach exposing ~1.2M customer records
A mid-size regional bank confirmed attackers exfiltrated customer PII and partial account data after compromising a third-party file-transfer appliance. Notifications begin this week.
Healthcare network diverts ambulances after ransomware hits scheduling systems
A multi-site healthcare provider took clinical systems offline following a ransomware intrusion, reverting to paper workflows and diverting emergency traffic while it rebuilds from backups.
Researchers demonstrate indirect prompt injection that hijacks tool-using AI agents
A new write-up shows how a poisoned web page or document can silently redirect an autonomous agent's tool calls — exfiltrating data or triggering unintended actions — without the user noticing.
New open-source tool auto-converts CISA KEV entries into detection rules
A community project released a utility that watches the KEV catalog and generates draft Sigma/Splunk detections for newly-listed vulnerabilities, shortening the gap between disclosure and coverage.
KEV→Sigma Generator — turns newly-exploited CVEs into tuned detection drafts
A tool I built that watches the CISA KEV catalog and produces validated Sigma rule drafts with false-positive guardrails baked in, plus a Splunk/Sentinel export. Tested against sample telemetry before it emits anything.