Security news & tech updates for sysadmins and IT pros
Cybersecurity advisories, CVE watch and the tech worth sharing, scored by trend and updated regularly, written for people who actually run infrastructure.
16 results
Anthropic Export Ban: 76 Security Execs Demand Reversal
76 cybersecurity executives from Adobe, Google, Nvidia signed an open letter urging Commerce to lift Anthropic Fable 5 and Mythos 5 export controls.
CVE-2026-20262: Cisco SD-WAN Root Bug Actively Exploited
Cisco patches CVE-2026-20262, a critical Catalyst SD-WAN Manager flaw granting root access. CISA issued Emergency Directive 26-03 as UAT-8616 exploits systems.
SearchLeak Vulnerability in Microsoft 365 Copilot Enables One-Click Data Theft
CVE-2026-42824 chains three flaws to exfiltrate emails, passwords, and documents via malicious URLs. Microsoft has patched server-side.
Conti Ransomware Developer Pleads Guilty: Ukrainian Faces 20 Years in Prison
Oleksii Lytvynenko admitted to building malware loaders for Conti, which extorted over $150 million from victims across 47 U.S. states and 31 countries.
Windows 11 KB5094126 June 2026: Key Fixes for Sysadmins
KB5094126 fixes HYPERVISOR_ERROR 0x20001 crashes and BitLocker recovery loops. Released June 9, 2026 for Windows 11 24H2/25H2.
npm 12 Blocks Install Scripts by Default: July 2026 Deadline
npm v12 disables dependency install scripts starting July 2026, affecting 2M+ packages. Developers must whitelist trusted packages via allowScripts in package.json.
June 2026 Patch Tuesday: 3 Zero-Days, 206 CVEs Fixed
Microsoft's largest-ever Patch Tuesday fixes 206 CVEs including three actively exploited zero-days. BitLocker bypass, Defender privilege escalation actively exploited.
CVE-2026-35273: Oracle PeopleSoft Zero-Day Exploited
CVE-2026-35273 enables unauthenticated RCE in Oracle PeopleSoft. ShinyHunter exploits this zero-day to steal HR/payroll data. Emergency patch available.
Exchange Server Zero-Day CVE-2024-21413 Patched
Microsoft patches CVE-2024-21413 Exchange Server zero-day exploited against OWA users. Over 97,000 servers vulnerable. XSS flaw allows JavaScript injection. Patch now.
Windows Server 2025 June Update KB5094125: DoH, BitLocker Fix
KB5094125 adds DNS over HTTPS support, fixes April's BitLocker recovery bug, and includes Secure Boot certificate controls for Windows Server 2025.
Patch Tuesday June 2024: Microsoft Fixes 51 Flaws, One Zero-Day
Microsoft's June 2024 Patch Tuesday addresses 51 vulnerabilities including 18 RCE flaws. CVE-2024-30080 MSMQ bug scores 9.8 CVSS and demands immediate patching.
KB5094122: Windows Server 2016 Secure Boot Privacy Update
KB5094122 brings build 14393.9234 to Windows Server 2016 with Secure Boot telemetry controls, a DFS namespace fix, and desktop.ini hardening.
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Privileges on Patched Systems
New RoguePlanet exploit bypasses June 2026 patches to spawn SYSTEM-level prompts via Defender race condition. Seventh release from Nightmare Eclipse in ten weeks.
Chrome Zero-Day CVE-2026-11645 Patched: Update Now
Google patches CVE-2026-11645, Chrome's fifth zero-day of 2026. With 3.83 billion users at risk, CISA mandates federal remediation by June 23.
Check Point VPN Zero-Day Exploited by Qilin Ransomware
CVE-2026-50751 lets Qilin ransomware bypass Check Point VPN authentication. CISA mandates a 72-hour patch deadline. Learn detection steps and fixes.
ServiceNow API Flaw Exposes Customer Data: Response Guide
A ServiceNow API flaw exposed customer data from June 2-3, 2026. ServiceNow patched the unauthenticated endpoint on June 5. Here's what 8,700+ customers must do now.