Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-10 03:00 PDT
- Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
BleepingComputer • 2026-06-10 02:57 • www.bleepingcomputer.com
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-yellowkey-greenplasma-miniplasma-zero-days/ - How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)
SANS ISC Diary (full) • 2026-06-10 01:29 • isc.sans.eduBack in 2023, I wrote a diary[1] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[2]), and how they were set. Given that three years have passed since then, I thought it might be interesting to repeat the analysis and see what – if anything – has changed in the meantime.
- Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
The Hacker News • 2026-06-10 00:37 • thehackernews.com
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers.Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber
https://thehackernews.com/2026/06/anthropic-releases-claude-fable-5-its.html - ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
The Hacker News • 2026-06-10 00:02 • thehackernews.com
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances.“On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” the company revealed in an advisory that requires customer access. “The update concerned a security issue that could allow an unauthenticated user, in
https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html - Ivanti: Max severity Sentry flaw allows code execution as root
BleepingComputer • 2026-06-09 23:26 • www.bleepingcomputer.com
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. […]
https://www.bleepingcomputer.com/news/security/new-max-severity-ivanti-sentry-flaw-allows-code-execution-as-root/ - Weekly Update 507
Troy Hunt • 2026-06-09 22:31 • www.troyhunt.com1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notifications etc, it's all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring
- Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The Hacker News • 2026-06-09 22:22 • thehackernews.com
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet.“The exploit is a race condition, so it’s a hit or miss,” the researcher, who published the exploit under a new GitHub account, “MSNightmare” said. “I have managed to get a 100% success rate on
https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html - Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
The Hacker News • 2026-06-09 22:08 • thehackernews.com
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks.“In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger
https://thehackernews.com/2026/06/six-proto6-vulnerabilities-in.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
