Here are today’s top cybersecurity stories for Friday, June 5, 2026.
Cisco Warns of Seventh SD-WAN Zero-Day Exploited in 2026 — No Patch Available
Cisco has disclosed CVE-2026-20245, a high-severity unpatched zero-day in Cisco Catalyst SD-WAN Manager, the seventh SD-WAN zero-day exploited in attacks so far this year. The vulnerability stems from insufficient validation of user-supplied input, allowing authenticated attackers with netadmin privileges to upload a crafted file and execute arbitrary commands as root. The flaw affects all deployment types including on-prem, Cloud-Pro, and FedRAMP environments. Mandiant reported the exploitation to Cisco, which confirmed limited cases where the vulnerability was used to push unauthorized configuration changes to edge devices. No patches are available, but Cisco advises upgrading to the fix for CVE-2026-20182 as a partial mitigation. BleepingComputer
Qilin Ransomware Claims Canadian Oilfield Services Firm Trican Well Service
Qilin ransomware added Trican Well Service, a major Canadian oilfield services company, to its leak site on June 4, 2026. Qilin has been one of the most active ransomware groups in the first half of 2026, targeting organizations across energy, manufacturing, and professional services. Trican has not issued a public statement at this time. The incident adds to a growing list of Canadian organizations appearing on Qilin’s extortion portal this year. Ransomware.live
June 2026 Patch Tuesday Forecast: Exchange Zero-Day and Secure Boot Deadline in Focus
Microsoft’s June 2026 Patch Tuesday is scheduled for June 9. Analysts expect an Exchange Server update to address the actively exploited CVE-2026-42897, a cross-site scripting spoofing vulnerability in Outlook Web Access that Microsoft has been mitigating via the Emergency Mitigation Service since May. The June release also arrives days before the critical June 26 deadline for Secure Boot certificate validation, which carries a 2–5% risk of boot failure if deployment is not carefully managed. Help Net Security
Google Releases June 2026 Android Security Update Patching 124 Vulnerabilities
Google’s June 2026 Android security bulletin addresses 124 vulnerabilities across Android 14, 15, and 16. The update patches CVE-2025-48595, an Android Framework integer overflow flaw that has been actively exploited in targeted attacks to achieve code execution and privilege escalation. Organizations managing Android device fleets should prioritize deploying the update through their MDM platforms without delay. BleepingComputer
Cisco SD-WAN CVE-2026-20245: Mandiant Discloses Post-Authentication Root Execution Chain
Mandiant’s investigation confirmed CVE-2026-20245 is being chained with earlier Cisco SD-WAN flaws — notably CVE-2026-20182 (authentication bypass) and CVE-2026-20127 (SD-WAN peering flaw) — allowing attackers to reach root-level command execution after initial access. Cisco confirmed unauthorized configuration pushes to edge devices in a limited set of confirmed exploitation cases. No workaround exists and no patch release date has been announced. SecurityWeek
CISA Releases Five ICS Advisories Covering OT and IoT Products
CISA released five Industrial Control Systems advisories on June 4, 2026 (ICSA-26-155-01 through ICSA-26-155-05), detailing novel vulnerabilities in ICS, OT, and IoT devices. The advisories include affected product versions and vendor-recommended mitigations. Operators of industrial systems are advised to review all five advisories and apply recommended controls promptly. CISA
2026 Verizon DBIR: Shadow AI, Browser Attacks, and Credential Abuse Define the Threat Year
The 2026 Verizon Data Breach Investigations Report confirms browser-based attacks dominate the threat environment, with 39% of breaches involving credential abuse. Shadow AI emerged as the third most common non-malicious insider action in DLP datasets — a fourfold increase year-over-year — signalling that AI tool adoption without governance policies is creating significant data-exposure risk. The report reinforces credential hardening and AI access controls as top priorities for security teams. BleepingComputer
New Security Tooling: Dependency Firewall and AI Agent Governance Solutions Launched
Several notable security products launched this week. depthfirst released Dependency Firewall, which reviews every open-source package being downloaded across a company and blocks malicious packages before they reach the requesting system — a direct response to the wave of supply-chain attacks in 2026. Asimily launched Segmentation Orchestration to convert connected-device risk data into enforceable network policy. Both tools reflect growing vendor focus on developer and AI supply-chain security. Help Net Security
Stay tuned for today’s in-depth analysis posts.
