Here are today’s top cybersecurity stories for Wednesday, June 10, 2026.
Microsoft June 2026 Patch Tuesday: 200 Flaws, Six Zero-Days, One Exploited in the Wild
Microsoft released its June 2026 Patch Tuesday updates today, addressing 200 vulnerabilities including six zero-days — five publicly disclosed and one actively exploited. The release includes 33 critical flaws, 28 of which are remote code execution bugs. Key zero-days include CVE-2026-50507 (Windows BitLocker security bypass), CVE-2026-45586 (CTFMON elevation of privilege), and CVE-2026-49160 (HTTP.sys denial of service). Windows 11 KB5094126 and KB5093998 are the corresponding cumulative updates. Only 17 days remain until the June 26 Secure Boot certificate expiration enforcement deadline. BleepingComputer
RoguePlanet: New Unpatched Microsoft Defender Zero-Day Drops Hours After Patch Tuesday
Hours after Microsoft patched two previously disclosed Defender flaws, the anonymous researcher Nightmare-Eclipse (Chaotic Eclipse) released a new proof-of-concept exploit named RoguePlanet. Tracked as CVE-2026-47281 with a CVSS score of 9.6, the flaw exploits a time-of-check to time-of-use race condition in Microsoft Defender to spawn a command prompt with SYSTEM privileges on fully patched Windows 10 and Windows 11 systems. ThreatLocker confirmed successful reproduction on systems with KB5094126 installed. RoguePlanet is the sixth Defender zero-day PoC from this researcher since April 2026. BleepingComputer
Ivanti Patches CVSS 10.0 and 9.9 Flaws in Sentry Gateway — Public PoC Already Available
Ivanti released emergency patches for two critical vulnerabilities in its Sentry secure mobile gateway: CVE-2026-10520 (CVSS 10.0), an OS command injection flaw enabling unauthenticated root-level remote code execution, and CVE-2026-10523 (CVSS 9.9), an authentication bypass allowing unauthenticated users to create administrator accounts. Both affect Sentry versions prior to 10.5.2, 10.6.2, and 10.7.1. Security firm watchTowr published a technical analysis and proof-of-concept exploit for CVE-2026-10520 on the same day patches shipped, making rapid exploitation in the wild likely. Help Net Security
ServiceNow Discloses Security Incident — Unauthenticated API Access Exposed Customer Instance Data
ServiceNow warned customers of a security incident in which attackers exploited an unauthenticated Scripted REST API endpoint to query data from customer instances. The malicious activity was detected June 2-3, 2026, with a silent fix applied to hosted instances on June 5. The root cause was a Scripted REST Resource shipped with requires_authentication set to false. The issue primarily affected customers on the Australia platform release or those who made specific configuration changes. ServiceNow confirmed data was successfully queried and said it is still evaluating whether to assign a CVE. BleepingComputer
Google Patches Chrome Zero-Day CVE-2026-11645 — Fifth V8 Exploit of 2026 Exploited in the Wild
Google released Chrome 149.0.7827.102/103 to fix 74 vulnerabilities, including CVE-2026-11645, a high-severity V8 out-of-bounds memory access flaw with a CVSS score of 8.8 actively exploited in the wild. Researcher “303f06e3” discovered and disclosed the flaw on April 27, receiving a $55,000 bug bounty. CVE-2026-11645 is the fifth Chrome zero-day Google has patched in 2026, following CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281. All users should update Chrome immediately. The Hacker News
Miasma Supply Chain Worm Toolkit Open-Sourced — 73 Microsoft GitHub Repos Compromised
The threat group TeamPCP open-sourced the full Miasma supply chain attack toolkit via compromised GitHub accounts on June 8-9, 2026, the same toolkit used to compromise 73 Microsoft GitHub repositories on June 5. The attack planted malicious configuration files that execute a credential-harvesting payload when developers open affected repositories in AI coding tools including Claude Code, Gemini CLI, Cursor, and VS Code. GitHub disabled the repositories in an automated sweep. Miasma is a variant of the Mini Shai-Hulud worm and has previously targeted TanStack, Mistral AI, Red Hat npm packages, and Checkmarx. Experts note no opportunistic adoption of the open-sourced toolkit has been observed yet. The Hacker News
ICS Patch Tuesday June 2026: Siemens, Schneider Electric, and Phoenix Contact Address OT Vulnerabilities
ICS Patch Tuesday for June 2026 saw Siemens, Schneider Electric, and Phoenix Contact release security advisories for operational technology vulnerabilities. Siemens issued fixes for command execution, privilege escalation, and information disclosure flaws in Sinec INS, Siprotec 5, and WinCC Certificate Manager, and patched CVE-2025-15467, an OpenSSL RCE affecting Scalance, Simatic, Sinamics, and Sinec product lines. Schneider Electric addressed command execution flaws in PowerLogic P7 and credential exposure in EasyLogic T150 and Saitel DP RTU. SecurityWeek
Infostealers Now Dominate Initial Access — Vidar Controls 73% of Infected Hosts in Early 2026
A new analysis finds infostealers have become the dominant initial access method for ransomware and cybercrime operations, overtaking direct vulnerability exploitation. During the first two months of 2026, Vidar rose to account for more than 73% of all infostealer-infected hosts globally, displacing RedLine, Lumma, and other previously dominant strains. The findings underscore the shift from exploit-first attack chains to credential theft via browser-targeting malware as threat actors prioritize speed and stealth in gaining access to enterprise environments. SecurityWeek
Stay tuned for today’s in-depth analysis posts.
