CISA KEV Alerts for Check Point VPN & SolarWinds Flaws; Qilin & Nitrogen Ransomware Hit Major Targets
Summary
This cybersecurity brief for June 9, 2026, covers a series of critical vulnerabilities and high-impact attacks. CISA has added an actively exploited Check Point VPN zero-day (CVE-2026-50751), linked to Qilin ransomware, and a SolarWinds Serv-U flaw (CVE-2026-28318) to its KEV catalog, mandating urgent patches. Meanwhile, the Nitrogen ransomware group claims a massive 8TB data theft from electronics giant Foxconn, impacting its major tech partners. Other significant events include Google patching its fifth Chrome zero-day of the year, a sophisticated vishing and physical intrusion campaign against US law firms by the Silent Ransom Group, and a major data leak by ShinyHunters affecting 2.6 million DentaQuest customers.
Today New Articles
Qilin Ransomware Exploits Critical Check Point VPN Zero-Day, CISA Mandates Urgent Patch
A critical, actively exploited authentication bypass vulnerability in Check Point's VPN products (CVE-2026-50751) allows attackers to establish a VPN session without a password. The flaw, affecting deprecated IKEv1 configurations, has been linked to attacks by...
Google Patches Fifth Actively Exploited Chrome Zero-Day of 2026
Google has released an emergency security update for its Chrome browser to patch CVE-2026-11645, a high-severity zero-day vulnerability in the V8 JavaScript engine. The flaw, which allows for arbitrary code execution, is the fifth actively exploited Chrome vul...
CISA Adds Actively Exploited LiteLLM and Check Point Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities to its KEV catalog: a command injection flaw in BerriAI's LiteLLM (CVE-2026-42271) and an authentication bypass in Check Point's VPNs (CVE-2026-50...
ShinyHunters Leaks 234GB of Data from DentaQuest, Affecting 2.6 Million People
The extortion group ShinyHunters has leaked a massive 234 GB archive of data allegedly stolen from DentaQuest, a major U.S. dental benefits administrator. The breach, which DentaQuest has acknowledged, impacts approximately 2.6 million individuals. The leaked...
TheGentlemen Ransomware Claims Attack on Institucion Cervantes in Argentina
The ransomware group known as "TheGentlemen" has claimed responsibility for a cyberattack on Institucion Cervantes, a private higher education institution in Argentina. In a notice dated June 8, 2026, the group threatened to publish a full leak of stolen data...
Hola Browser for Windows Suffers Supply Chain Attack Distributing Monero Miner
The Windows version of the popular Hola Browser was compromised in a supply chain attack that surreptitiously installed a Monero (XMR) cryptocurrency miner on user systems. Hola confirmed the breach, which was discovered during a software certification test, s...
UN World Food Programme Breach Exposes Data of 600,000 Gaza Households
The United Nations World Food Programme (WFP) confirmed a data breach of its aid registration system for Palestine, exposing the personal data of approximately 600,000 households in Gaza. The attack, which occurred on May 14, compromised names, ID numbers, pho...
Article Updates
Foxconn Hit by Nitrogen Ransomware; Attackers Claim 8TB of Data from Apple, Google, Intel Projects
Update:The Nitrogen ransomware attack on Foxconn utilized malvertising as its initial access vector, leading to trojanized installers. Further analysis reveals the stolen 8TB of data includes confidential engineering documents, circuit board layouts, and network topo...
The AI Sword: Anthropic Model Demonstrates Hacking Prowess Surpassing Human Experts
Update:Following concerns about advanced AI models being weaponized for cyberattacks, U.S. state and local governments are bolstering defenses. A new executive order mandates DHS to aid these efforts. AI companies, notably OpenAI with its GPT-5.5-Cyber model, are col...
Chinese APTs Exploit Middle East Conflict for Cyber-Espionage in Maritime and Energy Sectors
Update:A new CrowdStrike report reveals China-nexus APTs, such as MURKY PANDA and MUSTANG PANDA, are responsible for over 58% of state-sponsored attacks on the technology sector. These groups are aggressively targeting AI capabilities and intellectual property to sup...
FBI Warns 'Silent Ransom Group' (Luna Moth) is Sending Operatives In-Person to Steal Data
Update:The FBI, now joined by Mandiant, has confirmed the ongoing Silent Ransom Group (Luna Moth) campaign, specifically targeting US law firms. The group continues to employ vishing and social engineering to trick employees into installing legitimate Remote Monitori...
CISA Mandates Patch for Actively Exploited SolarWinds DoS Flaw Added to KEV Catalog
Update:The latest report on the actively exploited SolarWinds Serv-U DoS flaw (CVE-2026-28318) provides additional context and technical details. It specifies a CVSS score of 7.5, highlighting the high severity. The article also elaborates on how DoS attacks can be u...