Record Microsoft Patch Tuesday Fixes 200+ Flaws and 3 Zero-Days; APTs Target Global Energy Sector
Summary
This edition covers a landmark Microsoft Patch Tuesday on June 10, 2026, which addressed over 200 vulnerabilities, including three publicly disclosed zero-days, setting a new benchmark for security teams. Concurrently, new intelligence reveals that nation-state APT groups have intensely targeted the global energy and utilities sector, accounting for two-thirds of observed campaigns. Other major events include a surge in AI-driven phishing, critical Ivanti Sentry vulnerabilities, and numerous ransomware attacks and data breaches affecting industries from education to engineering, highlighting a persistent and evolving threat landscape.
Today New Articles
Microsoft's Record-Breaking June Patch Tuesday: Over 200 Flaws and Three Zero-Days Patched
Microsoft has released its largest-ever Patch Tuesday for June 2026, addressing a staggering 200 vulnerabilities across its product ecosystem. The update includes fixes for 33 critical flaws and three publicly disclosed zero-day vulnerabilities. Among the most...
Energy Sector in Crosshairs: 66% of APT Campaigns Target Utilities, Report Finds
A new intelligence report from CYFIRMA reveals a concentrated and sustained cyber espionage campaign against the global energy and utilities sector. Over the past three months, this critical infrastructure sector was the target in 66% of all observed Advanced...
Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE
Ivanti has released urgent security updates for two critical vulnerabilities in its Ivanti Sentry (formerly MobileIron Sentry) product. The most severe flaw, CVE-2026-10520, is an unauthenticated OS command injection vulnerability that allows a remote attacker...
Ransomware Attack on Illinois High School Disables Safety Systems, Forcing Campus Shutdown
A ransomware attack on June 7, 2026, forced Evanston Township High School (ETHS) in Illinois to shut down its campus for two days. The cyberattack had a severe physical impact, disabling critical building safety systems including door access controls and publi...
Wave of Data Breaches Hits Global Firms as Multiple Threat Actors Strike
June 10, 2026, saw a flurry of data breach announcements with multiple threat actor groups claiming responsibility for attacks on a diverse set of global companies. The victims span telecommunications, IT, manufacturing, logistics, and finance. U.S. telecom co...
ICS Patch Tuesday: Siemens, Schneider, Phoenix Contact Release Critical Advisories
The June 2026 Industrial Control Systems (ICS) Patch Tuesday featured important security advisories from major OT vendors including Siemens, Schneider Electric, and Phoenix Contact. Siemens released four advisories covering multiple flaws in Sinec INS, Siprote...
LockBit 5.0 Ransomware Gang Claims Attack on Singapore's SCB Group
The notorious LockBit 5.0 ransomware-as-a-service (RaaS) operation has claimed responsibility for a cyberattack against SCB Group, a construction company based in Singapore. The claim was posted on the group's dark web leak site on June 9, 2026. In a classic d...
Infostealer Malware Poses Critical Supply Chain Risk to U.S. Defense Sector
A new report from threat intelligence firm Flashpoint, released on June 10, 2026, warns that information-stealing malware represents a major and underestimated threat to the U.S. Department of Defense (DoD) and the Defense Industrial Base (DIB). With over 11 m...
OT Cybersecurity Becomes a Board-Level Priority, Fortinet Report Finds
A new report from Fortinet reveals a significant shift in how organizations are managing the security of their operational technology (OT). The 2025 State of OT and Cybersecurity Report, published June 10, 2026, shows that OT security is now a board-level conc...
Hackers Can Blind Your SOC: New Research Reveals How Attackers Abuse Cloud Logging for Stealth
New research from Unit 42 demonstrates how threat actors can target and abuse fundamental cloud logging services in AWS and Google Cloud to cover their tracks and evade detection. The report details several defense evasion techniques, including disabling loggi...
Article Updates
DragonForce Ransomware Targets Chicago Tour Company in Double Extortion Attack
Update:The Dragonforce ransomware group has claimed another victim, Sayre Associates, Inc., a U.S. civil engineering and land surveying firm. On June 10, 2026, the group posted on its dark web leak site that it had exfiltrated sensitive data, including client informa...
Active Exploitation of Critical PAN-OS Auth Bypass (CVE-2026-0257) Detected in the Wild
Update:Unit 42 has released a critical update providing specific Indicators of Compromise (IOCs) for the active exploitation of CVE-2026-0257. These include several suspicious IP addresses (e.g., 198.51.100.1, 203.0.113.10), hard-coded MAC addresses (e.g., 36:29:AF:C...
Phishing Attacks Spike 28% as AI-Powered, Multi-Channel Campaigns Bypass Security
Update:New research reveals a dramatic 14-fold increase in AI-generated phishing attacks in 2026, significantly escalating the threat. Attackers are leveraging AI to create highly personalized campaigns, including a record-breaking tax-themed phishing wave that saw a...
Google Patches Fifth Actively Exploited Chrome Zero-Day of 2026
Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially recognized the active exploitation of CVE-2026-11645, the Google Chrome V8 zero-day, by adding it to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion mandates all...