Daily Digest

Record Microsoft Patch Tuesday Fixes 200+ Flaws and 3 Zero-Days; APTs Target Global Energy Sector

Record Microsoft Patch Tuesday Fixes 200+ Flaws and 3 Zero-Days; APTs Target Global Energy Sector

June 10, 2026
14 articles (10 new, 4 updated)
42 min read

Summary

This edition covers a landmark Microsoft Patch Tuesday on June 10, 2026, which addressed over 200 vulnerabilities, including three publicly disclosed zero-days, setting a new benchmark for security teams. Concurrently, new intelligence reveals that nation-state APT groups have intensely targeted the global energy and utilities sector, accounting for two-thirds of observed campaigns. Other major events include a surge in AI-driven phishing, critical Ivanti Sentry vulnerabilities, and numerous ransomware attacks and data breaches affecting industries from education to engineering, highlighting a persistent and evolving threat landscape.

Filter by Category

New Articles (10)

Microsoft's Record-Breaking June Patch Tuesday: Over 200 Flaws and Three Zero-Days Patched

CRITICAL

Microsoft Issues Historic June 2026 Patch Tuesday Update Fixing Over 200 Vulnerabilities, Including Three Publicly Disclosed Zero-Days

Microsoft has released its largest-ever Patch Tuesday for June 2026, addressing a staggering 200 vulnerabilities across its product ecosystem. The update includes fixes for 33 critical flaws and three publicly disclosed zero-day vulnerabilities. Among the most severe are a wormable Windows Kernel RCE (CVE-2026-45657), a critical HTTP.sys flaw (CVE-2026-47291), and a DHCP Client bug (CVE-2026-44815), all rated 9.8. The zero-days, while not actively exploited, affect BitLocker (CVE-2026-50507), HTTP.sys (CVE-2026-49160), and the Windows Collaborative Translation Framework (CVE-2026-45586). This massive release underscores the accelerating pace of vulnerability discovery and places significant pressure on IT teams for rapid remediation.

June 10, 2026
5 min read
Patch TuesdayZero-DayRCEWormableMicrosoft +3 more
Microsoft's Record-Breaking June Patch Tuesday: Over 200 Flaws and Three Zero-Days Patched

Energy Sector in Crosshairs: 66% of APT Campaigns Target Utilities, Report Finds

HIGH

Nation-State APTs from China, Russia, and North Korea Overwhelmingly Target Energy and Utilities Sector for Espionage

A new intelligence report from CYFIRMA reveals a concentrated and sustained cyber espionage campaign against the global energy and utilities sector. Over the past three months, this critical infrastructure sector was the target in 66% of all observed Advanced Persistent Threat (APT) campaigns. The most active threat actors include China-linked groups like Mustang Panda and Volt Typhoon, North Korea's Lazarus Group, and Russia's Sandworm. The primary motivation is strategic intelligence gathering and infrastructure reconnaissance, with attacks spanning 18 countries. Japan, the U.S., U.K., and Australia are among the most frequently targeted nations. The report also highlights destructive wiper attacks and widespread phishing campaigns, signaling a multi-faceted and escalating threat to global energy security.

June 10, 2026
5 min read
APTNation-StateEnergy SectorCritical InfrastructureMustang Panda +5 more
Energy Sector in Crosshairs: 66% of APT Campaigns Target Utilities, Report Finds

Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE

CRITICAL

Ivanti Urges Immediate Patching for Critical Sentry Vulnerabilities (CVE-2026-10520, CVE-2026-10523) Enabling Root RCE

Ivanti has released urgent security updates for two critical vulnerabilities in its Ivanti Sentry (formerly MobileIron Sentry) product. The most severe flaw, CVE-2026-10520, is an unauthenticated OS command injection vulnerability that allows a remote attacker to achieve root-level remote code execution on the appliance. A second flaw, CVE-2026-10523, permits authentication bypass. While there is no evidence of active exploitation, security researchers have already published technical details and a proof-of-concept scanner for CVE-2026-10520, significantly increasing the risk of attack. Given that Sentry appliances act as gateways to sensitive corporate resources, compromise could be devastating. All users are urged to update to the patched versions immediately.

June 10, 2026
4 min read
IvantiVulnerabilityRCEZero-DayCVE-2026-10520 +2 more
Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE

Ransomware Attack on Illinois High School Disables Safety Systems, Forcing Campus Shutdown

HIGH

Evanston Township High School Forced to Close After Ransomware Attack Cripples Building Safety and IT Systems

A ransomware attack on June 7, 2026, forced Evanston Township High School (ETHS) in Illinois to shut down its campus for two days. The cyberattack had a severe physical impact, disabling critical building safety systems including door access controls and public address systems, rendering the school unsafe for students and staff. The incident also knocked out internet, phone, and computer systems. The school district has engaged the FBI and cybersecurity experts to investigate and restore operations. While no ransomware group has claimed responsibility and it's unknown if data was stolen, the event highlights the growing threat of cyberattacks that can cause tangible, real-world disruption to critical public services like education.

June 10, 2026
4 min read
RansomwareEducationCyberattackOTPhysical Security +1 more
Ransomware Attack on Illinois High School Disables Safety Systems, Forcing Campus Shutdown

Wave of Data Breaches Hits Global Firms as Multiple Threat Actors Strike

HIGH

Chaos, PEAR, WorldLeaks Among Threat Actors Behind Flurry of Data Breaches on June 10

June 10, 2026, saw a flurry of data breach announcements with multiple threat actor groups claiming responsibility for attacks on a diverse set of global companies. The victims span telecommunications, IT, manufacturing, logistics, and finance. U.S. telecom company AireSpring was allegedly hit by 'Chaos', while Norwegian IT firm Alpha IT AS was targeted by 'PEAR'. The 'WorldLeaks' group claimed attacks on India's Apollo Pipes, Sweden's GDL, and Indian fintech firm M1xchange. Other victims include HDFC Mutual Fund (breached by 'MORPHEUS'), Mid-Cumberland Human Resource Agency ('INSOMNIA'), and Auburn Electrical Construction ('Embargo'). This series of unrelated incidents highlights the broad and continuous threat landscape faced by organizations worldwide.

June 10, 2026
4 min read
Data BreachThreat ActorChaosPEARWorldLeaks +1 more
Wave of Data Breaches Hits Global Firms as Multiple Threat Actors Strike

ICS Patch Tuesday: Siemens, Schneider, Phoenix Contact Release Critical Advisories

HIGH

Siemens, Schneider Electric, and Phoenix Contact Address Vulnerabilities in ICS and OT Products for June 2026 Patch Tuesday

The June 2026 Industrial Control Systems (ICS) Patch Tuesday featured important security advisories from major OT vendors including Siemens, Schneider Electric, and Phoenix Contact. Siemens released four advisories covering multiple flaws in Sinec INS, Siprotec 5 relays, and other products, including a critical OpenSSL bug (CVE-2025-15467) affecting a wide range of devices. Schneider Electric patched vulnerabilities in its PowerLogic and EcoStruxure lines that could lead to DoS or command execution. Phoenix Contact addressed a flaw in its EV charging controllers. These updates highlight the ongoing effort to secure critical infrastructure against cyber threats.

June 10, 2026
4 min read
ICSOTPatch TuesdaySiemensSchneider Electric +2 more
ICS Patch Tuesday: Siemens, Schneider, Phoenix Contact Release Critical Advisories

LockBit 5.0 Ransomware Gang Claims Attack on Singapore's SCB Group

HIGH

LockBit 5.0 Adds Singaporean Construction Firm SCB Group to its Victim List in Double-Extortion Attack

The notorious LockBit 5.0 ransomware-as-a-service (RaaS) operation has claimed responsibility for a cyberattack against SCB Group, a construction company based in Singapore. The claim was posted on the group's dark web leak site on June 9, 2026. In a classic double-extortion tactic, the threat actors have threatened to publish a "full leak" of the company's data if SCB Group does not enter into negotiations. This incident highlights the persistent and global threat posed by the LockBit gang, which continues to target organizations across a wide range of industries.

June 10, 2026
4 min read
LockBitRansomwareData BreachSingaporeConstruction
LockBit 5.0 Ransomware Gang Claims Attack on Singapore's SCB Group

Infostealer Malware Poses Critical Supply Chain Risk to U.S. Defense Sector

HIGH

Flashpoint Report: Infostealers Targeting DoD and Defense Contractors for Credential Theft, Enabling Espionage

A new report from threat intelligence firm Flashpoint, released on June 10, 2026, warns that information-stealing malware represents a major and underestimated threat to the U.S. Department of Defense (DoD) and the Defense Industrial Base (DIB). With over 11 million devices compromised by infostealers in 2025, attackers are harvesting billions of credentials. These stolen logins are then used to gain initial access into sensitive contractor and government networks, bypassing traditional perimeter defenses. The report emphasizes that this creates a significant supply chain risk, where a breach at a single contractor can provide a foothold for adversaries to conduct espionage and map out the entire defense ecosystem.

June 10, 2026
4 min read
InfostealerCredential TheftSupply Chain AttackDoDDIB +2 more
Infostealer Malware Poses Critical Supply Chain Risk to U.S. Defense Sector

OT Cybersecurity Becomes a Board-Level Priority, Fortinet Report Finds

INFORMATIONAL

Fortinet Report: OT Security Governance Shifts to CISO as Maturity and Board-Level Concern Rises

A new report from Fortinet reveals a significant shift in how organizations are managing the security of their operational technology (OT). The 2025 State of OT and Cybersecurity Report, published June 10, 2026, shows that OT security is now a board-level concern. Reflecting this, over 50% of organizations now place OT security under the CISO's purview, a dramatic increase from 16% in 2022, with 81% planning to make this shift within a year. The report found a direct link between security maturity and operational resilience, with organizations that have more advanced practices like network segmentation experiencing fewer disruptive cyber incidents. This trend highlights a growing recognition of the substantial business risks posed by threats to cyber-physical systems.

June 10, 2026
4 min read
OTICSCybersecurityFortinetGovernance +2 more
OT Cybersecurity Becomes a Board-Level Priority, Fortinet Report Finds

Hackers Can Blind Your SOC: New Research Reveals How Attackers Abuse Cloud Logging for Stealth

MEDIUM

Unit 42 Details Techniques for Abusing AWS and Google Cloud Logging Services for Defense Evasion

New research from Unit 42 demonstrates how threat actors can target and abuse fundamental cloud logging services in AWS and Google Cloud to cover their tracks and evade detection. The report details several defense evasion techniques, including disabling logging mechanisms like AWS CloudTrail, deleting log storage buckets, altering log routing configurations, and manipulating encryption keys to render logs unreadable. By blinding these critical visibility tools, attackers can operate undetected within a compromised environment. The research provides defensive strategies and configurations to help organizations protect their cloud logging infrastructure from such attacks.

June 10, 2026
12 min read
Cloud SecurityAWSGCPDefense EvasionLog Manipulation +3 more
Hackers Can Blind Your SOC: New Research Reveals How Attackers Abuse Cloud Logging for Stealth

Updated Articles (4)

DragonForce Ransomware Targets Chicago Tour Company in Double Extortion Attack

MEDIUM

DragonForce Ransomware Claims Attack on Shoreline Sightseeing, Threatens Data Leak

Update:

The Dragonforce ransomware group has claimed another victim, Sayre Associates, Inc., a U.S. civil engineering and land surveying firm. On June 10, 2026, the group posted on its dark web leak site that it had exfiltrated sensitive data, including client information, project files, internal emails, and financial records. This incident highlights the group's continued targeting of small and medium-sized businesses with double-extortion tactics, threatening to publish stolen data to pressure the firm into paying a ransom. The firm operates in South Dakota, Iowa, and Minnesota.

June 1, 2026
Updated: June 10, 2026
5 min read
RansomwareDragonForceShoreline SightseeingDouble ExtortionChicago
DragonForce Ransomware Targets Chicago Tour Company in Double Extortion Attack

Active Exploitation of Critical PAN-OS Auth Bypass (CVE-2026-0257) Detected in the Wild

CRITICAL

Unit 42 Reports Active Exploitation of PAN-OS CVE-2026-0257 Authentication Bypass Vulnerability

Update:

Unit 42 has released a critical update providing specific Indicators of Compromise (IOCs) for the active exploitation of CVE-2026-0257. These include several suspicious IP addresses (e.g., 198.51.100.1, 203.0.113.10), hard-coded MAC addresses (e.g., 36:29:AF:C5:8F:BF), and device names (e.g., 'Win11', 'localhost.localdomain', 'pya-23-95-135') observed in pre-PoC exploitation. Organizations are urged to immediately search their GlobalProtect logs for these specific indicators to identify potential breaches and enhance their detection capabilities.

June 6, 2026
Updated: June 10, 2026
6 min read
CVE-2026-0257PAN-OSGlobalProtectAuthentication BypassVPN +2 more
Active Exploitation of Critical PAN-OS Auth Bypass (CVE-2026-0257) Detected in the Wild

Phishing Attacks Spike 28% as AI-Powered, Multi-Channel Campaigns Bypass Security

HIGH

AI and Multi-Channel Tactics Fuel 28% Surge in Phishing Attacks, Overwhelming Traditional Defenses

Update:

New research reveals a dramatic 14-fold increase in AI-generated phishing attacks in 2026, significantly escalating the threat. Attackers are leveraging AI to create highly personalized campaigns, including a record-breaking tax-themed phishing wave that saw a 400% increase in tax authority impersonations. A critical new evasion tactic involves a 50x rise in malicious SVG file attachments, designed to bypass traditional email security filters by embedding scripts within seemingly benign image files. This highlights evolving TTPs and an increased challenge for detection.

June 7, 2026
Updated: June 10, 2026
7 min read
phishingAIsmishingquishingMicrosoft +3 more
Phishing Attacks Spike 28% as AI-Powered, Multi-Channel Campaigns Bypass Security

Google Patches Fifth Actively Exploited Chrome Zero-Day of 2026

HIGH

Google Patches Actively Exploited High-Severity Chrome Zero-Day (CVE-2026-11645)

Update:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially recognized the active exploitation of CVE-2026-11645, the Google Chrome V8 zero-day, by adding it to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion mandates all U.S. Federal Civilian Executive Branch agencies to apply patches for this vulnerability by July 1, 2026. This development significantly elevates the urgency and priority for all organizations, not just federal ones, to remediate this flaw immediately due to confirmed ongoing attacks and its critical impact potential. The KEV listing serves as a clear signal of the severe and present danger posed by this vulnerability.

June 9, 2026
Updated: June 10, 2026
5 min read
Zero-DayGoogle ChromeV8 EngineRemote Code ExecutionBrowser Security +1 more
Google Patches Fifth Actively Exploited Chrome Zero-Day of 2026

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.