██████╗██╗   ██╗██████╗ ██████╗     ██████╗██╗  ██╗
 ██╔════╝╚██╗ ██╔╝██╔══██╗██╔══██╗   ██╔════╝╚██╗██╔╝
 ██║      ╚████╔╝ ██████╔╝██████╔╝ ● ██║      ╚███╔╝ 
 ██║       ╚██╔╝  ██╔══██╗██╔══██╗   ██║      ██╔██╗ 
 ╚██████╗   ██║   ██████╔╝██║  ██║   ╚██████╗██╔╝ ██╗
  ╚═════╝   ╚═╝   ╚═════╝ ╚═╝  ╚═╝    ╚═════╝╚═╝  ╚═╝
────────────────────────────────── STAY SHARP ───

Check Point VPN Auth Bypass Under Active Attack

Today's cybersecurity digest — CVEs, headline news, quantum computing, and something weird. June 10, 2026

Share

cybr.cx — Daily Digest | June 10, 2026


Critical Vulnerabilities

⚠️ Actively exploited — CVE-2026-50751 | Check Point Security Gateway | CVSS: N/A
An improper authentication flaw in Check Point Security Gateway's IKEv1 key exchange allows unauthenticated remote attackers to bypass authentication and establish remote access VPN connections without valid credentials. CISA's remediation deadline is tomorrow, June 11 — if you haven't patched or mitigated this yet, stop reading and go do it now. Any organisation running Check Point VPN should treat this as a fire drill.

⚠️ Actively exploited — CVE-2026-11645 | Google Chromium V8 | CVSS: N/A
An out-of-bounds read/write in Chromium's V8 JavaScript engine enables remote code execution inside the browser sandbox via a crafted HTML page. This affects Chrome, Edge, and any Chromium-derived browser. Sandbox escapes may follow — push browser updates across your fleet immediately and consider blocking untrusted browsing until patched.

⚠️ Actively exploited — CVE-2026-20245 | Cisco Catalyst SD-WAN Manager | CVSS: N/A
An output encoding flaw in Cisco Catalyst SD-WAN Manager (formerly vManage) allows an authenticated local attacker to execute arbitrary commands as root by supplying a crafted file. With SD-WAN management planes being high-value targets for nation-state actors, the blast radius here is significant — patch or isolate management interfaces now.

⚠️ Actively exploited — CVE-2026-7473 | Arista EOS | CVSS: N/A
Arista's Extensible Operating System contains an incomplete comparison vulnerability that causes switches to incorrectly decapsulate and forward unexpected tunnelled packets matching a configured decapsulation IP. Active exploitation of network infrastructure bugs is always alarming — this can be used to redirect or intercept traffic at the fabric level.

⚠️ Actively exploited — CVE-2026-42271 | BerriAI LiteLLM | CVSS: N/A
A command injection vulnerability in LiteLLM allows any authenticated user — including low-privilege internal-user key holders — to execute arbitrary commands on the host. Given how widely LiteLLM is deployed in AI development pipelines, this is a direct path to full host compromise for any multi-tenant or shared LLM gateway deployment.

⚠️ Actively exploited — CVE-2022-0492 | Linux Kernel | CVSS: N/A
Yes, this is a 2022 CVE — and it's still being actively exploited. A privilege escalation flaw via the cgroups v1 release_agent feature allows local privilege escalation to root. Its reappearance in CISA KEV suggests renewed exploitation activity, likely in container escape scenarios. Audit whether your kernel and container runtime mitigations are actually in place.

CVE-2026-42985 | Microsoft Remote Desktop Client | CVSS: 8.8
A heap-based buffer overflow in the Windows Remote Desktop Client allows an unauthenticated attacker to execute code over the network. No interaction required beyond the client initiating or receiving a connection — a high-priority patch for any organisation using RDP extensively.

CVE-2026-8365 | WordPress Blocksy Theme (≤ 2.1.35) | CVSS: 8.8
PHP Object Injection via the blocksy_meta REST API field can lead to Remote Code Execution. The sanitization in blocksy_sanitize_post_meta_options() only strips < and >, leaving serialized PHP objects completely unblocked. Update the Blocksy theme immediately — REST API endpoints are trivially reachable by unauthenticated users by default.

CVE-2026-46746 | Siemens SINEC INS (< V1.0 SP2 Update 6) | CVSS: 8.8
Shell command injection via crafted directory names in the /api/sftp/uploadFiles endpoint — payloads are stored and triggered when directory listings are fetched. An authenticated attacker gets arbitrary remote code execution on OT network management infrastructure. Patch or restrict access to this endpoint at the network perimeter.


Headline News

Microsoft's Open Source AI Tooling Hit by Supply Chain Attack

Attackers successfully compromised dozens of Microsoft-maintained open source repositories on GitHub, injecting credential-stealing malware into projects tied to Azure cloud services and AI development tooling used within VS Code. The malicious code was designed to harvest developer credentials — a particularly damaging target given that developers with Azure access can pivot directly into production cloud environments. Microsoft has since disabled access to the affected repositories, but the window of exposure means any developer who pulled these packages during the compromise period should rotate credentials, audit cloud access logs, and review any CI/CD pipeline that consumed the affected code. This follows a pattern of attackers specifically hunting AI and cloud tooling ecosystems, where a single compromised dependency can cascade across thousands of downstream environments. Security teams should treat developer workstations and build pipelines as critical infrastructure, not afterthoughts.

Shai-Hulud Campaign Trojanizes 19 PyPI Science Packages

A supply chain campaign dubbed Shai-Hulud has compromised 19 science-focused Python packages on PyPI — packages with a collective download count in the hundreds of thousands — injecting malware engineered to exfiltrate developer secrets. The targeting of science-domain packages (numerical computing, data analysis, and similar libraries) suggests deliberate focus on research institutions, universities, and data engineering teams rather than a purely opportunistic spray. The malware's primary objective appears to be credential and secret harvesting, meaning API keys, SSH keys, and cloud tokens stored on developer machines are at risk. Combined with the Microsoft GitHub attack above, this represents a sustained and coordinated pressure campaign against the software supply chain feeding AI and research workloads. Teams consuming PyPI packages in automated pipelines should audit recent installs against the published indicator lists and consider pinning packages with hash verification.

Meta Accuses NSO Group of Violating WhatsApp Court Injunction

Meta has asked a court to hold NSO Group in contempt, alleging the Israeli spyware vendor violated a permanent injunction issued after WhatsApp's landmark legal victory last year — specifically by continuing to target WhatsApp users through phishing campaigns and test accounts. If accurate, this means NSO either couldn't or chose not to halt Pegasus-related operations against the platform despite a binding court order. For practitioners, the relevant takeaway is operational: court orders are not a technical control, and organisations or individuals who may be targeted by nation-state-grade spyware cannot rely on legal remedies as a protective layer. The allegations also raise questions about whether Pegasus infrastructure was sufficiently dismantled after the ruling or merely repointed. Defenders working in high-risk environments (journalists, activists, executives, government contractors) should treat mobile device threat models as live and act accordingly.


Schrödinger's Feed

Keyfactor has announced a "Trust Control Plane" — a unified management layer for machine identities and cryptographic assets, explicitly framed around preparing enterprises for the post-quantum transition. The pitch is centralised visibility and control over the certificates, keys, and crypto policies that secure machine-to-machine communication, at a time when organisations are still cataloguing what cryptography they actually have deployed. With NIST's PQC standards now finalised and migration timelines tightening, the harder problem turns out not to be which algorithms to adopt but finding everything that needs migrating across sprawling hybrid infrastructure. Practitioners should keep an eye on this space — crypto agility and inventory tooling are quietly becoming the unsexy but critical prerequisite to any meaningful quantum-readiness programme.


/dev/random

In what may be the most on-brand security incident of 2026, attackers chose to compromise Microsoft's own open source developer tooling on GitHub specifically to steal credentials from AI developers — essentially hacking the people building the AI, rather than the AI itself. The attack injected malicious code into VS Code-adjacent repositories, meaning the compromise lived inside the tools developers trust most and scrutinise least. It's the software equivalent of poisoning the coffee machine in the security team's office: audacious, effective, and deeply inconvenient. The lesson, as ever, is that "it's from a trusted vendor's official repo" is a vibe, not a security control.