██████╗██╗   ██╗██████╗ ██████╗     ██████╗██╗  ██╗
 ██╔════╝╚██╗ ██╔╝██╔══██╗██╔══██╗   ██╔════╝╚██╗██╔╝
 ██║      ╚████╔╝ ██████╔╝██████╔╝ ● ██║      ╚███╔╝ 
 ██║       ╚██╔╝  ██╔══██╗██╔══██╗   ██║      ██╔██╗ 
 ╚██████╗   ██║   ██████╔╝██║  ██║   ╚██████╗██╔╝ ██╗
  ╚═════╝   ╚═╝   ╚═════╝ ╚═╝  ╚═╝    ╚═════╝╚═╝  ╚═╝
────────────────────────────────── STAY SHARP ───

Critical PTC Windchill Flaw Actively Exploited, Patch Now

Today's cybersecurity digest — CVEs, headline news, quantum computing, and something weird. June 28, 2026

Share

cybr.cx | Sunday, June 28, 2026


Critical Vulnerabilities

Note: No new CVEs meeting the CVSS ≥ 7.0 threshold were published to NVD in the last 24 hours. The entries below are drawn entirely from the CISA KEV — all are confirmed actively exploited in the wild and require immediate attention regardless of formal CVSS scoring.


⚠️ Actively exploited — CVE-2026-12569 | PTC Windchill & FlexPLM
An improper input validation flaw in PTC's Windchill PLM and FlexPLM platforms allows an unauthenticated remote attacker to achieve arbitrary code execution by sending a specially crafted network request. These are enterprise product lifecycle management systems often carrying sensitive engineering and manufacturing data — a foothold here can devastate industrial and supply chain operations. CISA's remediation deadline was today, June 28. If you haven't patched, treat this as a fire drill.

⚠️ Actively exploited — CVE-2026-20230 | Cisco Unified Communications Manager
A server-side request forgery (SSRF) vulnerability in Cisco Unified CM and Unified CM SME allows an unauthenticated remote attacker to write arbitrary files to the underlying operating system — effectively a pre-auth file write primitive on your phone infrastructure. Given the scale of Cisco UCM deployments across enterprise and government, the attack surface is enormous. Combined with today's headline story on VoIP targeting, this is a critical intersection of threat and vulnerability. Patch immediately; no authentication is required to exploit this.

⚠️ Actively exploited — CVE-2025-67038 | Lantronix EDS5000
A code injection vulnerability in the Lantronix EDS5000 serial device server allows attackers to inject arbitrary OS commands through the username parameter, with injected commands executing as root. The EDS5000 is commonly used to bridge legacy serial equipment to IP networks in industrial and OT environments — root-level access on these devices can pivot directly into operational technology. CISA's due date was June 26, meaning federal agencies are already past deadline. Check your OT network perimeters.

⚠️ Actively exploited — CVE-2026-34910, CVE-2026-34909, CVE-2026-34908 | Ubiquiti UniFi OS
Three distinct vulnerabilities in Ubiquiti UniFi OS are being actively exploited together and should be treated as a chain. CVE-2026-34910 is a command injection flaw; CVE-2026-34909 is a path traversal that can expose and manipulate underlying account files; CVE-2026-34908 is an improper access control bug allowing unauthorised system changes. Any network-adjacent attacker can potentially chain these for full device compromise. UniFi gear is ubiquitous in SMBs, schools, and distributed enterprise branches — update UniFi OS immediately and audit for signs of lateral movement.


Headline News

VoIP Infrastructure Under Industrialised Attack on Port 5060

SIP port 5060 — the backbone of most enterprise VoIP systems — is facing what researchers are describing as industrialised, automated attack campaigns operating at a scale and sophistication that demands a security reclassification of business phone infrastructure. Threat actors are deploying credential-stuffing tools and SIP-aware scanners to enumerate extensions, harvest credentials, and commit toll fraud, eavesdrop on calls, or establish persistent footholds in unified communications environments. The timing is particularly pointed given CVE-2026-20230 in Cisco Unified CM being actively exploited right now, suggesting adversaries may be correlating SIP-layer reconnaissance with known application-layer vulnerabilities. Practitioners should audit SIP exposure, enforce strong authentication, rate-limit INVITE requests, and consider whether their telephony systems are even visible to the public internet — most don't need to be.

Anatomy of a Nation-State Intrusion Attempt — Dissected

A detailed technical post-mortem of a suspected nation-state intrusion attempt has been making the rounds among practitioners, and it's worth reading carefully. The attacker's methodology involved layered obfuscation, careful timing to blend with legitimate traffic patterns, and what appears to be prior reconnaissance suggesting the target was selected deliberately rather than opportunistically. What makes this case instructive is the failure mode — the attack was ultimately stopped not by a single control but by a combination of anomaly detection, log correlation, and an analyst who noticed something slightly off in authentication timing. The writeup is a useful reminder that nation-state actors do fail, that defence in depth works, and that human analysts remain a critical — and irreplaceable — part of the detection stack.

Apple and Tata Electronics Respond to Sensitive File Leak

Apple is actively working with its Indian contract manufacturer Tata Electronics following a data breach that exposed sensitive internal files earlier this month. The leaked material reportedly included manufacturing specifications and internal documentation — the kind of supply chain intelligence that is valuable both to competitors and to nation-state actors interested in understanding Apple's production processes. Supply chain breaches of this nature are increasingly a vector of choice: rather than attacking a hardened primary target directly, adversaries compromise a supplier with potentially weaker security controls. Practitioners managing vendor relationships should review what sensitive technical documentation is shared with third parties, how it is protected at rest and in transit, and whether supplier security assessments reflect actual risk exposure rather than checkbox compliance.


Schrödinger's Feed

The White House has issued new Executive Orders on quantum technology, and the policy community is now parsing the details closely. The orders appear to accelerate domestic quantum R&D investment while establishing guardrails around export and foreign access to quantum capabilities — framing quantum as explicitly a national security asset rather than purely a scientific one. From a cryptography standpoint, this signals that the US government views the timeline to cryptographically relevant quantum computing as a serious planning horizon, not a distant abstraction. Practitioners who haven't started mapping their organisation's exposure to harvest-now-decrypt-later attacks — where adversaries are archiving encrypted traffic today for future decryption — should treat these Executive Orders as a policy-level alarm bell.


/dev/random

Researchers have demonstrated that AI can now perform what chip designers call the "dark art" of radio frequency integrated circuit (RFIC) design — a discipline so dependent on accumulated human intuition, tacit knowledge, and hard-won experience that it was widely considered one of the last domains immune to automation. The AI system navigated the nightmarish multi-variable optimisation landscape of analogue RF design, where changing one parameter can cascade unpredictably through gain, noise, linearity, and power consumption simultaneously. The results reportedly matched or exceeded experienced human designers on several benchmark circuits. The security implication is quietly significant: cheaper, faster RF chip design could eventually lower the barrier to custom radio hardware for both legitimate and adversarial purposes — think bespoke radio implants or signal intelligence hardware that today requires nation-state-level engineering talent to produce.