Today's security landscape is dominated by extensive patch releases from major vendors, addressing numerous vulnerabilities including several actively exploited zero-days. Supply chain attacks continue to be a significant concern, with new campaigns targeting software repositories and packages, while AI's role in both vulnerability discovery and potential exploitation is increasingly evident.

Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws — Microsoft released security updates for 200 flaws, including three publicly disclosed zero-day vulnerabilities, as part of its June 2026 Patch Tuesday. Read more →
Google patches new Chrome zero-day flaw exploited in the wild — Google released emergency updates for Chrome to patch a fifth zero-day vulnerability (CVE-2026-11645) exploited in the wild this year, an out-of-bounds memory access in V8. Read more →
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day — CISA has ordered U.S. government agencies to patch a critical Check Point Remote Access VPN and Mobile Access vulnerability (CVE-2026-50751) actively exploited by Qilin ransomware affiliates. Read more →
New Veeam vulnerability exposes backup servers to RCE attacks — Veeam released security updates for a critical Backup & Replication flaw (CVE-2026-44963) that allows authenticated domain users to achieve remote code execution on backup servers. Read more →
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories — The Miasma supply chain worm compromised 73 Microsoft GitHub repositories, injecting information stealer malware, with some repositories temporarily removed by Microsoft for investigation. Read more →
Adobe Patches 123 Vulnerabilities — Adobe released patches for 123 vulnerabilities, with nearly half of them, mostly allowing arbitrary code execution, affecting its Experience Manager product. Read more →
SAP fixes critical flaws in NetWeaver and Commerce Cloud — SAP issued fixes for 15 vulnerabilities in its June 2026 Security Patch package, including four critical-severity flaws impacting SAP NetWeaver and SAP Commerce Cloud. Read more →
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs — Two Russia-aligned groups are exploiting a WinRAR flaw (CVE-2025-8088), patched last July, for data theft and cyberespionage against Ukrainian military and government targets. Read more →