← Back to Daily Briefing

The second week of June 2026 is marked by a high-velocity exploitation cycle targeting critical infrastructure and endpoints. Google Chrome faces its fifth zero-day of the year via an Out-of-Bounds (OOB) Read/Write in the V8 engine (CVE-2026-11645) and a Use-After-Free vulnerability (CVE-2026-11634). Simultaneously, Microsoft Exchange on-premises servers are targeted by an active zero-day (CVE-2026-42897). Infrastructure risks include a critical RCE in Unbound DNSSEC (CVE-2026-33278) and KEV-listed flaws in Arista and Cisco devices. A critical supply chain failure occurred when a CISA contractor exposed privileged AWS GovCloud credentials on GitHub, compromising high-security federal cloud environments. Immediate patching to Chrome v149.0.7827.102/.103 and remediation of KEV-listed assets are mandated.

  • Endpoint & Browser Vulnerabilities: Google Chrome

    • CVE-2026-11645 involves a high-severity Out-of-Bounds (OOB) Read/Write within the Chromium V8 JavaScript engine.
    • CVE-2026-11634 identifies a critical Use-After-Free (UAF) condition enabling potential arbitrary code execution.
    • The occurrence of five exploited zero-days within a single year suggests an increasingly efficient exploitation cycle, potentially accelerated by AI-driven vulnerability discovery.
  • Enterprise Server & Infrastructure Risks

    • Microsoft Exchange on-premises is under active exploitation via CVE-2026-42897, presenting a high risk to enterprise mail environments.
    • Unbound DNSSEC Validator contains a critical RCE (CVE-2026-33278) that threatens global DNS security and validation integrity.
    • Arista EOS (CVE-2026-7473) and Cisco Catalyst SD-WAN Manager (CVE-2026-20245) have been added to the CISA KEV catalog due to active exploitation.
  • Cloud Supply Chain & Credential Exposure

    • Privileged AWS GovCloud credentials were leaked via a public GitHub repository by a CISA contractor.
    • This event highlights a fundamental failure in credential hygiene and secret management within high-security federal ecosystems.
    • The exposure creates a direct path for unauthorized access to sensitive government cloud workloads.
  • Regulatory Mandates & Defensive Remediation

    • CISA BOD 22-01 mandates the immediate remediation of all vulnerabilities listed in the Known Exploited Vulnerabilities (KEV) catalog.
    • Endpoint administrators must ensure Chrome is updated to version 149.0.7827.102 (Windows) or .103 (macOS/Linux).
    • Organizations are advised to implement automated secret scanning for public repositories to prevent similar GovCloud credential leaks.

Related posts

  1. Krebs on Security — CISA Admin Leaked AWS GovCloud Keys on Github
  2. Wiu
  3. Tenable
  4. Akeyless
  5. Hkcert
  6. Chromereleases
  7. bleepingcomputer.com — Google patches new Chrome zero-day flaw exploited in the wild
  8. helpnetsecurity.com — Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)
  9. CISA Cybersecurity Advisories — CISA Adds Three Known Exploited Vulnerabilities to Catalog
  10. SC Media — Google releases emergency update for fifth Chrome zero-day exploited in the wild this year
  11. Thehackernews
  12. Socprime
  13. Forbes
  14. cybersecuritydive.com — IT sector faces growing threats from IP-hungry China, AI-enabled cybercriminals
  15. socprime.com — CVE-2026-11645: Chrome Zero-Day Vulnerability Exploited in the Wild
  16. threat-modeling.com — Google Chromium V8 Out-of-Bounds Read/Write (CVE-2026-11645): Remote Code Execution via Crafted HTML, Added to CISA KEV
  17. Mlq
  18. Cryptobriefing
  19. Securityaffairs
  20. eSecurity Planet — Zero-Days, AI Exploits, and Supply Chain Risks Define This Week in Cybersecurity in June 2026
  21. cybersecuritydive.com — Agentic AI surges in financial sector even as many firms fail to manage security risks
  22. techjacksolutions.com — Google Chromium V8 Out-of-Bounds Read/Write Zero-Day, Active Exploitation (CVE-2026-11645)
  23. Penligent
  24. Linuxsecurity
  25. Nvd
  26. Nhimg
  27. Reddit
  28. Dock
  29. Investingnews
  30. Csis
  31. The Register - Security — PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data
  32. Mandiant Blog — Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
  33. cybersecuritydive.com — China-nexus group linked to multiyear campaign targeting US, Canadian medical research
  34. Letsdatascience
  35. Straitstimes
  36. Securityweek
  37. Economictimes
  38. Bleepingcomputer
  39. Helpnetsecurity
  40. cyberscoop.com — Google exposes China espionage group that’s been lurking in networks undetected since 2023
  41. Microsoft Tech Community — Microsoft Leads a New Era of Software Supply Chain Transparency
  42. techjacksolutions.com — UNC6508: PRC Espionage Campaign Weaponizes REDCap to Steal Defense and Medical Research Across North America
  43. techjacksolutions.com — Vanderbilt University Medical Center / REDCap (UNC6508 Campaign) — Vulnerability Rollup (2026-06-15)
  44. Thenextweb
  45. Gnews
  46. Elastic
  47. SC Media — China-linked group uses InfiniteRed malware to target medical research institutions
  48. Threatprotect
  49. Lifehacker
  50. Cve
  51. arXiv (Computer Science - Cryptography and Security) — FuseChain: Runtime Evidence Reconstruction for Software Supply-Chain Attacks
  52. helpnetsecurity.com — EU Cybersecurity Act 2.0: When good regulation goes bad
  53. gbhackers.com — PRC-Nexus Hackers Abuse REDCap Servers to Monitor US Medical Research Organizations
  54. Security Affairs — China-linked actor spent two years inside medical research networks
  55. thecyberexpress.com — China Spent Over a Year Inside U.S. Medical Research Networks — And Used Google’s Own Email Rules to Steal Data
  56. fieldeffect.com — China-nexus actor abuses domain-level compliance rules
  57. techjacksolutions.com — UNC6508 Targets Medical Research with REDCap-Specific Malware, Exfiltrates Data via Email Compliance Rules
  58. techjacksolutions.com — UNC6508 Turned Google Workspace Against Its Users: Inside a 26-Month Espionage Campaign Targeting US and Canadian Research Networks
  59. Kfgo
  60. Cyber Defense Magazine — AI is Not Solving Cybersecurity Burnout Yet, New ISSA and Omdia Research Warns
  61. datawater.com — UNC6508: How a Chinese State-Sponsored Group Spent 26 Months Inside US and Canadian Research Labs Using a Misspelled Gmail Rule
  62. bleepingcomputer.com — Malicious JetBrains Marketplace plugins steal AI API keys from developers
  63. Google Cloud Security Community — Custom Malware Named INFINITERED - YARA-L Rules to Detect UNC6508
  64. gbhackers.com — JetBrains Plugin Security Alert: 70,000+ Installs Linked to AI Key Theft
  65. feeds.feedburner.com — Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
  66. Chromereleases
  67. Kaseya
  68. Cyberpress
  69. Hackyourmom
  70. Scworld
  71. Hackread
  72. Infosecurity-magazine
  73. Aikido
  74. Blog
  75. Orca
  76. Chainalysis
  77. Eisneramper
  78. Safeexpat
  79. Cnas
  80. techjacksolutions.com — China and DPRK Drive 2025-2026 Technology Sector Targeting Wave: Supply Chains, AI Assets, and IT Worker Fraud at the Core
  81. techjacksolutions.com — Cisco ISE Carries a Two-Vector Risk: Unauthenticated Credential Exposure Feeds Authenticated RCE, No Full Patch Until August
  82. Security Affairs — Cisco fixed a critical ISE vulnerability that lets attackers to gain root access
  83. Services
  84. Aiweekly
  85. Sec
  86. Sentinelone
  87. Feedly
  88. Vuldb
  89. Sharkstriker
  90. App
  91. Cyberpedia
  92. Endorlabs
  93. Vulert
  94. Advisory
  95. Github
  96. Miggo
  97. Test
  98. Socdefenders
  99. Tenable
  100. Grassley
  101. Hassan
  102. Youtube
  103. SecurityWeek — Critical Command Execution Vulnerability Patched in Cisco ISE

LINK COPIED TO CLIPBOARD