ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)

Advisoryloom Editor — Tue, 02 Jun 2026 02:02:44 +0000

USN-8361-1: Linux kernel vulnerability

Advisoryloom Editor — Mon, 01 Jun 2026 23:32:18 +0000

A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystem:
– Packet sockets;
(CVE-2026-31504)

RHSA-2026:22330: Important: fence-agents security update

Advisoryloom Editor — Mon, 01 Jun 2026 23:32:16 +0000

An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

RHSA-2026:22329: Important: openssh security update

Advisoryloom Editor — Mon, 01 Jun 2026 23:32:16 +0000

An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.

RHSA-2026:22328: Important: java-21-ibm-semeru-certified-jdk security update

Advisoryloom Editor — Mon, 01 Jun 2026 23:32:16 +0000

An update for java-21-ibm-semeru-certified-jdk is now available for Red Hat Enterprise Linux 10.0 Extended Update Support, Red Hat Enterprise Linux 10, and Red Hat Enterprise Linux 10.2 Extended Update Support.

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Advisoryloom Editor — Mon, 01 Jun 2026 23:31:53 +0000

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. […]

CVE-2026-8206

Advisoryloom Editor — Mon, 01 Jun 2026 22:04:48 +0000

Severity Not Scored

Description

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. This makes it possible for unauthenticated attackers to send a password reset link for any user registered on the site to their own email address.

CVE-2026-10249

Advisoryloom Editor — Mon, 01 Jun 2026 22:04:48 +0000

Medium Severity

Description

A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted…

CVE-2026-10246

Advisoryloom Editor — Mon, 01 Jun 2026 22:04:48 +0000

Medium Severity

Description

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/main. The manipulation of the argument medicine_presentation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Anthropic to Open Mythos AI to EU’s ENISA

Advisoryloom Editor — Mon, 01 Jun 2026 22:04:42 +0000

The European security agency’s entry to Project Glasswing is the result of “strong bilateral cooperation” between the European Commission and Anthropic.