brangberg – Page 9

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release.

Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

The post Critical Vulnerabilities Patched in Fortinet, Ivanti Products appeared first on SecurityWeek.

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact

In addition, Rockwell Automation announced some enhancements to its SecureOT cybersecurity solution for OT.

The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact appeared first on SecurityWeek.

Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers.

Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber

ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances.

“On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” the company revealed in an advisory that requires customer access. “The update concerned a security issue that could allow an unauthenticated user, in

No Patch Planned for Exploited Arista EOS Vulnerability

Organizations are advised to apply vendor-supplied mitigations or discontinue the vulnerable devices.

The post No Patch Planned for Exploited Arista EOS Vulnerability appeared first on SecurityWeek.

Ivanti: Max severity Sentry flaw allows code execution as root

Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. […]

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet.

“The exploit is a race condition, so it’s a hit or miss,” the researcher, who published the exploit under a new GitHub account, “MSNightmare” said. “I have managed to get a 100% success rate on

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks.

“In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger

Anthropic rolls out Claude Fable 5, but it’s available for a limited time

Anthropic has begun rolling out a new model called “Fable,” which is based on the same underlying model as Mythos, its most powerful AI model class. […]

Author: brangberg