Vulnerability News

Napoleon Perdis Data Breach: 339K Australian Customer Records Leaked A threat actor using the alias 2019 claims to have leaked the customer database of Napoleon Perdis, the Australian luxury cosmetics brand. https://darkwebinformer.com/napoleon-perdis-data-breach-339k-australian-customer-records-leaked/

Zeemart Data Breach: 510K+ Records Leaked From Singapore F&B Platform A threat actor using the alias 2019 claims to have leaked the database of Zeemart, a Singapore-based B2B procurement and supply-chain platform for restaurants, cafes, and other food and beverage businesses. https://darkwebinformer.com/zeemart-data-breach-510k-records-leaked-from-singapore-f-b-platform/

SAP Patches Critical NetWeaver, Commerce Vulnerabilities The flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage. The post SAP Patches Critical NetWeaver, Commerce Vulnerabilities appeared first on SecurityWeek. https://www.securityweek.com/sap-patches-critical-netweaver-commerce-vulnerabilities/

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications Atsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible. The post New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications appeared first on SecurityWeek. https://www.securityweek.com/new-platform-uses-cryptographic-invisibility-to-protect-ai-built-applications/

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation appeared first on SecurityWeek. https://www.securityweek.com/claude-mythos-turns-n-days-into-n-hours-with-rapid-exploit-creation/

OpenSSL Patches High-Severity Vulnerability Found With AI A total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI. The post OpenSSL Patches High-Severity Vulnerability Found With AI appeared first on SecurityWeek. https://www.securityweek.com/openssl-patches-high-severity-vulnerability-found-with-ai/

Anthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity Guardrails  The AI giant also announced that Project Glasswing partners are being given access to the upgraded Mythos 5. The post Anthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity Guardrails  appeared first on SecurityWeek. https://www.securityweek.com/anthropic-launches-claude-fable-5-mythos-class-ai-with-cybersecurity-guardrails/

Adobe Patches 123 Vulnerabilities Nearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager product. The post Adobe Patches 123 Vulnerabilities appeared first on SecurityWeek. https://www.securityweek.com/adobe-patches-123-vulnerabilities/

Microsoft Patches 200 Vulnerabilities Three of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them. The post Microsoft Patches 200 Vulnerabilities appeared first on SecurityWeek. https://www.securityweek.com/microsoft-patches-200-vulnerabilities/

A Record-Breaking Patch Tuesday for June 2026 Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available. https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/

Google patches new Chrome zero-day flaw exploited in the wild Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...] https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...] https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-check-point-flaw-exploited-by-ransomware-gangs/

French govt messaging service breached in account hijacking attack DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...] https://www.bleepingcomputer.com/news/security/french-govt-messaging-service-breached-in-account-hijacking-attack/

New Veeam vulnerability exposes backup servers to RCE attacks Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...] https://www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/

GitHub disables Microsoft repos pushing password-stealing malware Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...] https://www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/

XBOW tests Anthropic's Mythos Preview for offensive security Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...] https://www.bleepingcomputer.com/news/security/xbow-tests-anthropics-mythos-preview-for-offensive-security/

Windows 11 KB5094126 & KB5093998 cumulative updates released Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5094126-and-kb5093998-cumulative-updates-released/

Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-3-zero-day-200-flaws/

Microsoft releases Windows 10 KB5094127 extended security update Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5094127-extended-security-update/

SAP fixes critical flaws in NetWeaver and Commerce Cloud SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...] https://www.bleepingcomputer.com/news/security/sap-fixes-critical-flaws-in-netweaver-and-commerce-cloud/