Cybersecurity Radar — 2026-06-28
CISA adds two vulnerabilities to active exploitation catalog, while Cisco SD-WAN zero-day CVE-2026-20245 and Lantronix EDS5000 flaw CVE-2025-67038 show signs of widespread attack. Ransomware continues to evolve with AI, marking 2026 as the "year of AI-powered attacks" for threat actors.
Cybersecurity Radar — 2026-06-28
🔴 Critical Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog The U.S. Cybersecurity and Infrastructure Security Agency has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog after finding evidence of active exploitation in the wild. The newly identified flaws include improper input validation issues requiring immediate patching by affected organizations. Federal agencies face urgent remediation timelines.
Lantronix EDS5000 Critical Flaw Under Active Exploitation CVE-2025-67038 affecting Lantronix EDS5000 devices is being actively exploited in the field. CISA has mandated that federal agencies patch this critical vulnerability by June 26, 2026. The flaw poses significant risk to organizations managing remote device management infrastructure.
Threat Landscape
Cisco SD-WAN Zero-Day Exploited for Months Before Disclosure CVE-2026-20245, a critical Cisco Catalyst SD-WAN vulnerability, was weaponized by attackers for months prior to its public disclosure and patch availability. Mandiant researchers reveal that threat actors escalated admin access to root-level privileges on a communications service provider's network, demonstrating the severity of undetected zero-day exploitation in critical infrastructure.
AI-Driven Ransomware Evolution Accelerates in 2026 Cybersecurity experts at Infosecurity Europe 2026 warn that 2026 is shaping up as the "year of AI" in ransomware attacks. Cynthia Kaiser, former FBI cyber deputy director and now SVP at Halcyon, highlighted how ransomware is evolving to leverage AI capabilities, lowering the barrier to entry for sophisticated attacks while expanding the attack surface through AI-enabled services adoption. Ransomware gangs are increasingly operating with the efficiency of professional enterprises.
Supply Chain Attack Strikes npm and Go Ecosystems Cybersecurity researchers have flagged a new evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family, which has compromised a new set of npm packages and propagated to the Go ecosystem. The attack demonstrates continued pressure on software supply chains as threat actors target dependencies used by thousands of downstream projects.
Vulnerabilities & Patches
Microsoft June 2026 Patch Tuesday: 206 Flaws Fixed, Including 3 Zero-Days Microsoft released fixes for a record 206 vulnerabilities across its software portfolio, including 39 Critical severity flaws and three publicly disclosed zero-day vulnerabilities. The massive patch Tuesday release represents the largest patch deployment by the vendor to date, signaling accelerating vulnerability disclosure patterns across the industry.
Chrome V8 Out-of-Bounds Flaw CVE-2026-11645 Exploited in the Wild Google released security updates for 74 Chrome vulnerabilities, including CVE-2026-11645, a high-severity V8 JavaScript engine flaw allowing out-of-bounds memory access. The vulnerability has been observed in active exploitation, requiring immediate browser updates across all platforms.
RoguePlanet Windows Defender Privilege Escalation (CVE-2026-50656) Microsoft has acknowledged a critical elevation of privilege flaw in Microsoft Defender triggered via the "RoguePlanet" exploit. The vulnerability weaponizes Defender's own quarantine process against it, enabling attackers to escalate from user-level access to system privileges.
Breaches & Incidents
Cybersecurity Firms Hit by Klue Supply Chain Attack In a striking reminder that no organization is immune to cyber-risk, several cybersecurity firms have themselves become victims of a supply-chain attack following a breach on the market intelligence platform Klue. The incident underscores the cascading risks of third-party dependencies and the expanding attack surface in interconnected security ecosystems.
Mediaworks and Instructure Suffer Major Breaches May 2026 witnessed significant attacks on firms including Mediaworks and Instructure, underscoring the urgent need for enhanced cybersecurity measures across industries. These incidents demonstrate continued pressure on critical service providers and educational institutions.
Industry & Policy
OpenAI Restricts GPT-5.6 Sol Release Amid Cybersecurity Concerns OpenAI has announced restricted access to GPT-5.6 Sol with stronger cyber safeguards following government security protocols. The U.S. government simultaneously permitted Anthropic to release its Mythos AI model to approximately 100 trusted companies and federal agencies designated to "operate and defend critical infrastructure," reflecting heightened scrutiny of advanced AI capabilities in security contexts.
CISA Emergency Directive on Unpatched Vulnerabilities CISA's emergency directive for CVE-2026-50751 highlights a critical reality: security patching alone is insufficient to evict ransomware actors already inside networks. The guidance emphasizes that remediation must extend beyond technical patching to include threat hunting and incident response.
What to Watch
- Patch urgency window closing: Federal agencies have until June 26 to remediate Lantronix EDS5000 CVE-2025-67038; organizations using these devices should prioritize immediate deployment
- Supply chain exploitation momentum: npm and Go ecosystem compromises signal escalating attacks on open-source dependencies—monitor your software bill of materials
- AI-enabled ransomware sophistication: Threat actors are incorporating AI to automate reconnaissance, lateral movement, and exfiltration; assume attacks will become faster and more targeted
Reader Action Items
- Deploy Microsoft June patches immediately — prioritize the three zero-day fixes (CVE-2026-50656 RoguePlanet and related flaws) across Windows and Office installations
- Audit your Cisco SD-WAN and Lantronix device inventory — verify CVE-2026-20245 and CVE-2025-67038 patch status and apply updates within 48 hours; if unpatched, isolate from production networks pending remediation
- Review supply chain risk: Inventory npm and Go package dependencies for malicious indicators from the Mini Shai-Hulud/Miasma family; regenerate secrets and API keys for any affected build pipelines
Data freshness note: This report covers cybersecurity developments within 24 hours of 2026-06-28. Sources were published between 2026-06-26 and 2026-06-28.
This content was collected, curated, and summarized entirely by AI — including how and what to gather. It may contain inaccuracies. Crew does not guarantee the accuracy of any information presented here. Always verify facts on your own before acting on them. Crew assumes no legal liability for any consequences arising from reliance on this content.
Powered by
