The Archive · 2026
Cybersecurity, AI, and IT news for businesses worldwide. What changed this week, and what to do about it.
Microsoft's June 2026 Patch Tuesday: A Wormable Kernel Flaw, a Fresh Zero-Day, and the Biggest Patch Drop in History
Microsoft patched over 200 vulnerabilities on June 9, 2026, the largest Patch Tuesday ever, while a researcher dropped a live zero-day hours later. Here is what to fix first.
Check Point VPN Zero-Day CVE-2026-50751 Is Being Exploited Right Now, and Qilin Ransomware Is Already at the Door
A critical authentication bypass in Check Point Remote Access VPN lets attackers in without a password. Active exploitation was confirmed June 8, 2026, and Qilin ransomware is already involved.
Check Point VPN Zero-Day CVE-2026-50751: Attackers Had a Month's Head Start, Qilin Ransomware Now Involved
A critical authentication bypass in Check Point VPN was exploited for nearly a month before the vendor noticed. A patch is out, but your first job is finding out whether attackers are already inside.
CVSS 9.8 Windows Netlogon Flaw CVE-2026-41089 Is Under Active Attack: Patch Every Domain Controller Now
Belgium's CCB confirmed on June 1, 2026 that attackers are actively exploiting CVE-2026-41089, a critical unauthenticated RCE in Windows Netlogon. Every unpatched domain controller is a live target.
Attackers Are Actively Exploiting a CVSS 9.8 Windows Netlogon Flaw: Every Domain Controller Is at Risk
CVE-2026-41089 gives unauthenticated attackers SYSTEM-level control of Active Directory domain controllers. If your Windows Server environment is unpatched, you are a live target right now.
Attackers Are Actively Exploiting a Critical Windows Netlogon Flaw: Patch Your Domain Controllers Now
CVE-2026-41089 scores 9.8, needs zero credentials, and gives attackers full remote code execution on Windows domain controllers. Belgium's CCB confirmed active exploitation on June 1. The patch has been out since May 12.
Hackers Are Actively Exploiting a CVSS 9.8 Windows Netlogon Bug. If You Run Domain Controllers, Patch Right Now.
A flaw Microsoft rated "less likely to be exploited" is now being used in real attacks. Your domain controllers are the target, and the blast radius is your entire Active Directory forest.