06/03/2026-06/10/2026 Microsoft Patches Record 206 Flaws, New Veeam Vulnerability, LiteLLM Vulnerability And More.

1. Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft’s June 2026 Patch Tuesday addresses a record 206 vulnerabilities — 39 Critical, 167 Important — spanning privilege escalation, RCE, information disclosure, and spoofing flaws, plus two non-Microsoft CVEs and over 350 Chromium fixes bundled with Edge.

The most severe is CVE-2026-45657 (CVSS 9.8), a Windows Kernel use-after-free enabling unauthenticated RCE via malicious TCP/IP traffic. Also critical: CVE-2026-47291 (CVSS 9.8) in HTTP.sys and CVE-2026-44815 (CVSS 9.8), a DHCP Client buffer overflow requiring no credentials or user interaction.

Three publicly disclosed zero-days are patched: CVE-2026-50507 (BitLocker bypass “bitskrieg”), CVE-2026-45586 (CTFMON privilege escalation, linked to “GreenPlasma”), and CVE-2026-49160 (HTTP.sys DoS tied to the HTTP2/Bomb technique, which can exhaust 64 GB RAM in ~45 seconds). The update also fixes “MiniPlasma,” an incomplete patch from December 2020. BitLocker bypass CVE-2026-45585 (“YellowKey”, CVSS 6.8) is additionally addressed.

The record patch volume is attributed to AI-assisted vulnerability discovery, a trend researchers expect to accelerate.

2. Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six vulnerabilities (collectively “Proto6”) have been discovered in protobuf.js, a JavaScript/TypeScript implementation of Google’s Protocol Buffers serialization library, enabling RCE and DoS attacks against Node.js applications, Google Cloud client libraries, messaging frameworks like Baileys, and CI/CD pipelines.

The six CVEs range from CVSS 5.3 to 8.7:

• CVE-2026-44289/44290 (CVSS 7.5): DoS via unbounded recursion and unsafe option paths
• CVE-2026-44292/44294 (CVSS 5.3): Prototype injection and DoS from crafted field names
• CVE-2026-44291 (CVSS 8.1): Code execution via prototype pollution gadget — the most severe
• CVE-2026-44295 (CVSS 8.7): Code injection in static output from malicious schema names

All flaws stem from the library treating schemas and metadata as trusted by default. CVE-2026-44291 is particularly dangerous: attacker-controlled input can pollute Object.prototype, causing protobuf.js to compile arbitrary JavaScript via Function().
Affected versions: protobufjs ≤7.5.5 / 8.0.0–8.0.1 and protobufjs-cli ≤1.2.0 / 2.0.0–2.0.1. Patches are available in protobufjs 7.5.6/8.0.2 and protobufjs-cli 1.2.1/2.0.2.

3. New Veeam Vulnerability Exposes Backup Servers to RCE Attacks

Veeam has patched CVE-2026-44963 (critical), an RCE vulnerability in Backup & Replication (VBR) affecting all version 12 builds up to 12.3.2.4465, discovered by WatchTowr researcher Sina Kheirkhah. Any authenticated low-privileged domain user can exploit it — but only on domain-joined servers, contrary to Veeam’s own workgroup deployment guidance. Version 13.x is unaffected. The fix is in version 12.3.2.4854.

No active exploitation has been reported, though Veeam warns attackers routinely reverse-engineer patches to target unpatched systems.

VBR is a persistent ransomware target: compromising backup servers enables data theft, lateral movement, and destruction of recovery options. CISA has listed four VBR flaws as actively exploited; Akira, Fog, Frag, Cuba, and FIN7-linked groups have all previously weaponized critical VBR RCE bugs — most recently CVE-2024-40711 in late 2024. Veeam serves 550,000+ customers globally, including 82% of Fortune 500 companies.

4. New Shai-Hulud Attack Trojanizes 19 Science-Focused PyPI Packages

A new wave of the Shai-Hulud supply-chain campaign has compromised 19 PyPI packages — including popular bioinformatics tools Dynamo, Spateo, CoolBox, U-FISH, and Napari-UFISH — across 37 malicious releases, collectively downloaded hundreds of thousands of times.

Discovered by Socket, the attack plants a *-setup.pth file and obfuscated _index.js payload inside compromised wheels. Simply starting Python triggers the PTH file, which downloads the Bun JavaScript runtime from GitHub to execute the script — activating silently during pip installs, test runs, or CI jobs.

The malware targets a broad range of developer secrets: GitHub tokens, npm/PyPI/RubyGems publishing tokens, AWS/GCP/Azure/Kubernetes credentials, SSH keys, Docker credentials, shell histories, and Claude/MCP config files. Exfiltration uses auto-created GitHub repositories; a secondary HTTPS channel mimics an Anthropic API endpoint for camouflage. Persistence is established via systemd (Linux) or LaunchAgents (macOS).

Shai-Hulud’s total attributed artifacts now stand at 453. Affected organizations should rotate all secrets and restore from clean backups.

5. LiteLLM Vulnerability Under Active Attack, CISA Warns (CVE-2026-42271)

CISA has added CVE-2026-42271, a command injection flaw in BerryAI’s LiteLLM AI gateway, to its Known Exploited Vulnerabilities catalog. LiteLLM is a widely used open-source library providing a unified interface for multiple LLM APIs.

The vulnerability, disclosed April 2026, stems from two MCP server test endpoints (POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list) that accepted full server configurations — including command, args, and env fields — and spawned supplied commands as subprocesses with proxy privileges. Exploitation required only a valid API key with no role check.

The attack bar drops further when chained with CVE-2026-48710 (“BadHost”), an authentication bypass in the Starlette framework that LiteLLM depends on, enabling unauthenticated RCE. Successful exploitation allows arbitrary command execution, credential theft, lateral movement into connected AI infrastructure, and downstream system compromise.

Fixes are available in LiteLLM v1.83.7 and Starlette v1.0.1. CISA has ordered federal agencies to patch by June 22. This marks the second weaponized LiteLLM flaw within a month.

6. CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

CISA has added CVE-2026-28318 (CVSS 7.5), a denial-of-service vulnerability in SolarWinds Serv-U file server software, to its KEV catalog due to active exploitation.
The flaw is an uncontrolled resource consumption bug: unauthenticated attackers can crash the Serv-U service by sending specially crafted POST requests using Content-Encoding: deflate. No credentials or user interaction are required.

SolarWinds published an advisory this week confirming the issue. CISA’s cataloging indicates the vulnerability is being actively leveraged in the wild, and federal civilian agencies are required to remediate it within the standard KEV deadline. Users are advised to apply available patches immediately.

05/27/2026-06/03/2026 Critical Oracle WebLogic Vulnerability, Critical Gogs RCE Vulnerability, Critical FortiClient EMS Flaw And More.

1. CISA Warns of Active Exploitation of Critical Oracle WebLogic Vulnerability

CISA has ordered federal agencies to secure systems affected by CVE-2024-21182, a critical Oracle WebLogic Server vulnerability now being actively exploited. The flaw impacts WebLogic versions 12.2.1.4.0 and 14.1.1.0.0 and can be exploited remotely without authentication, potentially allowing attackers to access sensitive data, execute malicious code, escalate privileges, and compromise enterprise infrastructure.

CISA added the vulnerability to its KEV Catalog and requires federal agencies to patch or mitigate affected systems by June 4 under Binding Operational Directive 22-01. Despite Oracle releasing fixes in 2024, over 1,500 internet-facing WebLogic servers remain vulnerable. WebLogic remains a frequent target for ransomware groups, espionage actors, and other cybercriminals due to its widespread use in critical sectors. CISA is urging organizations to apply updates immediately, restrict internet exposure, monitor systems for suspicious activity, and conduct security assessments to reduce risk.

2. Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical remote code execution (RCE) vulnerability has been discovered in Gogs, a self-hosted Git service, scoring 9.4 on the CVSS scale. No CVE has been assigned, and it remains unpatched despite being reported to maintainers on March 17, 2026. The flaw lets any authenticated user execute arbitrary code by creating a pull request with a malicious branch name that injects the --exec flag into git rebase during a merge operation. No admin privileges or interaction with other users is required — an attacker simply needs an account and a repository on a default-configured instance.

Successful exploitation could allow an attacker to breach the server, access all hosted repositories, dump credentials, move laterally across the network, and read other users’ private repositories.

Until a patch is available, administrators should restrict user registration and repository creation in app.ini, and audit rebase merge settings. Rapid7 has published a Metasploit module automating the full exploit chain against Linux and Windows targets.

3. Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Hackers are exploiting a critical authentication bypass flaw (CVE-2026-35616) in Fortinet’s FortiClient Enterprise Management Server (EMS) to deploy a previously undocumented credential stealer dubbed EKZ. The vulnerability allows unauthenticated attackers to execute arbitrary code via specially crafted requests.

Fortinet released emergency hotfixes in early April, and CISA ordered federal agencies to patch immediately. At the time, roughly 2,000 internet-exposed EMS instances were identified. In observed attacks, threat actors abuse endpoint APIs to perform unauthenticated administrative actions, modify VPN policies, and inject malicious scripts. Once an IPsec tunnel is established, legitimate FortiClient components silently execute PowerShell payloads that download EKZ disguised as a Fortinet update and exfiltrate harvested data over HTTP.

EKZ targets Chromium and Firefox browsers, stealing credentials, credit card details, cookies, and more. Defenders should watch for certificate-authentication anomalies, unexpected Remote Access Profile changes, and administrative actions originating from Tor or VPS IP addresses. Arctic Wolf’s report provides detailed detection guidance.

4. Malicious npm Package Stole Files From Claude AI User Directory via GitHub

A new malicious package, “mouse5212-super-formatter,” has been discovered on npm with data-stealing capabilities. It targets “/mnt/user-data,” a directory used by Anthropic’s Claude AI tool. Dubbed Malware-Slop, the malware disguises itself as a sync utility but actually authenticates to GitHub—using either a stolen token or a hard-coded fallback—and uploads all local files to an attacker-controlled account. Stolen files are stored in random folders to differentiate theft sessions. Fake network logs help hide its true behavior.

The package remains available on npm, with an estimated 676 downloads. The associated GitHub account, created on May 26, 2026, is now gone. Notably, the malware leaked its own private token, suggesting the attacker used AI to generate code without proper operational security. As OX Security warns, the lowered bar for creating malware means more sloppy, copycat threats will emerge until platforms like npm automatically block malicious packages.

05/20/2026-05/27/2026 CVE-2026-9082; 34 Packages in npm, PyPI, and Crates; Laravel-Lang PHP Packages Compromised And More.

1. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

Drupal’s highly critical SQL injection vulnerability, CVE-2026-9082, began seeing active exploitation within 48 hours of a patch released on May 20. The flaw affects Drupal sites using PostgreSQL databases, allowing unauthenticated attackers to inject arbitrary SQL commands through a vulnerable query-sanitization API. Successful exploitation can lead to data theft, privilege escalation, and potentially remote code execution.

Although fewer than 5% of Drupal installations use PostgreSQL, the vulnerability still impacts thousands of sites across government, education, media, and enterprise sectors. On May 22, Drupal updated its advisory to confirm that exploitation attempts had been detected in the wild. Security firm Imperva reported more than 15,000 attack attempts targeting nearly 6,000 sites across 65 countries within the first two days. Most activity has focused on reconnaissance, with gaming and financial services organizations accounting for nearly half of all attacks. The U.S., Singapore, and Australia are the most targeted countries. Administrators running Drupal on PostgreSQL are strongly advised to apply the patch immediately.

2. Hackers Compromised 34 Packages in npm, PyPI, and Crates in New Supply Chain Attack

Researchers have uncovered TrapDoor, an active supply chain campaign involving 34 malicious packages and 384 related versions across npm, PyPI, and Crates.io. The operation targets developers in cryptocurrency, DeFi, Solana, and AI communities by disguising malware as legitimate developer tools and security scanners.

The campaign began with the PyPI package eth-security-auditor on May 22, 2026, before rapidly spreading across repositories using deceptive names such as prompt-engineering-toolkit and defi-threat-scanner. Security firm Socket identified the packages within minutes, limiting widespread adoption. TrapDoor uses registry-specific execution techniques to run during normal installation and build processes. The malware steals crypto wallets, SSH keys, browser data, and AWS credentials while establishing persistence through systemd services, cron jobs, Git hooks, and shell hooks.

A notable feature is its targeting of AI coding assistants through poisoned .cursorrules and CLAUDE.md files containing hidden prompts that trick AI tools into exfiltrating credentials. Stolen tokens are validated through live API queries, while encrypted communications help evade detection.

3. Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have uncovered a software supply chain attack targeting multiple PHP packages belonging to Laravel-Lang, designed to deliver a credential-stealing framework. Affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. Over 700 malicious package versions were published in rapid succession on May 22–23, 2026, suggesting automated mass tagging and a compromise of the organization’s release infrastructure.

Notably, the attackers didn’t modify source code directly. Instead, they rewrote existing git tags to point to malicious commits containing a file — src/helpers.php — that auto-executes on application startup, fingerprints the host, and fetches a PHP payload from an external server. The stealer harvests an extensive range of data, including cloud credentials (AWS, GCP, Azure), CI/CD tokens, cryptocurrency wallets, browser data, password manager vaults, SSH keys, VPN configs, and session tokens for apps like Discord and Slack. Results are AES-256 encrypted and exfiltrated, after which the malware deletes itself to hinder forensic investigation.

4. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has patched a remote code execution vulnerability in SharePoint, tracked as CVE-2026-45659 (CVSS 8.8), that can be exploited without specialized conditions. The flaw stems from deserialization of untrusted data, allowing any authenticated attacker with minimum Site Member permissions to execute code remotely over a network — no elevated privileges required.

Updates have been released for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.  This follows last month’s patch for a separate SharePoint spoofing flaw (CVE-2026-32201, CVSS 6.5) that was actively exploited in the wild. While Microsoft considers CVE-2026-45659 less likely to be exploited, applying the fixes promptly is strongly advised — SharePoint vulnerabilities have historically been a recurring target for attackers.

5. GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks

GitHub has rolled out major npm security enhancements, including staged publishing and new install-time controls, to help prevent software supply chain attacks. With staged publishing, packages are no longer released immediately after publication. Instead, they enter a staging queue and require approval from a human maintainer before becoming publicly available. This adds a critical security checkpoint, reducing the risk of compromised CI/CD pipelines or unauthorized releases.

Available in npm CLI 11.15.0, staged publishing requires the use of npm stage publish and works best alongside OpenID Connect (OIDC)-based trusted publishing. Organizations can enforce stage-only workflows, ensuring final approval happens on a trusted device. GitHub also introduced new installation controls that restrict dependencies from local files, directories, remote URLs, or Git repositories. These settings help organizations create strict allowlists and reduce risks such as dependency confusion and code injection. Together, these updates move npm toward a more secure, zero-trust software supply chain model.

6. LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity flaw (CVE-2026-48172, CVSS 10.0) in the LiteSpeed User-End cPanel Plugin is being actively exploited in the wild. The vulnerability involves incorrect privilege assignment, allowing any cPanel user — including compromised accounts — to execute arbitrary scripts as root via the lsws.redisAble function. All plugin versions between 2.3 and 2.4.4 are affected; the issue is fixed in version 2.4.5, with a further-hardened release in cPanel plugin v2.4.7, bundled with WHM Plugin version 5.3.1.0. Any output warrants reviewing the associated IP addresses and blocking suspicious ones. If patching isn’t immediately possible, uninstalling the plugin is recommended. This follows the recent active exploitation of a separate critical cPanel flaw (CVE-2026-41940, CVSS 9.8) used to deploy Mirai botnet variants and ransomware.