|
|
|
TODAY'S CALL
Drop what you're doing if you run PeopleSoft. CVE-2026-35273 is an unauthenticated takeover of PeopleTools, already exploited in the wild, and Oracle hasn't published a CVSS yet. Behind that, a CVSS 9.6 Chrome sandbox escape and a Zoom privilege escalation round out a Monday that earned your coffee.
|
|
DO FIRST
| • |
Apply the latest Oracle Critical Patch Update for PeopleSoft PeopleTools immediately and verify no signs of compromise in your environment
(CVE-2026-35273)
|
| • |
Upgrade Revo Uninstaller to version 2.7.0, or remove it from machines where it's not needed
(CVE-2026-12193)
|
| • |
Push Zoom Workplace updates to 7.0.4 (Android) and 7.0.3 (iOS) through your MDM or instruct users to update from their app store
(CVE-2026-53408)
|
| • |
Update Chrome to 149.0.7827.115 or later
(CVE-2026-12027)
|
| • |
Upgrade Koha to 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, or 26.11.00 depending on your branch
(CVE-2026-6428)
|
|
|
Clear the most in the fewest moves
2 updates close
multiple CVEs at once. Each row is one maintenance decision.
| ACTION |
CVES |
URGENCY |
IMPACT |
|
Update Chrome to 149.0.7827.115 or later
|
29
1 critical
|
Patch within 24 hours, internet-facing only
|
Browser relaunch
|
|
Push Zoom Workplace updates to 7.0.4 (Android) and 7.0.3 (iOS) through your MDM or instruct users to update from their app store
|
2
|
Patch this week, internet-facing only
|
—
|
|
|
TOP THREAT TODAY
|
|
An unauthenticated attacker can fully take over your PeopleSoft PeopleTools instance. No login, no user interaction, just straight-up missing authentication on a critical function. This is already exploited in the wild, so attackers know exactly how to hit it.
Who's affected: Anyone running Oracle PeopleSoft Enterprise PeopleTools on-prem or hosted
| |
Patch immediately given active exploitation.
Apply the latest Oracle Critical Patch Update for PeopleSoft PeopleTools immediately and verify no signs of compromise in your environment.
Exposure:
Active exploitation (KEV)
|
NVD
KEV
|
|
|
CVE-2026-12193
CVSS 7.8
EPSS 0.19%
|
HIGH
|
A heap-based buffer overflow in the Revo Uninstaller kernel driver (RevoDetector.sys) lets a local attacker escalate privileges through a malicious IOCTL call. The catch: the attacker already needs local access to your machine. A public exploit exists, but this is a consumer utility, not something you'd typically find in managed enterprise fleets.
Affects: Anyone with Revo Uninstaller 2.5.x or 2.6.x installed on Windows workstations
| |
Monitor and patch.
Upgrade Revo Uninstaller to version 2.7.0, or remove it from machines where it's not needed.
Exposure:
Estate exposure
|
NVD
Ref 1
Ref 2
|
|
CVE-2026-53408
CVSS 8.1
EPSS 0.21%
|
HIGH
|
Zoom Workplace for Android and iOS mishandles custom URL schemes, letting an unauthenticated attacker escalate privileges over the network. Someone could trick a user into tapping a crafted link that Zoom processes with too much trust. CVSS 8.1, so this is a real concern if your workforce relies on mobile Zoom.
Affects: Anyone managing Zoom Workplace on mobile devices: Android before 7.0.4, iOS before 7.0.3
| |
Patch this week.
Push Zoom Workplace updates to 7.0.4 (Android) and 7.0.3 (iOS) through your MDM or instruct users to update from their app store.
Exposure:
Internet-facing systems
|
ONE UPDATE · 2 CVEs
NVD
Ref 1
|
|
CVE-2026-12027
CVSS 9.6
EPSS 0.22%
|
CRITICAL
|
If an attacker already has code execution inside Chrome's renderer (through a separate bug or exploit chain), this vulnerability lets them escape the sandbox entirely. That means full access to the underlying OS. CVSS 9.6 reflects the severity: a crafted HTML page is the trigger. Chrome Headless environments are specifically called out, so if you run headless Chrome for automation, scraping, or testing, pay extra attention.
Affects: Anyone running Google Chrome or Chromium-based browsers before 149.0.7827.115, especially teams using headless Chrome for automation or CI/CD pipelines
| |
Patch within 24 hours for internet-facing systems.
Update Chrome to 149.0.7827.115 or later. Restart all browser instances and headless Chrome processes to pick up the new version.
Exposure:
Internet-facing systems
·
Op impact:
Browser relaunch
|
ONE UPDATE · 29 CVEs
1 CRITICAL
NVD
Ref 1
Ref 2
|
|
CVE-2026-6428
CVSS 7.6
EPSS 0.24%
|
HIGH
|
A SQL injection bug in Koha's reports module lets any authenticated staff member with the Reports flag read your entire application database, including password hashes, 2FA secrets, API keys, session tokens, and patron PII. The exploit is trivial: one GET request with a crafted Filter parameter. This bug has been sitting in the code since 2008, and a proof of concept is public.
Affects: Library sysadmins running Koha through 22.11.37, or any 23.x/24.x/25.x/26.x release before the fixed versions (22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, 26.11.00)
| |
Patch within 24 hours if internet-facing or otherwise exposed.
Upgrade Koha to 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, or 26.11.00 depending on your branch. After patching, rotate all API keys, invalidate active sessions, and review access logs for suspicious requests to reports/catalogue_out.pl.
Exposure:
Network-reachable systems
·
Op impact:
Service restart
|
NVD
Ref 1
Ref 2
|
|
Community Signal Check
|
Oracle PeopleSoft zero-day CVE-2026-35273 exploited by ShinyHunters for data theft
CVE-2026-35273 is an unauthenticated RCE in PeopleSoft PeopleTools (CVSS 9.8), exploited in the wild by ShinyHunters since late May to hit universities and enterprises. Oracle shipped the patch on June 10. If you run PeopleSoft on-prem, this one's top priority tonight.
The Hacker News
•
active_exploitation
|
|
Check Point VPN zero-day CVE-2026-50751 exploited by Qilin ransomware affiliate
Attackers are bypassing authentication on Check Point Remote Access VPN and Mobile Access gateways using CVE-2026-50751, no valid credentials needed. A Qilin ransomware affiliate has been exploiting this since May, and CISA added it to the KEV catalog on June 8. If you run Check Point VPN with IKEv1 configs, patch immediately and audit VPN session logs for unauthorized connections.
Rapid7
•
active_exploitation
|
|
KB5094126 breaks Remote Desktop printer redirection
After applying KB5094126, redirected printers may vanish from RDP sessions, print jobs may fail, or sessions may hang on connect/reconnect. Test RDP printer redirection in a staging environment before broad rollout. Have a rollback plan ready if your users depend on remote printing.
Application Readiness
•
regression
|
|
June update fixes BSOD caused by KB5089573
KB5089573 caused HYPERVISOR_ERROR and KMODE_EXCEPTION_NOT_HANDLED blue screens on some devices. The June quality update fixes both. If you've got users reporting BSODs after recent patching, check whether KB5089573 is installed and push the corrective update.
Petri
•
broken_patch
|
|
|
SECURE BOOT ·
9 days until Microsoft Secure Boot certificates begin expiring (June 24, 2026).
How to remediate →
|
|
Also patched this window
Lower-priority items that cleared the enterprise filter. Scan for anything in your estate.
7.2
CVE-2026-12197
A security flaw has been discovered in Ruijie EG105G-P 2.340.
|
8.1
CVE-2026-11846 · browser:edge
The
iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion…
|
8.0
CVE-2026-48165
MariaDB server is a community developed fork of MySQL server.
|
8.0
CVE-2026-48163
MariaDB server is a community developed fork of MySQL server.
|
8.0
CVE-2026-44168
MariaDB server is a community developed fork of MySQL server.
|
7.4
CVE-2026-12068 · browser:firefox
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote…
|
7.0
CVE-2026-54230
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport.
|
7.0
CVE-2026-54229
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method.
|
7.8
CVE-2026-54228
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method.
|
7.8
CVE-2026-6676
Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may…
|
Plus 33 more this window. See
NVD
for the full list.
|
|
Recent from the blog
A crash got a federal patch deadline. Here's why that's the right call
CVE-2026-28318 is a 7.5 denial-of-service bug in SolarWinds Serv-U, the kind that usually waits. CISA listed it on KEV two days after the f…
Three June 30 Microsoft 365 retirements that fail silently
A printer stops scanning to email, a conference-room keyboard's mute key dies, a town hall won't schedule. None of these will announce them…
Your Azure CLI session has an MFA exemption you never asked for
Two Entra Conditional Access changes land in the same fortnight, and they're the lead evidence in a longer story: Microsoft is closing the…
|
|
That's your patch day digest.
|
|
patchdayalert.com
|
|
