CyberNews: 06/06/2026 Edition

Today’s roundup

Summary

Cisco has issued an urgent warning regarding the active exploitation of CVE-2026-20245, a high-severity vulnerability (CVSS 7.8) in its Catalyst SD-WAN Manager. The flaw impacts multiple deployment types, including on-premise and cloud, and critically, no patch is currently available. Organizations are advised to implement immediate mitigation strategies to prevent exploitation of this network infrastructure vulnerability.


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity denial-of-service (DoS) flaw, CVE-2026-28318 (CVSS 7.5), affecting SolarWinds Serv-U multi-protocol file server software, to its Known Exploited Vulnerabilities (KEV) catalog. This action highlights confirmed active exploitation by threat actors, who are leveraging the vulnerability to crash targeted servers.


Microsoft's GitHub repositories have fallen victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident affected 73 repositories across four Microsoft GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs. GitHub has responded by disabling access to these compromised repositories to contain the widespread impact.


Over 900 automatic tank gauge (ATG) systems across the United States have been found exposed online and are currently vulnerable to active attacks. These ATGs, crucial for monitoring fuel and chemical storage in various critical infrastructure sectors, face exploitation risks that could lead to significant operational disruptions.


A security researcher, utilizing Anthropic's Claude Opus 4.8 AI, uncovered a critical four-year-old vulnerability in Zcash's Orchard privacy pool. This flaw could have allowed for the undetectable creation of counterfeit ZEC. An emergency fix was deployed on June 1, 2026, though it remains cryptographically impossible to determine if prior exploitation occurred due to Zcash's privacy features.

Want to dig deeper?

Vulnerabilities