10 JUN 2026 | FOR: SENIOR SRE/INFRASTRUCTURE β LOS ANGELES
BLUF: June 2026 Patch Tuesday is record-breaking at 206 CVEs with one zero-day (RoguePlanet) already exploited in the wild; Ivanti Sentry carries a max-severity unauthenticated RCE; ServiceNow is actively being exploited against customer instances β patch or mitigate all three today.
CYBER
PATCH TUESDAY β IMMEDIATE ACTION REQUIRED
- Microsoft patched 206 vulnerabilities 09 JUN, largest single Patch Tuesday on record. Three publicly disclosed zero-days: YellowKey, GreenPlasma, MiniPlasma. [BleepingComputer, CrowdStrike] [HIGH CONFIDENCE]
- RoguePlanet (CVE unconfirmed at time of writing): race condition in Microsoft Defender exploited in the wild, achieves LPE to SYSTEM on fully-patched Windows. Public exploit code released. Patch deployment blocked on some endpoints due to separate Windows Update installation failure β verify patch status manually. [SecurityWeek, BleepingComputer, Rapid7] [HIGH CONFIDENCE]
- Ivanti Sentry (formerly MobileIron Sentry): two critical vulnerabilities disclosed 09 JUN, at least one rated max severity. Unauthenticated OS command injection β remote code execution as root. Ivanti has prior exploitation history; treat as actively targeted until confirmed otherwise. [Rapid7, BleepingComputer] [HIGH CONFIDENCE]
- ServiceNow: vulnerability known internally since 07 APR 2026 patched only after confirmed exploitation against customer instances. Unauthorized access to customer data confirmed. If your org uses ServiceNow SaaS, verify your instance is on current patch level and audit access logs from 07 APR forward. [SecurityWeek, The Hacker News, BleepingComputer] [HIGH CONFIDENCE]
- Arista EOS: actively exploited vulnerability, no patch planned. Vendor advises mitigations or device retirement. Relevant if your network stack includes Arista switching/routing. [SecurityWeek] [HIGH CONFIDENCE]
- SAP NetWeaver and Commerce Cloud: critical flaws patched 09-10 JUN. NetWeaver has been a high-value target for Chinese APT activity in prior cycles. [BleepingComputer] [MODERATE CONFIDENCE]
- OpenSSL: high-severity vulnerability patched in latest release; 18 total CVEs addressed, several AI-assisted discoveries. Update OpenSSL across all services and container base images. [SecurityWeek] [HIGH CONFIDENCE]
ICS/OT β DATA CENTER PHYSICAL SYSTEMS
- Claroty disclosed critical vulnerabilities in Vertiv UPS network management cards and Trane Tracer SC+ HVAC controllers. Exploitation path: network-accessible management interfaces β disruption of power delivery or cooling in data center environments. No patch timeline confirmed for all affected models. [SecurityWeek] [HIGH CONFIDENCE]
- Siemens, Schneider Electric, Phoenix Contact, Rockwell Automation all issued ICS patches this cycle. If your infrastructure touches any of these OT vendors (building management, power, industrial control), apply vendor advisories. [SecurityWeek] [HIGH CONFIDENCE]
SUPPLY CHAIN / DEPENDENCIES
- Six vulnerabilities (designated Proto6) in protobuf.js expose Node.js applications to RCE and DoS. If your services use protobuf.js for serialization, audit version and update immediately. [The Hacker News] [HIGH CONFIDENCE]
- OpenClaw AI agent confirmed susceptible to prompt-injection phishing attacks, resulting in exfiltration of user data. If AI agents are in your production stack with access to sensitive data or credentials, review isolation and data access controls. [BleepingComputer] [HIGH CONFIDENCE]
THREAT ACTOR / CAMPAIGN
- Unit 42 published research on adversary abuse of cloud logging services for defense evasion β attackers targeting CloudTrail, Azure Monitor, GCP Cloud Logging to suppress or delay detection. Review log pipeline integrity; ensure logs are written to immutable/out-of-band destinations. [Unit42] [HIGH CONFIDENCE]
- CrowdStrike 2026 Technology Threat Landscape Report: China-nexus actors identified as primary driver of attacks against US technology sector, with semiconductor, cloud infrastructure, and defense-adjacent targets prioritized. [CrowdStrike] [HIGH CONFIDENCE]
- NSO Group confirmed phishing WhatsApp users in violation of a standing court order. Indicates continued operational activity by commercial spyware vendor despite legal constraints. Relevant for personnel with high-value personal devices. [Schneier on Security] [MODERATE CONFIDENCE]
- Claude Mythos (predecessor to Fable 5): documented capability to compress N-day exploit development from days to hours. Anthropic’s Fable 5 release includes cybersecurity guardrails; Mythos-class models without guardrails remain accessible and are being used for rapid weaponization of disclosed CVEs. Patch gap window is now measured in hours, not days. [SecurityWeek] [HIGH CONFIDENCE]
CISA KEV ADDITIONS
- CISA added three new entries to the Known Exploited Vulnerabilities catalog 09-10 JUN. FCEB agencies have mandatory remediation deadlines. Private sector: treat KEV additions as confirmed active exploitation. [CISA] [HIGH CONFIDENCE]
MILITARY / GEOPOLITICAL
- US Space Force senior leadership conducted two-day command strategy and warfighting readiness alignment event. DAF presented FY2027 budget request to Senate subcommittee, described as historically large. Space domain investment acceleration continues. [US Space Force] [HIGH CONFIDENCE]
- Lebanon: ongoing analysis of Lebanese Armed Forces capacity-building and Israeli-Hizballah disarmament negotiations. No acute escalation signal in last 24h. [War on the Rocks] [LOW CONFIDENCE β analytical piece, not operational reporting]
- Europol: seven members of an IS financing network convicted following Belgian-led counter-terrorism investigation. Network operated internationally. [Europol] [HIGH CONFIDENCE]
- UK updated Money Laundering and Terrorist Financing regulations effective this cycle. [UK Legislation] [HIGH CONFIDENCE]
- GPS numbers station disclosure: researcher Steven Murdoch’s analysis indicates US military has embedded encrypted broadcast codes within public GPS signals for ~20 years, effectively using the constellation as a covert global numbers station network. Operational security implication: GPS signal integrity and authenticity assumptions in critical infrastructure timing systems warrant review. [Schneier on Security] [MODERATE CONFIDENCE β academic/researcher claim, not officially confirmed]
PHYSICAL / LOCAL (LOS ANGELES / SOCAL)
NOSIG. No significant physical security events in Southern California in the last 24 hours from available feeds.
NUCLEAR / WMD
- North Korea: Arms Control Association reporting indicates quiet but sustained expansion of nuclear program. No test activity detected. Enrichment and delivery system development assessed as ongoing. [Arms Control Association] [MODERATE CONFIDENCE]
- Iran nuclear diplomacy: “They Went to Jared” β Arms Control Association item references Jared Kushner-linked diplomatic engagement on Iran nuclear file. No treaty or agreement change reported. [Arms Control Association] [LOW CONFIDENCE β details sparse]
ASSESSMENT
KEY JUDGMENTS
The convergence of a record 206-CVE Patch Tuesday, an in-the-wild Defender LPE zero-day with public exploit code, a max-severity unauthenticated Ivanti Sentry RCE, and confirmed ServiceNow exploitation makes 10 JUN 2026 a high-tempo patching day with no grace period β the documented capability of Mythos-class LLMs to weaponize N-days within hours means exposure windows that previously allowed days of triage now close in the same business day. The Vertiv/Trane data center infrastructure vulnerabilities represent a distinct and underappreciated physical-layer risk: network-reachable HVAC and UPS management interfaces in colocation or on-premises environments are a viable path to service disruption without touching a single application server. Unit 42’s cloud logging abuse research should be treated as an active TTPs advisory, not theoretical β if an adversary is already in your environment, your first indication may be the absence of logs rather than their content.
Classification: UNCLASSIFIED // FOR INTERNAL USE Next update: 11 JUN 2026 0600Z