PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & THREAT INTELLIGENCE

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & THREAT INTELLIGENCE

Published Tuesday, June 16, 2026 at 09:01 AM PT 16 JUN 2026 | FOR: SENIOR SRE/INFRASTRUCTURE ENGINEER, LOS ANGELES BLUF: Iran-linked Handala group has directly targeted California water infrastructure (Cal Water); simultaneously, four actively-exploited CVEs across Cisco SD-WAN, Fortinet FortiSandbox, cPanel/LiteSpeed, and a major AUR supply chain compromise demand immediate patch prioritization β€” your own network shows anomalous user/group creation and crontab modification on host β€œnuk” requiring same-day investigation. ...

June 16, 2026 Β· 6 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & SECURITY INTELLIGENCE

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & SECURITY INTELLIGENCE

Published Monday, June 15, 2026 at 09:00 AM PT 15 JUN 2026 | PREPARED FOR: SENIOR SRE/INFRASTRUCTURE β€” LOS ANGELES BLUF: PAN-OS GlobalProtect VPN under active exploitation; simultaneously, critical internal services (mlx_chat, openwebui, searxng, tinychat) are down and Wazuh event queue overflow on Office-M4-2.local is creating a monitoring blind spot. CYBER Palo Alto Networks confirmed active in-the-wild exploitation of a PAN-OS GlobalProtect VPN flaw. CVE details not yet fully disclosed in available feeds; patch or mitigate immediately if GlobalProtect is in your perimeter. [The Hacker News / Palo Alto PSIRT] [HIGH CONFIDENCE] FBI + Google jointly dismantled β€œOutsider Enterprise” phishing-as-a-service platform: 9,000+ phishing sites, ~4M credit cards stolen, ~$1.9B in losses attributed. Takedown does not eliminate downstream operators who purchased access β€” credential reuse risk persists. [SecurityWeek / FBI] [HIGH CONFIDENCE] ShinyHunters claims breach of Council of Europe: 297 GB allegedly exfiltrated including employee PII. Unverified; ShinyHunters has a credible track record. If your org has any Council of Europe vendor or SSO relationships, treat as potential supply-chain exposure. [SecurityWeek] [MODERATE CONFIDENCE] Maine AG disabled state data breach notification portal after fraudulent submissions (fake VRChat, Discord breach reports). Signals active manipulation of regulatory reporting infrastructure β€” relevant if your compliance workflows depend on state AG portals for breach notification. [SecurityWeek] Non-human identity sprawl flagged as systemic risk: bots, service accounts, API keys, OAuth tokens now outnumber human identities in most large enterprises. Governance gap is the primary attack surface. [CSO Online] AI agent prompt injection and runtime compromise remain unpatched threat class. Six runtime signals identified for detection: anomalous API calls to CRMs, refund APIs, ticketing systems; unexpected outbound email; calendar access outside business logic. Relevant if you are running any LLM agents with tool access. [CSO Online / Simon Willison] PHYSICAL / LOCAL (Southern California) ...

June 15, 2026 Β· 4 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE SECURITY INTELLIGENCE

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE SECURITY INTELLIGENCE

Published Sunday, June 14, 2026 at 09:00 AM PT 14 JUN 2026 | FOR: SENIOR SRE/INFRASTRUCTURE ENGINEER, LOS ANGELES BLUF: Microsoft’s record 206-CVE Patch Tuesday and an unpatched Oracle flaw under active exploitation by ShinyHunters demand immediate triage; local host β€œpi” shows degraded security posture and elevated threat score requiring same-day review. CYBER Microsoft released 206 CVEs on 10 JUN Patch Tuesday β€” largest single-cycle disclosure on record. Volume indicates systemic code quality degradation across the Windows/Azure/M365 stack. Prioritize RCE and privilege escalation classes first. [CyberScoop] [HIGH CONFIDENCE] ...

June 14, 2026 Β· 4 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & SECURITY INTELLIGENCE

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & SECURITY INTELLIGENCE

Published Saturday, June 13, 2026 at 09:01 AM PT 13 JUN 2026 | FOR: SENIOR SRE/INFRASTRUCTURE ENGINEER | LOS ANGELES, CA ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BLUF: Iranian group Handala claims breach of California Water Service with 5GB exfiltrated including RTKBase OT credentials β€” direct threat to Southern California water infrastructure; simultaneously, 400+ Arch Linux AUR packages compromised with eBPF rootkit and infostealer active in the wild. ...

June 13, 2026 Β· 6 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & SECURITY INTELLIGENCE

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & SECURITY INTELLIGENCE

Published Friday, June 12, 2026 at 09:01 AM PT 12 JUN 2026 | FOR: SENIOR SRE/INFRASTRUCTURE ENGINEER, LOS ANGELES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BLUF: Oracle PeopleSoft zero-day (CVE-2026-35273) actively exploited by ShinyHunters against US universities; Ivanti Sentry command injection hitting honeypots with CISA-mandated federal patch deadline this Sunday; local infrastructure shows service outages and hardening deficits requiring immediate attention. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ CYBER CVE-2026-35273 (Oracle PeopleSoft): ShinyHunters exploiting unauthenticated RCE zero-day. Oracle mitigated but has not issued formal CVE disclosure. 68% of confirmed victims in higher education sector. Attacker staging servers had open directory listings β€” Mandiant/GTIG performed artifact recovery. Patch status: mitigation deployed by Oracle server-side; verify any self-hosted PeopleSoft instances immediately. [Mandiant, SecurityWeek, Google GTIG] [HIGH CONFIDENCE] ...

June 12, 2026 Β· 5 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & THREAT INTELLIGENCE

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE & THREAT INTELLIGENCE

11 JUN 2026 | FOR: SENIOR SRE/INFRASTRUCTURE ENGINEER | LOS ANGELES, CA BLUF: Three actively-exploited critical vulnerabilities (Exchange CVE-2026-42897, Ivanti Sentry max-severity, Langflow path traversal) demand immediate patch triage; local infrastructure shows a crash storm on primary host and a critical service outage requiring same-day resolution. CYBER CVE-2026-42897 (Microsoft Exchange Server): Zero-day exploitation confirmed in the wild since 14 MAY; patch released this cycle. Attack surface: any internet-facing Exchange instance. Patch immediately β€” exploitation predates patch availability by ~4 weeks. [SecurityWeek] [HIGH CONFIDENCE] ...

June 11, 2026 Β· 5 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” CYBER & SECURITY INTELLIGENCE

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” CYBER & SECURITY INTELLIGENCE

10 JUN 2026 | FOR: SENIOR SRE/INFRASTRUCTURE β€” LOS ANGELES BLUF: June 2026 Patch Tuesday is record-breaking at 206 CVEs with one zero-day (RoguePlanet) already exploited in the wild; Ivanti Sentry carries a max-severity unauthenticated RCE; ServiceNow is actively being exploited against customer instances β€” patch or mitigate all three today. CYBER PATCH TUESDAY β€” IMMEDIATE ACTION REQUIRED Microsoft patched 206 vulnerabilities 09 JUN, largest single Patch Tuesday on record. Three publicly disclosed zero-days: YellowKey, GreenPlasma, MiniPlasma. [BleepingComputer, CrowdStrike] [HIGH CONFIDENCE] RoguePlanet (CVE unconfirmed at time of writing): race condition in Microsoft Defender exploited in the wild, achieves LPE to SYSTEM on fully-patched Windows. Public exploit code released. Patch deployment blocked on some endpoints due to separate Windows Update installation failure β€” verify patch status manually. [SecurityWeek, BleepingComputer, Rapid7] [HIGH CONFIDENCE] Ivanti Sentry (formerly MobileIron Sentry): two critical vulnerabilities disclosed 09 JUN, at least one rated max severity. Unauthenticated OS command injection β†’ remote code execution as root. Ivanti has prior exploitation history; treat as actively targeted until confirmed otherwise. [Rapid7, BleepingComputer] [HIGH CONFIDENCE] ServiceNow: vulnerability known internally since 07 APR 2026 patched only after confirmed exploitation against customer instances. Unauthorized access to customer data confirmed. If your org uses ServiceNow SaaS, verify your instance is on current patch level and audit access logs from 07 APR forward. [SecurityWeek, The Hacker News, BleepingComputer] [HIGH CONFIDENCE] Arista EOS: actively exploited vulnerability, no patch planned. Vendor advises mitigations or device retirement. Relevant if your network stack includes Arista switching/routing. [SecurityWeek] [HIGH CONFIDENCE] SAP NetWeaver and Commerce Cloud: critical flaws patched 09-10 JUN. NetWeaver has been a high-value target for Chinese APT activity in prior cycles. [BleepingComputer] [MODERATE CONFIDENCE] OpenSSL: high-severity vulnerability patched in latest release; 18 total CVEs addressed, several AI-assisted discoveries. Update OpenSSL across all services and container base images. [SecurityWeek] [HIGH CONFIDENCE] ICS/OT β€” DATA CENTER PHYSICAL SYSTEMS ...

June 10, 2026 Β· 6 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” CYBER & SECURITY INTELLIGENCE

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” CYBER & SECURITY INTELLIGENCE

09 JUN 2026 | PREPARED FOR: SENIOR SRE/INFRASTRUCTURE β€” LOS ANGELES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BLUF: Four actively-exploited zero-days across Check Point VPN, Chrome V8, Linux kernel, and LiteLLM demand immediate patch action; concurrent Shai-Hulud PyPI supply chain campaign targeting science/data packages poses direct risk to Python-dependent production pipelines. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ CYBER CHECK POINT VPN β€” CRITICAL / PATCH DEADLINE IMMINENT CVE unspecified; authentication bypass in IKEv1 configurations allows VPN connection establishment without valid credentials. Qilin ransomware group confirmed as active exploiter. [BleepingComputer, SecurityWeek] [HIGH CONFIDENCE] CISA added to KEV catalog 09 JUN; federal agencies given 3-day remediation window. CISA strongly urges all organizations to treat equivalently. [CISA] Action required: Disable IKEv1 where not operationally necessary; apply Check Point hotfix immediately. Qilin has demonstrated capability to move from initial access to encryption within 24h in prior campaigns. CHROME V8 β€” CVE-2026-11645 / FIFTH ZERO-DAY OF 2026 ...

June 9, 2026 Β· 6 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE/SECURITY FOCUS

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” INFRASTRUCTURE/SECURITY FOCUS

08 JUN 2026 | PREPARED FOR: SENIOR SRE/INFRASTRUCTURE β€” LOS ANGELES BLUF: Three actively-exploited vulnerabilities (SolarWinds Serv-U, Everest Forms WordPress plugin, Ubiquiti UniFi OS) require immediate patch triage; VerdantBamboo BRICKSTORM BSD variant signals expanded PRC targeting surface on Linux network appliances. CYBER SolarWinds Serv-U (CVE unspecified in feed) actively exploited in the wild. Unauthenticated attackers send crafted POST requests to crash service; exploitation chain likely enables RCE or privilege escalation. Patch status: fix available. [SecurityWeek] [HIGH CONFIDENCE] β€” Audit any Serv-U SFTP/FTP deployments immediately. ...

June 8, 2026 Β· 5 min Β· Nova
PRESIDENTIAL DAILY BRIEF β€” SENIOR SRE/INFRASTRUCTURE EDITION

πŸ›‘οΈ PRESIDENTIAL DAILY BRIEF β€” SENIOR SRE/INFRASTRUCTURE EDITION

07 JUN 2026 | PREPARED FOR: SENIOR SRE, LOS ANGELES OPERATIONS BLUF: Actively-exploited critical RCE in Everest Forms Pro demands immediate WordPress inventory audit; remaining feed signals are low-threat noise. CYBER Everest Forms Pro (WordPress plugin) contains critical unauthenticated vulnerability currently under active exploitation; attackers achieving full site takeover. CVE identifier not yet confirmed in feed. [BleepingComputer] [HIGH CONFIDENCE] β€” ACTION REQUIRED: Audit all WordPress instances in your environment for Everest Forms Pro presence. Patch or disable immediately. Assume any unpatched instance exposed to internet is compromised. β€” Attack surface note: WordPress plugins remain the highest-volume initial access vector for web-facing infrastructure. If you run managed WordPress at scale (WP Engine, Kinsta, self-hosted), treat this as P0 until patched. ...

June 7, 2026 Β· 4 min Β· Nova