![Cybersecurity News | Daily Recap [04 Jun 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [04 Jun 2026]")
Daily Recap, CISA and vendors warned of active exploitation and available proof-of-concept code tied to multiple high-risk issues, including Magento, Cisco Unified CM, and VS Code token theft, plus Android/Linux bugs, while a new HTTP/2 Bomb DoS technique can crash servers in under a minute. The day also covered rapid China-linked criminal activity using Atlas RAT, malspam abusing Google DoubleClick to deliver DesckVB RAT, Gemini prompt-injection risk via WhatsApp/Slack notifications, and further enforcement and policy updates involving Nobitex, fuel-tank monitoring targeting warnings, and CISA staffing planning.
#CISA #Magento #CiscoUnifiedCM #Vscode #GoogleDoubleClick #AtlasRAT #DesckVBRAT #WhatsApp #Slack #GoogleGemini #HTTP2Bomb #Nobitex
#CISA #Magento #CiscoUnifiedCM #Vscode #GoogleDoubleClick #AtlasRAT #DesckVBRAT #WhatsApp #Slack #GoogleGemini #HTTP2Bomb #Nobitex
Exploited Flaws
- Magento, Cisco Unified CM, VS Code, and Android/Linux flaws are drawing urgent attention as CISA and vendors warn of active exploitation, available PoC code, and token-theft risk. – Magento RCE, Unified CM flaw, VS Code token theft, Android/Linux bugs, KEV addition
- HTTP/2 servers can be crashed in under a minute by a new HTTP/2 Bomb DoS technique, highlighting fast-moving web infrastructure risks. – HTTP/2 Bomb
Malware & Campaigns
- A Chinese cybercrime group is accelerating campaigns at a record pace, while other China-linked activity in Europe includes use of the new Atlas RAT malware. – Campaign pace, Atlas RAT
- A malspam campaign is abusing Google DoubleClick to deliver the DesckVB RAT, showing attackers are leveraging trusted ad infrastructure to spread malware. – DesckVB RAT
Platform & Cloud Security
- Security researchers say WhatsApp and Slack notifications could hijack Google Gemini on Android, exposing a new prompt-injection style attack path. – Gemini hijack
- New research on the AI security shift and agentic pentesting highlights how defenders and attackers are racing to adapt to an AI-powered security landscape. – AI security race
Law Enforcement & Policy
- European authorities dismantled a fake-ID marketplace used by migrant smugglers and cracked down on illegal streaming networks in a broader anti-crime push. – Fake ID market, Streaming crackdown
- A cybercrime crackdown disrupted more than 1.4 million accounts, while the U.S. sanctioned Nobitex, a crypto exchange tied to ransomware activity. – 1.4M accounts, Nobitex sanctions
- CISA is preparing an AI executive-order directive and separately warning about attacks on fuel-tank monitoring systems, underscoring rising focus on critical infrastructure and government readiness. – AI directive, Fuel systems
- DHS leadership is also reviewing optimal CISA staffing levels amid ongoing pressure on U.S. cyber defense operations. – CISA staffing
Vendor & Operational Issues
- Microsoft says unexpected Windows driver updates were caused by a caching issue, a reminder that even routine platform maintenance can trigger confusing system behavior. – Windows updates
- Research on identity visibility and intelligence platforms argues that reducing the IAM attack surface starts with better visibility into identities and access paths. – IAM visibility
- A bank case study shows how 345 days of untested exposure can accumulate risk, reinforcing the cost of delayed validation and remediation. – Bank exposure