![Cybersecurity News | Daily Recap [09 Jun 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [09 Jun 2026]")
Daily Recap, Google and SAP released urgent fixes for a fifth Chrome zero-day exploited in the wild, plus critical NetWeaver/Commerce vulnerabilities and a LiteLLM issue that could be chained to unauthenticated remote code execution. CISA also ordered U.S. federal agencies to patch an exploited Check Point VPN flaw within 3 days, while Shai-Hulud supply-chain attacks targeted NPM and PyPI and WhatsApp/Meta disrupted additional NSO Group phishing campaigns.
#Chrome #NetWeaver #Commerce #LiteLLM #CheckPoint #Qilin #IKEv1 #Shai-Hulud #NPM #PyPI #NFCShare #WhatsApp #Meta #NSOGroup #SoFi #HongKong #UniFiOS
#Chrome #NetWeaver #Commerce #LiteLLM #CheckPoint #Qilin #IKEv1 #Shai-Hulud #NPM #PyPI #NFCShare #WhatsApp #Meta #NSOGroup #SoFi #HongKong #UniFiOS
Critical Patches
- Google and SAP shipped urgent fixes for a fifth Chrome zero-day exploited in the wild, critical NetWeaver/Commerce bugs, and a LiteLLM flaw chained to unauthenticated RCE β Chrome Zero-Day, SAP Patches, LiteLLM Flaw
- CISA ordered U.S. federal agencies to patch a Check Point VPN zero-day within 3 days after exploitation in Qilin ransomware attacks that bypassed passwords in IKEv1 setups β CISA Orders, Qilin Attacks, VPN Bypass
- Gogs patched a critical zero-day enabling RCE, while a one-character Linux kernel flaw now has public exploits for local root access and UniFi OS has a bug that allows unauthenticated root compromise β Gogs Zero-Day, Linux Root Flaw, UniFi Root Bug
Supply Chain & Malware
- Shai-Hulud supply chain attacks infected over 100 NPM and PyPI packages, including 19 science-focused PyPI packages, with trojanized releases spreading malicious code β Shai-Hulud Attack, PyPI Trojanization
- NFCShare Android malware spread through fake banking app updates hosted on GitHub, using deceptive distribution to target mobile users β NFCShare Malware
Spyware & Messaging
- WhatsApp and Meta said they blocked new NSO Group phishing/spearfishing campaigns targeting users in violation of a court order, and Meta filed a contempt complaint against the spyware maker β WhatsApp Warns, WhatsApp Disrupts, Meta Blocks, Meta Complaint
- Franceβs government messaging service was breached in an account hijacking attack that compromised user access β French Service Breach
Data Breaches & Identity
- SoFi confirmed a third-party data breach affecting its Hong Kong subsidiary, highlighting ongoing supply-chain exposure in financial services β SoFi Breach
- Apple unveiled a feature that can automatically change compromised passwords, adding a new layer of account recovery and protection for users β Apple Passwords
Policy & Disinformation
- Armeniaβs pro-Europe party won election despite Russia-linked disinformation efforts, while the UK gave big tech 3 months to build device controls to block nude images of children β Armenia Vote, UK Device Controls
Security Industry
- A Security raised $37 million to expand its autonomous offensive security platform, as vendors continue pitching AI-driven security automation β A Security Funding, AI Protection Platform, Vibe Coding Risk, Wazuh Cloud