Podcasts
CyberWire Daily
Ep 2570
The CyberWire Daily Podcast 6.10.26
Ep 2570 | 6.10.26

The patch pile reaches new heights.

Show Notes
Transcript

Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose millions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champions. Our guest is Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. Relentless robocalls retreat.

Today is Wednesday June 10th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Patch Tuesday. 

Microsoft’s June 2026 Patch Tuesday is the largest in the program’s history, addressing 206 vulnerabilities across Microsoft products. The release includes 32 critical flaws and three publicly disclosed zero-days, although Microsoft reports that none have been actively exploited. The milestone surpasses all previous Patch Tuesday updates since the program began in 2003 following the disruption caused by the Blaster worm.

Among the most notable vulnerabilities is CVE-2026-50507, a flaw in Windows BitLocker that could allow an attacker with physical access to bypass disk encryption and access protected data. Another, CVE-2026-49160, affects HTTP.sys and could enable remote denial-of-service attacks using the HTTP/2 Bomb technique. The third, CVE-2026-45586, is an elevation-of-privilege flaw in the Windows Collaborative Translation Framework that could grant attackers SYSTEM-level access.

Adobe also released updates fixing 123 vulnerabilities across 11 products, including critical flaws in Adobe Campaign Classic and ColdFusion that could allow arbitrary code execution. Meanwhile, industrial control system vendors Siemens, Schneider Electric, and Phoenix Contact issued advisories addressing security weaknesses in various operational technology products. Overall, the June updates highlight the continued need for organizations to promptly apply security patches to reduce exposure to emerging threats.

Nightmare Eclipse drops another Windows zero-day. 

Security researcher Nightmare Eclipse has released RoguePlanet, a new Windows zero-day proof-of-concept exploit that targets a race condition in Microsoft Defender to achieve local privilege escalation. The exploit has been validated on fully patched Windows 10 and 11 systems, allowing SYSTEM-level access, though it does not currently work on Windows Server. RoguePlanet follows several recent disclosures by the researcher, including flaws patched during June’s Patch Tuesday. The release continues a public dispute between Nightmare Eclipse and Microsoft over vulnerability disclosure practices and alleged legal actions.

Proposed legislation looks to secure critical infrastructure. 

Sen. Mark Warner, vice chairman of the Senate Intelligence Committee, is introducing the Combat Emerging Threats to Critical Infrastructure Act to strengthen cybersecurity planning across the nation’s 16 critical infrastructure sectors. The bill would require the Cybersecurity and Infrastructure Security Agency (CISA) and federal sector risk management agencies to update sector-specific security plans within one year and review them every two years thereafter.

Warner said the legislation is needed to keep pace with rapidly evolving AI-driven cyber threats. The updated plans would address risks such as AI-enabled hacking, deepfakes, and, for the financial sector, potential future quantum computing threats to encryption.

The proposal follows concerns that some sector cybersecurity plans have not been updated in over a decade despite federal guidance calling for biennial reviews. Backed by the National Electrical Manufacturers Association, the measure aims to improve resilience across sectors including energy, communications, transportation, and defense. It also aligns with broader federal efforts to prioritize the most urgent cyber risks facing government networks.

AI governance misses mobile devices. 

A new survey from Lookout and ZK Research highlights a growing “mobile AI blind spot” in enterprise security. While 93% of security executives express confidence in their AI governance programs, the report found that mobile devices increasingly bypass traditional security controls. According to the study, 52% of generative AI usage now occurs on mobile endpoints, while 59% of mobile AI traffic remains invisible to conventional network monitoring tools. The report also found limited visibility into AI agents and embedded AI software components, contributing to data leak investigations at 63% of surveyed organizations. Researchers argue that legacy, desktop-focused security approaches are struggling to address mobile-native AI risks and compliance requirements.

An OpenClaw agent struggles against social engineering. 

Varonis Threat Labs tested whether AI email agents are vulnerable to phishing by evaluating an OpenClaw agent named Pinchy in four simulated attack scenarios. The results showed that while the agent could identify some technical phishing indicators, it struggled with social-engineering attacks. In two tests, Pinchy failed to verify sender identities and shared sensitive information, including AWS credentials and customer data, with external accounts despite explicit security instructions. The agent performed better against traditional phishing websites and a malicious OAuth application, identifying suspicious infrastructure and blocking some attacks. Researchers concluded that AI agents may be stronger than humans at detecting technical phishing cues but remain vulnerable to context-based deception. The findings suggest that identity verification, rather than phishing detection alone, will be critical as organizations increasingly deploy AI agents to manage email and business workflows.

Researchers discover vulnerabilities in AI-powered browser extensions. 

Rebora Security Research disclosed two critical vulnerabilities, dubbed MaXSS and Spyder, affecting the AI-powered browser extensions SiderAI and MaxAI, which are installed on more than 10 million devices. The flaws stem from insecure communication between web pages and extension content scripts, allowing malicious websites to abuse extension privileges. Researchers demonstrated attacks that could access sensitive browser sessions, capture screenshots, steal data, manipulate accounts, and potentially access files on the underlying operating system. In testing, attackers could interact with services such as Gmail, Google Calendar, ChatGPT, Claude, and Gemini without user awareness. Rebora said attempts to contact the vendors received no response, prompting public disclosure and notification to Google. The findings highlight the growing security risks posed by AI-driven browser extensions with broad permissions and deep access to user activity.

Spammers exploit Google Cloud Storage links. 

Researchers at ​​Comparitech uncovered a large-scale phishing and spam infrastructure consisting of 12,704 internet-facing servers spread across 55 countries and 412 hosting providers. The operation uses Google Cloud Storage links as an initial redirect layer, helping phishing emails appear more trustworthy while obscuring their final destinations. Visitors are often routed to benign-looking landing pages containing scraped New York Times content, likely to evade detection and serve different content to selected targets.

The infrastructure appears highly coordinated, with nearly all servers running a small set of outdated Apache configurations and sharing identical assets and behavior. Researchers found that 89% of the servers had no prior abuse history, suggesting rapid provisioning and rotation to avoid reputation-based defenses. The network supports phishing campaigns involving fake rewards, financial scams, health products, and payment requests, highlighting a resilient and difficult-to-disrupt spam ecosystem engineered for scale, evasion, and persistence.

CISA announces the winners of the President’s Cup cybersecurity competition. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced the winners of the seventh annual President’s Cup cybersecurity competition, which drew more than 800 participants and 200 teams from across the federal government and military. The event challenges competitors with realistic cyber defense, offensive operations, and team-based scenarios. This year’s champions were “sheriffsparks” of the U.S. Navy in the Defensive Track, “bdubya” of the U.S. Army in the Offensive Track, and team “ENOENTHUSIASM,” representing the U.S. Army and Marine Corps, in the Team Championship. CISA said the competition helps identify and develop top federal cybersecurity talent.

 

Relentless robocalls retreat. 

America’s robocallers appear to be taking a rare step backward, though not quite packing up and going home. According to YouMail, U.S. consumers received just over 4.1 billion robocalls in May 2026, down 2.1% from April and nearly 15% from a year ago. That marks the lowest rolling 12-month total since late 2022.

The decline comes with a twist. While telemarketing and scam calls dropped 24%, notification calls surged 48%, partly because legitimate callers have adopted tactics once favored by spammers, including “snowshoeing,” which spreads calls across thousands of phone numbers. Insurance-related robocalls remained especially persistent, with one health-plan campaign generating more than 30 million calls from over 3,000 numbers. So while consumers may be hearing fewer robocalls overall, the phone is still ringing often enough to remind everyone that silence remains a premium feature.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.
ADVERTISEMENT
Sponsored by Coro
Sponsored by Coro

Coro is a unified cybersecurity platform built for lean IT teams, consolidating endpoint, email, cloud, network, and data protection into one AI-powered dashboard that auto-resolves over 92% of threats without a dedicated security team. Learn more.