⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More Vulnerability

Check the list, patch what you have, and hit the ones marked urgent first - CVE-2026-11645 (Google Chrome), CVE-2026-50751 (Check Point Remote Access VPN and Mobile Access), CVE-2026-35273 (Oracle PeopleSoft), CVE-2026-5027 (Langflow), CVE-2026-44963 (Veeam Backup & Replication), CVE-2026-23111 (Linux kernel), CVE-2026-45447 (OpenSSL), CVE-2026-44748, CVE-2026-27671 (SAP NetWeaver AS ABAP and ABAP Platform), CVE-2026-22732 (SAP Commerce Cloud and SAP Data Hub), CVE-2026-40128 (SAP NetWeaver Application Server Java Web Container), CVE-2026-10520 (Ivanti Sentry), CVE-2026-28252, CVE-2026-28253, CVE-2026-28254, CVE-2026-28255, CVE-2026-28256 (Trane Tracer SC+ HVAC controller), CVE-2025-46412, CVE-2025-41426 (Vertiv Liebert IS-UNITY-DP network cards), CVE-2026-0274 (Palo Alto Networks Cortex XSOAR and Cortex XSIAM), CVE-2026-20253 (Splunk Enterprise), CVE-2026-9648 (Haskell TLS software stack), from CVE-2026-12007 through CVE-2026-12011 (Google Chrome), CVE-2026-45034 (PhpSpreadsheet), PTT-2026-004, PTT-2026-005, an authentication bypass vulnerability (phpBB), and a maximum-severity code injection vulnerability in Wazuh (no CVE). The issue is tracked as CVE-2026-11645, CVE-2026-2441, CVE-2026-3909. - Critical Check Point VPN Flaw Exploited in Limited Attacks - Check Point warned of active exploitation of a critical vulnerability CVE-2026-50751 (CVSS score: 9.3) impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.

The Vulnerability

🎥 June 16th, 2026 at 1pm CT Register Now ➝🔔 Top News - ShinyHunters Gang Exploits Oracle PeopleSoft Zero-Day - The ShinyHunters (aka UNC6240) extortion crew exploited an unpatched flaw in Oracle PeopleSoft (CVE-2026-35273, CVSS score: 9.8) to break into enterprise networks.

Further details indicate that google acknowledged that an “exploit for CVE-2026-11645 exists in the wild,” but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation.

The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine.

• UniFi OS Flaws Exploited - The UniFi OS Server remote code execution chain, comprising CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, is now being actively exploited, according to Defused Cyber, following a report from Bishop Fox about how the three flaws could be combined to achieve unauthenticated code execution as root.

“exploit for CVE-2026-11645 exists in the wild,”, Spokesperson

Technical Details

CVEs:

• CVE-2026-11645

• CVE-2026-2441

• CVE-2026-3909

• CVE-2026-3910

• CVE-2026-5281

From a technical standpoint, the vulnerability presents several concerns:

Microsoft, which is tracking the cluster under the moniker Storm-2697, said the operation “initially started as a closed ransomware group then began offering its RaaS to affiliates in September 2025.” 🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast.

The activity has been attributed to any known threat group, but it’s “likely aligned with regional intelligence collection interests in Southeast Asia.” - How Attackers Could Exploit Cloud Logging Services - Palo Alto Networks Unit 42 has warned that threat actors could exploit cloud logging services, which are crucial for security monitoring, to “create weak spots, evade detection, and in certain scenarios, establish continuous visibility within a target’s environment.” Attackers could tamper with resources within the cloud logging service (e.g., disabling, altering, or deleting logs, or even impairing logging) to hide their presence or attempt to route logs to their own accounts, establishing continuous visibility over the victim’s environment, performing continuous discovery, and passively monitoring all activity.

In return, the operator collects deposits from vendors who want to advertise under its brand, fees on transactions, and revenue from paid promotional slots.” The model, which has its roots in legitimate Chinese consumer-internet trust architecture launched by Alipay in 2003, facilitates the sale of money laundering services, stolen data, fraud kits, fake identity documents, recruitment for scam compounds, retail fraud, deepfake services, and the physical infrastructure that drives human trafficking and forced-labour compounds.

“Technical analysis uncovered capabilities including cryptocurrency wallet interception, private key and mnemonic phrase theft, SSH credential harvesting, environment variable collection, sensitive file discovery, remote activation mechanisms, blockchain-based infrastructure retrieval, and multi-stage malware deployment,” CYFIRMA said.

Risk & Exposure

A deprecated feature was still running in prod. Google acknowledged that an “exploit for CVE-2026-11645 exists in the wild,” but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation. Following a successful compromise, the attackers have been observed conducting targeted internal reconnaissance using MeshCentral, lateral movement, and data exfiltration.

Timeline

| Date | Event | |, , |, , -| | 2026 | Google acknowledged that an “exploit for CVE-2026-11645 exists in the wild,” but stopped short of sharing additional … | | 2026 | 🎥 June 16th, 2026 at 1pm CT Register Now ➝🔔 Top News - ShinyHunters Gang Exploits Oracle PeopleSoft Zero-Day - The Sh… | | June 15, 2026 | Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KE… | | 2026 | - Critical Check Point VPN Flaw Exploited in Limited Attacks - Check Point warned of active exploitation of a critica… | | 2024 | In 2024, more than 65% of newly reported macOS malware was classified as infostealers. | | 2026 | - UniFi OS Flaws Exploited - The UniFi OS Server remote code execution chain, comprising CVE-2026-34908, CVE-2026-349… |

Patching & Remediation

1. Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week.

2. ⚡ Threat of the Week Google Patches Actively Exploited Chrome 0-Day - Google released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.

3. Google acknowledged that an “exploit for CVE-2026-11645 exists in the wild,” but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation.

4. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving Federal Civilian Executive Branch (FCEB) agencies until June 15, 2026, to apply the fixes.

5. • MagicAd Displays Background Ads on Android Devices - A new Android trojan called MagicAd has been found to bypass operating system restrictions to display background ads.

This disclosure adds to a growing pattern of critical vulnerabilities affecting enterprise infrastructure.

Sources

1. https://nvd.nist.gov/vuln/detail/CVE-2026-11645
2. https://nvd.nist.gov/vuln/detail/CVE-2026-2441
3. https://nvd.nist.gov/vuln/detail/CVE-2026-3909
4. https://nvd.nist.gov/vuln/detail/CVE-2026-3910
5. https://nvd.nist.gov/vuln/detail/CVE-2026-5281
6. https://nvd.nist.gov/vuln/detail/CVE-2026-35273
7. https://www.oracle.com/security-alerts/cve-2026-11645.html
8. https://www.oracle.com/security-alerts/cve-2026-2441.html
9. https://www.oracle.com/security-alerts/cve-2026-3909.html
10. https://www.oracle.com/security-alerts/cve-2026-3910.html
11. https://www.oracle.com/security-alerts/cve-2026-5281.html
12. https://www.oracle.com/security-alerts/cve-2026-35273.html