Critical Security Patches Released
for Microsoft Products

Microsoft has released security updates addressing multiple vulnerabilities across its products. The most critical vulnerabilities could allow an attacker to execute arbitrary code remotely on an affected system.

If successfully exploited, an attacker could gain the same privileges as the currently logged-in user. Depending on the user's permission level, an attacker may be able to:

• Install programs
• View, modify, or delete data
• Create new accounts with full user privileges

Systems where users operate with administrative privileges are at greater risk than those following least-privilege access practices.

Affected Systems

A wide range of Microsoft products are impacted, including but not limited to:

• Microsoft Windows
• Microsoft Office
• Microsoft Edge
  

Risk Level

• Large and medium business entities: High
• Small business entities: Medium

Recommended Actions

• Apply the latest Microsoft security updates to all affected products and systems.
• Implement the Principle of Least Privilege by restricting administrative access to only those users who require it.
• Review user account permissions and remove unnecessary elevated privileges where possible.

References

• Microsoft Security Response Center (MSRC): https://msrc.microsoft.com/update-guide/en-us
• June 2026 Security Updates: https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun
  

Multiple Vulnerabilities in Google Chrome
Could Allow Arbitrary Code Execution

Multiple vulnerabilities have been identified in Google Chrome, including a critical vulnerability that could allow an attacker to execute arbitrary code on an affected system.

Successful exploitation could enable an attacker to run malicious code with the same privileges as the currently logged-in user. Depending on the user's level of access, an attacker may be able to:

• Install programs
• View, modify, or delete data
• Create new user accounts with full privileges

Systems where users operate with administrative privileges are at greater risk than those that follow least-privilege access practices.

Google has confirmed that an exploit for CVE-2026-5281 is being actively used in the wild.

Affected Systems

• Google Chrome versions prior to 149.0.7827.102/.103 for Windows and macOS
• Google Chrome versions prior to 149.0.7827.102 for Linux

Risk Level

• Large and medium business entities: High
• Small business entities: Medium

Recommended Actions

• Update Google Chrome to the latest available version on all affected systems.
• Implement the Principle of Least Privilege by restricting administrative rights to only those users who require them.
• Review user permissions and remove unnecessary elevated privileges where possible.

Reference

• Google Chrome Stable Channel Update: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html

Vulnerability in Cisco Products Could Allow
Server-Side Request Forgery

A vulnerability has been identified in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco's software-based call control and session management platform for enterprise communications.

Successful exploitation of this vulnerability could allow an attacker to perform a Server-Side Request Forgery (SSRF) attack. An attacker may be able to write files to the underlying operating system, which could later be leveraged to gain root-level privileges.

Depending on where files can be written, an attacker may also be able to:

• Execute arbitrary commands on the affected system
• Gain unauthorized remote access to the device
• Further compromise the affected environment
  

Affected Systems

• Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) Release 14 prior to 14SU4
• Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) Release 15 prior to 15SU5 (September 2026) or the applicable Cisco COP file

Risk Level

• Large and medium business entities: Medium
• Small business entities: Medium

Recommended Actions

• Update all affected Cisco Unified Communications Manager systems to the latest supported version.
• Apply the appropriate Cisco COP file if an upgrade is not immediately possible.
• Implement the Principle of Least Privilege by restricting elevated privileges to only authorized users.
• Review system access controls and monitor for unauthorized file creation or modification.

Reference

• Cisco Security Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW

Multiple Vulnerabilities in Adobe Products
Could Allow Arbitrary Code Execution

Multiple vulnerabilities have been identified in Adobe products. The most severe vulnerabilities could allow an attacker to execute arbitrary code on an affected system.

Successful exploitation could allow malicious code to run with the same privileges as the currently logged-in user. Systems where users have administrative privileges may be at greater risk.

Affected Systems

The following Adobe products and versions are affected:

• Adobe Experience Manager (AEM) 6.5 LTS SP1 and earlier
• Adobe Experience Manager (AEM) SP24 and earlier
• AEM Cloud Service (CS) 6.5 LTS SP1 and earlier
• AEM Cloud Service (CS) SP24 and earlier
• Adobe InDesign ID21.3 and earlier
• Adobe InDesign ID20.5.3 and earlier
• Adobe InCopy 21.3 and earlier
• Adobe InCopy 20.5.3 and earlier
• Adobe Substance 3D Sampler 6.0.0 and earlier
• Content Credentials JS SDK c2pa-web@0.7.1 and earlier
• Content Credentials Rust SDK c2pa-v0.80.1 and earlier
• Adobe Dreamweaver 21.7 and earlier
• Adobe Acrobat 26.001.21651 and earlier
• Acrobat Reader 26.001.21651 and earlier
• Acrobat 2024 24.001.30365 and earlier
• ColdFusion 2025 Update 8 and earlier
• ColdFusion 2023 Update 19 and earlier
• Adobe Format Plugins 1.1.2 and earlier
• Adobe Campaign Classic ACC v7: 7.4.3 build 9394 and earlier

Risk Level

• Large and medium business entities: High
• Small business entities: Medium

Recommended Actions

• Update all affected Adobe products to the latest available versions.
• Implement the Principle of Least Privilege by limiting administrative access to only users who require it.
• Review user permissions and remove unnecessary elevated privileges where possible.

References

• Adobe Security Bulletins and Advisories: https://helpx.adobe.com/security/Home.html
• Adobe Experience Manager: https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html
• Adobe Experience Manager Forms: https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html
• Adobe InDesign: https://helpx.adobe.com/security/products/indesign/apsb26-58.html
• Adobe InCopy: https://helpx.adobe.com/security/products/incopy/apsb26-59.html
• Adobe Substance 3D Sampler: https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html
• Adobe Content Authenticity SDK: https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html
• Adobe Dreamweaver: https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html
• Adobe Acrobat and Reader: https://helpx.adobe.com/security/products/acrobat/apsb26-63.html
• Adobe ColdFusion: https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html
• Adobe Format Plugins: https://helpx.adobe.com/security/products/formatplugins/apsb26-65.html
• Adobe Campaign Classic: https://helpx.adobe.com/security/products/campaign/apsb26-66.html

Anthropic Reportedly Assisting NSA with Deployment
of Mythos AI Model

According to a report from the Financial Times, Anthropic is working with the U.S. National Security Agency (NSA) to deploy its Mythos artificial intelligence model for cybersecurity applications, including potential offensive cyber operations.

Sources familiar with the matter stated that Anthropic has assigned approximately six "forward-deployed engineers" to support the NSA. These engineers are reportedly helping customize the Mythos model for specific operational use cases, although their direct involvement in active operations remains unclear.

One source indicated that Mythos could be used to assist in cyber operations targeting adversarial networks and systems.

Earlier this week, Anthropic announced plans to expand access to Mythos from a limited group of U.S. government and industry partners to 150 organizations across 15 countries. The company is now making the platform available to critical infrastructure operators in sectors including:

• Energy and power
• Water utilities
• Healthcare
• Communications
• Hardware manufacturing

Anthropic stated that the organizations selected for access share a common characteristic: a successful cyberattack against their systems could have significant consequences. The company noted that, for many partners, a major compromise could impact more than 100 million people and carry serious national and global security implications.

Key Takeaways

• Anthropic is reportedly supporting the NSA's deployment of the Mythos AI model.
• The model may be used for advanced cybersecurity and cyber operations.
• Anthropic has expanded Mythos availability to critical infrastructure organizations worldwide.
• The initiative reflects growing adoption of AI technologies in both defensive and offensive cybersecurity applications.