Critical Patches Issued for Microsoft Products
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow remote code execution within the context of the logged-in user. Depending on the privileges associated with that user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured with limited privileges may be less affected than those operating with administrative rights.
Affected Systems:
- Many popular Microsoft products including, but not limited to, Windows, Office, and .NET
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all Microsoft products have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple Vulnerabilities in Adobe Products
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow arbitrary code execution. Successful exploitation of these vulnerabilities could enable arbitrary code execution within the context of the logged-in user.
Affected Systems:
- Adobe Substance 3D Painter 11.0.1 and earlier versions
- Adobe InCopy 20.2 and earlier versions
- Adobe InCopy 19.5.3 and earlier versions
- Adobe Experience Manager (AEM)
- AEM Cloud Service (CS) 6.5.22 and earlier versions
- Adobe Commerce 2.4.8
- Adobe Commerce 2.4.7-p5 and earlier versions
- Adobe Commerce 2.4.6-p10 and earlier versions
- Adobe Commerce 2.4.5-p12 and earlier versions
- Adobe Commerce 2.4.4-p13 and earlier versions
- Adobe Commerce B2B 1.5.2 and earlier versions
- Adobe Commerce B2B 1.5.2 and earlier 1.4.2-p5 and earlier versions
- Adobe Commerce B2B 1.5.2 and earlier 1.3.5-p10 and earlier versions
- Adobe Commerce B2B 1.5.2 and earlier 1.3.4-p12 and earlier versions
- Adobe Commerce B2B 1.5.2 and earlier 1.3.3-p13 and earlier versions
- Magento Open Source 2.4.8
- Magento Open Source 2.4.7-p5 and earlier versions
- Magento Open Source 2.4.6-p10 and earlier versions
- Magento Open Source 2.4.5-p12 and earlier versions
- Adobe InDesign ID20.2 and earlier versions
- Adobe InDesign ID19.5.3 and earlier versions
- Adobe Substance 3D Sampler 5.0 and earlier versions
- Acrobat DC 25.001.20521 and earlier versions
- Acrobat Reader DC 25.001.20521 and earlier versions
- Acrobat 2024 24.001.30235 and earlier versions
- Acrobat 2020 20.005.30763 and earlier versions
- Acrobat Reader 2020 20.005.30763 and earlier versions
Remediation Recommendations
- Ensure all versions of all Adobe products are updated to their latest versions
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
Risk
- Large and medium business entities: High
- Small business entities: Medium
References
Multiple Vulnerabilities in Mozilla Products
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow arbitrary code execution. Successful exploitation of these vulnerabilities could enable arbitrary code execution within the context of the logged-in user. Depending on the user's privileges, an attacker could then install programs; view, modify, or delete data; or create new accounts with full user rights.
Affected Systems:
- Firefox versions prior to 139.0.4
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all versions of all Mozilla products are updated to their latest versions
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Google Cloud Outage Knocks Major Services Offline
On Thursday afternoon, June 12, Google Cloud experienced a widespread outage lasting several hours, disrupting dozens of major web services, according to CNBC. The outage impacted most Google services and several third-party platforms that rely on Google Cloud, including Elastic, GitLab, GitHub, LangChain, Replit, Mailchimp, Twitch, Shopify, Spotify, and Discord. TechCrunch reported that the disruption affected millions of users during the middle of the workday.
Google confirmed that all systems were restored by 6:27 PM PDT and stated it had identified the root cause. A full incident analysis will be published following an internal investigation.
Initial speculation pointed to Cloudflare as a possible cause, but the company clarified that only a few of its services—those dependent on Google Cloud—were affected. A Cloudflare spokesperson told BleepingComputer, “This is a Google Cloud outage… Core Cloudflare services were not impacted.”
Cyberattacks Hit Major Retailers, Expose Shopper Data
In June 2025, a wave of cyberattacks targeting major retailers—including United Natural Foods, Marks & Spencer, Co-op, and Victoria’s Secret—has disrupted operations and left consumers facing empty shelves, blocked online orders, and the threat of exposed personal data. These attacks have not only caused supply chain issues and significant financial losses but have also raised concerns about downstream fraud from stolen customer information. The incidents highlight the critical role of cybersecurity compliance—such as adhering to data protection laws or maintaining ISO 27001 standards—in minimizing operational risk and safeguarding customer trust. Experts say ransomware and credential-stuffing attacks are becoming more common and stress the importance of stronger cyber hygiene, including multi-factor authentication and better risk management. Read the full story from the Associated Press.
