Google has released security updates to address multiple vulnerabilities in Google Chrome. The most serious of these flaws could allow an attacker to execute arbitrary code on a vulnerable system simply by convincing a user to visit a malicious website.
If successfully exploited, an attacker could gain the same permissions as the logged-in user. Depending on the user's privilege level, this could allow the attacker to:
Systems where users operate with administrative rights face a greater risk than those following the Principle of Least Privilege.
Google Chrome Releases Blog:
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
Adobe has released security updates to address multiple vulnerabilities affecting Adobe Campaign Classic and Adobe ColdFusion. The most serious of these vulnerabilities could allow an attacker to execute arbitrary code on a vulnerable system.
Adobe Campaign Classic is an enterprise marketing automation platform used to manage personalized, cross-channel marketing campaigns. Adobe ColdFusion is a web application development platform used to build and deploy dynamic web and mobile applications.
If successfully exploited, an attacker could gain the same permissions as the logged-in user. Depending on the user's privilege level, this could allow the attacker to:
Systems where users operate with administrative rights face a greater risk than those following the Principle of Least Privilege.
Adobe Campaign Classic
Adobe ColdFusion
Mozilla has released security updates to address multiple vulnerabilities affecting Firefox and Thunderbird. The most serious of these vulnerabilities could allow an attacker to execute arbitrary code on a vulnerable system.
If successfully exploited, an attacker could gain the same permissions as the logged-in user. Depending on the user's privilege level, this could allow the attacker to:
Systems where users operate with administrative rights face a greater risk than those following the Principle of Least Privilege.
Mozilla Firefox
Mozilla Thunderbird
Security researchers at Jamf have identified a new macOS information-stealing malware, dubbed PamStealer, that disguises itself as the legitimate open-source clipboard manager Maccy.
The malware is distributed through social engineering, using a fake installer that appears legitimate while concealing its malicious code beneath a large block of blank lines. This technique makes the malicious content more difficult for users to notice.
Once launched, PamStealer displays what looks like a legitimate macOS system password prompt, asking the user to authorize changes. Unlike many credential-stealing attacks, the malware verifies the password locally using macOS's Pluggable Authentication Modules (PAM). If the password is incorrect, the prompt continues to appear until the correct password is entered.
By confirming that stolen credentials are valid before transmitting them, PamStealer increases the likelihood that attackers can successfully access the victim's accounts or systems.
Organizations should remind users to download software only from trusted sources, verify application installers, and be cautious of unexpected password prompts requesting administrative credentials.
Cisco has confirmed that threat actors are actively exploiting a critical vulnerability (CVE-2026-20230) affecting Cisco Unified Communications Manager (Unified CM).
The vulnerability is a Server-Side Request Forgery (SSRF) flaw that can allow an attacker to escalate privileges and gain root-level access to a vulnerable system.
Security researchers first observed active exploitation in mid-June 2026, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on June 25, 2026, highlighting the need for immediate remediation.
Cisco has updated its security advisory to confirm the ongoing attacks and strongly recommends that all affected customers upgrade to a patched software release as soon as possible.
Organizations using Cisco Unified CM should immediately verify their software versions, apply Cisco's security updates, and prioritize remediation of internet-facing or business-critical systems.