IT News Roundup: Microsoft Patch Tuesday Record, Check Point Zero-Day, Miasma Supply Chain Worm - June 15, 2026

The past week has been one of the most active periods for cybersecurity in recent memory. From record-breaking vulnerability disclosures to sophisticated supply chain attacks, IT professionals have had their hands full. Below are the key stories that defined this week's technology landscape.

Microsoft Ships Record-Breaking Patch Tuesday: 200 Flaws Fixed, Six Zero-Days Included

Microsoft released its June 2026 Patch Tuesday updates on June 9, addressing a staggering 200 vulnerabilities across its product ecosystem. The update cycle stands out as one of the largest in Microsoft history, with six zero-day vulnerabilities patched — five that were publicly disclosed and one actively exploited in targeted attacks.

The breadth of fixes spans Windows operating systems, Edge browser, Office applications, and various server products. Security administrators are urged to prioritize deployment immediately, particularly for the actively exploited flaws. The volume of patches underscores the growing complexity of Microsoft's attack surface as its software portfolio expands into AI-integrated services.

Source: BleepingComputer, CyberSecurityNews

Critical Check Point VPN Zero-Day (CVE-2026-50751) Exploited by Qilin Ransomware Affiliate

A critical authentication bypass vulnerability in Check Point's Remote Access VPN, Mobile Access, and Spark Firewall products has been confirmed actively exploited in the wild. Tracked as CVE-2026-50751 with a CVSS score of 9.3, the flaw exists in the deprecated IKEv1 key exchange protocol's certificate validation logic.

An unauthenticated attacker can manipulate the IKEv1 Phase 1 handshake to bypass all credential checks — including multi-factor authentication tokens — and obtain a fully authenticated VPN session without supplying valid credentials. Check Point published a security advisory on June 8, and CISA issued an emergency directive ordering immediate patching. A Qilin ransomware affiliate has been linked to exploitation of this vulnerability.

The attack vector specifically targets deployments that still accept legacy Remote Access clients using IKEv1. Organizations running Check Point VPN infrastructure are strongly advised to disable IKEv1 support entirely and migrate to IKEv2, while applying the available hotfix as an interim measure.

Source: Rapid7, Check Point Blog

Miasma Supply Chain Worm Compromises 73 Microsoft GitHub Repositories

The Miasma supply chain attack continued its rapid escalation between June 5 and June 7, crossing into new territory by compromising 73 Microsoft GitHub repositories across four major organizations: Azure, Azure-Samples, Microsoft, and MicrosoftDocs. The self-replicating worm operates through both npm and PyPI package registries.

The attack chain began with over 90 compromised versions of @redhat-cloud-services npm packages. Malicious code injected into these packages steals credentials from GitHub, cloud platforms, and local machines, then republishes trusted packages to spread further — functioning as a true supply chain worm. The "Hades Wave" extension dropped 37 malicious Python wheels on PyPI.

The public leak of the Miasma toolkit on June 11 raised concerns about wider adoption by threat actors. Microsoft disabled the affected repositories and advised developers to audit their CI/CD pipelines for signs of compromise, particularly checking for unauthorized preinstall scripts in package.json files.

Source: Microsoft Security Blog, Phoenix Security

Critical Splunk Enterprise Vulnerabilities Enable Unauthenticated Remote Code Execution

Splunk disclosed multiple high and critical vulnerabilities in its Enterprise platform on June 10, including CVE-2026-20253 — a CVSS 9.8 unauthenticated remote code execution flaw. The vulnerability affects Splunk Enterprise versions below 10.2.4 and 10.0.7.

CVE-2026-20253 allows attackers to execute arbitrary scripts, exfiltrate sensitive data, and perform unauthorized file operations without any authentication. Given that Splunk is widely deployed as a security information and event management (SIEM) platform, exploitation of this flaw would give attackers access to some of an organization's most critical security telemetry.

Additional vulnerabilities disclosed include improper access control flaws and third-party package issues tracked under CVE-2025-68161, CVE-2026-34480, and CVE-2026-34477. Splunk recommends immediate upgrades to version 10.2.4 or 10.0.7 for all affected deployments.

Source: The Hacker News, Splunk Security Advisories

VRChat Data Breach Exposes 2.4 Million Users' Account Information

VRChat, Inc. filed a data breach notice revealing that account information for more than 2.4 million users was compromised during unauthorized access between May 10 and May 12, 2026. The virtual social platform confirmed the incident in early June.

The breach involved unauthorized access to some account data stored by VRChat's infrastructure. Affected users are advised to review their account security settings and consider changing passwords on any services where they reused credentials from their VRChat accounts.

Source: Cyber Security Review

Anthropic Releases Claude Fable 5 — Then Pulls It After 72 Hours

Anthropic launched Claude Fable 5 on June 9, marketing it as the most capable model ever released to the general public and its first Mythos-class AI available publicly. The model featured built-in guardrails that blocked responses in high-risk domains such as cybersecurity and biology.

The release was short-lived. By June 12 — just three days later — access to Claude Fable 5 (and its sibling model, Claude Mythos 5) was suspended. Reddit communities quickly memorialized the brief window of availability with tributes to "RIP Claude Fable 5." The reasons for the rapid takedown were not publicly detailed by Anthropic.

The episode highlights the ongoing tension between releasing cutting-edge AI capabilities and managing safety concerns in real-world deployment scenarios. The model featured a 30-day data retention policy and premium pricing during its brief availability window.

Source: TechCrunch, Anthropic

Google Cloud Next '26: Gemini Enterprise Agent Platform and 8th-Gen TPUs Unveiled

Google's Cloud Next conference in Las Vegas delivered 260 announcements to over 32,000 attendees, with the centerpiece being the Gemini Enterprise Agent Platform — a comprehensive framework for building, scaling, governing, and optimizing AI agents. The platform is positioned as the foundation for what Google calls "the Agentic Enterprise."

Alongside the agent platform, Google unveiled its eighth-generation Tensor Processing Units (TPUs), continuing its push to compete with Nvidia in custom AI accelerator hardware. A $750 million partner innovation fund was also announced to accelerate enterprise adoption.

The announcements come as 75% of Google Cloud customers are now using AI products and the platform processes 16 billion tokens per minute via API, signaling substantial real-world traction for enterprise AI workloads on Google's infrastructure.

Source: Google Cloud Blog, Google Cloud Next 26