IT News Roundup: Zero-Day Exploits, Supply Chain Attacks, Record Patch Tuesday - June 16, 2026

The cybersecurity landscape continues to intensify in mid-2026. This week brought an emergency CISA directive for an actively exploited VPN zero-day, a record-breaking Microsoft Patch Tuesday with over 200 fixes, active exploitation of Oracle PeopleSoft before vendor patching, and alarming new data on how AI-driven code generation is doubling open source vulnerabilities.

CISA Issues Emergency Directive for Check Point VPN Zero-Day (CVE-2026-50751)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive ordering immediate patching of a critical zero-day vulnerability in Check Point VPN products, identified as CVE-2026-50751. The vulnerability is being actively exploited by ransomware groups to gain initial access into targeted networks.

CISA's emergency directives are reserved for the most severe threats and carry a 48-hour remediation window. Organizations running Check Point VPN solutions should prioritize patching immediately, as the exploit allows attackers to bypass authentication mechanisms and establish persistent access. The directive underscores the growing trend of ransomware operators targeting network infrastructure components as entry points.

Source: eSecurity Planet

Microsoft June 2026 Patch Tuesday: Record-Breaking 200+ Vulnerabilities Fixed

Microsoft's June 2026 Patch Tuesday delivered a record-breaking update cycle, addressing over 200 vulnerabilities across its product portfolio. Among the most critical is CVE-2026-45657, a remote code execution flaw in the Windows kernel rated CVSS 9.8 (Critical). The vulnerability stems from use-after-free and heap-based buffer overflow conditions that allow unauthenticated attackers to execute arbitrary code with no user interaction required.

CrowdStrike's analysis highlights the severity of this release, noting that the sheer volume of fixes reflects both an increase in reported vulnerabilities and Microsoft's accelerated patch cadence. IT administrators should prioritize deploying these updates immediately, particularly for systems exposed to untrusted networks. The Windows kernel RCE alone warrants emergency deployment given its low attack complexity and high impact.

Source: CrowdStrike

ShinyHunters Exploits Oracle PeopleSoft Zero-Day Before Vendor Patching

The threat actor group ShinyHunters has been observed actively exploiting a zero-day vulnerability in Oracle PeopleSoft (CVE-2026-35273) before Oracle released its advisory on June 10. The exploit enables unauthorized access to sensitive data within PeopleSoft deployments, with the group leveraging compromised systems for extortion attacks.

This case exemplifies the dangerous window between vulnerability discovery and vendor patching — a period that threat actors increasingly target for maximum impact. Organizations running Oracle PeopleSoft should verify they have applied the June 10 security update immediately and review access logs for signs of compromise. The incident also highlights the growing sophistication of extortion-focused threat groups targeting enterprise ERP systems.

Source: The Hacker News

WordPress Plugin Supply Chain Attack Compromises Multiple Popular Plugins

Security firm Sansec uncovered a supply chain attack targeting multiple popular WordPress plugins, discovering the same malicious JavaScript code injected into three separate plugin distributions. PushEngage confirmed that an attacker served tampered copies of its notification script, potentially allowing takeover of any website loading the compromised code.

The attack demonstrates how supply chain compromises in widely-used plugins can cascade across thousands of websites simultaneously. PushEngage, acquired by Awesome Motive (the company behind Jetpack), was so far the only vendor among the three to publicly acknowledge the incident. WordPress administrators should audit their plugin installations, verify script integrity through Content Security Policy headers, and consider switching to verified distribution channels.

Source: The Hacker News

Miasma Supply Chain Worm Toolkit Leaked Publicly

The June 11 ThreatsDay Bulletin from Rescana highlighted the public leak of the Miasma supply chain worm toolkit, marking a significant escalation in the global cyber threat landscape. The leaked toolkit provides attackers with automated capabilities for infiltrating software supply chains — capabilities previously limited to well-resourced threat actors.

The bulletin also documented successful phishing attacks targeting AI agents and a high-severity patch issued by Anthropic for its Claude Code GitHub Action, alongside 28 additional high-impact incidents. The Miasma leak is particularly concerning because it democratizes sophisticated supply chain attack techniques, potentially enabling less skilled attackers to conduct complex operations against software development pipelines.

Source: Rescana ThreatsDay Bulletin

Open Source Vulnerabilities Double as AI Code Generation Surges — Black Duck Report

The 2026 Open Source Security Risk Analysis (OSSRA) report from Black Duck reveals that open source vulnerabilities have doubled to an average of 581 per codebase, driven largely by the explosion in AI-assisted code generation. The report found that 87% of analyzed codebases are at risk and 65% have already been hit by attacks.

The correlation between AI adoption and vulnerability density is a growing concern for development teams. While AI coding assistants dramatically accelerate software delivery, they also introduce dependencies on third-party libraries and packages that may contain known vulnerabilities. Organizations relying on AI-generated code should implement stricter Software Bill of Materials (SBOM) tracking, automated dependency scanning in CI/CD pipelines, and regular vulnerability assessments.

Source: Black Duck Blog

Microsoft Faces Shareholder Lawsuit Over Azure Growth Disclosure

Shareholders have filed a lawsuit against Microsoft, accusing the company of defrauding investors by failing to disclose slowing growth in its Azure cloud business and the billions of dollars required for AI infrastructure spending. The case highlights growing scrutiny of how tech giants communicate their financial commitments to AI and cloud expansion.

The lawsuit comes as Oracle reported record Q4 FY2026 results driven by Cloud Infrastructure and Applications, with quarterly revenues increasing 21% to $19.2 billion. As competition in the cloud infrastructure market intensifies and capital expenditure on AI data centers reaches unprecedented levels, investors are demanding greater transparency about growth trajectories and spending commitments.

Sources: Reuters, Oracle Investor Relations