The “vCISO platform” label is outdated for today’s MSPs.

Service providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights.

That’s why the Security Growth Platform category has emerged — and Cynomi currently defines it with its unified frameworks and 100% partner-only model.

Read: https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html

⚡ PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans.

Monday #cybersecurity recap is stacked.

Read it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html

🔥 A new supply chain attack has hit official Red Hat Cloud Services npm packages.

The Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.

It also adds persistence and downstream poisoning.

Read: https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html

🚨 A brute-force attack against certain Dashlane accounts bypassed 2FA protections in a handful of cases, allowing attackers to register new devices and download encrypted vault copies.

Fewer than 20 personal plan users were affected.

Full details: https://thehackernews.com/2026/06/dashlane-discloses-brute-force-attack.html

⚠️ Pakistan-aligned SideCopy group is hitting Afghanistan’s Ministry of Finance with spear-phishing attacks using Xeno RAT.

Attackers are sending ZIP files with malicious LNK files named in Pashto to trick government officials. The LNK uses mshta.exe to install Xeno RAT 1.8.7, which gives attackers persistent access for keylogging, screenshots, and more.

Read: https://thehackernews.com/2026/06/pakistan-linked-sidecopy-targets.html

Many organizations invest in EDR but still lack real resilience. Lean teams drown in alerts, investigations lag, and responses are slow.

AI attacks are rising (67% of organizations affected), and 84% of major incidents now use living-off-the-land techniques.

Visibility alone isn’t enough.

Bitdefender GravityZone PHASR reduces attacker opportunities, while MDR adds 24x7 expert response.

Read: https://thehackernews.com/2026/06/how-leading-organizations-are-turning.html

🔴 A 19-year-old #Linux vulnerability called CIFSwitch allows low-privileged users to gain root access.

SpaceX security engineer Asim Viladi Oglu Manizada discovered the logic flaw between the kernel’s CIFS client and the cifs-utils package. The issue has existed since 2007.

A patch was merged into mainline Linux on May 19, 2026.

Details: https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html#:~:text=New%20Linux%20Flaw%20CIFSwitch%20Uncovered

🔒 Fragmented identity pipelines are failing against digital injection attacks.

Hubert Behaghel, CTO at Veriff, explains that stitching together multiple vendors for camera capture, liveness detection, and risk scoring often drops critical signals like device telemetry and session context. This creates easy entry points for attackers using virtual cameras and emulators.

Integrated systems that maintain end-to-end visibility offer much stronger protection.

Read: https://thehackernews.com/expert-insights/2026/06/why-fragmented-identity-pipelines-fail.html

AI workloads are scaling rapidly across cloud environments, and security teams now have better visibility into what that means for cloud operations, development workflows, and security strategy in practice.

On June 16 at 12:00 PM ET, Wiz Research will break down the key findings from the State of AI in the Cloud 2026 report and what they signal for your security program.

The session covers:
🔸 Where AI adoption is accelerating: Which cloud services, agent patterns, and copilot architectures are growing fastest
🔸 How cloud environments are evolving: What new connectivity and visibility considerations AI workloads introduce across identity, data, and infrastructure.
🔸 What attackers are already doing: How threat actors use AI to find and exploit misconfigurations faster

Save Your Spot: https://thn.news/thn-ai-cloud-2026

🚨 An actively exploited #Oracle WebLogic Server flaw has been added to CISA's KEV catalog.

CVE-2024-21182 (CVSS 7.5) allows unauthenticated attackers with network access to compromise vulnerable servers and access critical data.

Federal agencies must patch by June 4, 2026.

Details: https://thehackernews.com/2026/06/oracle-weblogic-cve-2024-21182-added-to.html

Russian state-backed hackers Gamaredon are exploiting a critical WinRAR vulnerability to attack Ukraine.

They’re weaponizing CVE-2025-8088 with GammaPhish HTA files.

This leads to GammaLoad downloaders, which deploy:
• GammaWorm — a stealthy self-spreading worm using malicious LNK files
• GammaSteel — a modular information stealer

Highly evasive chain with Telegram C2 and NTFS hiding techniques.

Details: https://thehackernews.com/2026/06/gamaredon-exploits-winrar-to-deliver.html

AI is shrinking exploitation timelines from days to hours.

Enterprises still take a median of 43 days to patch critical vulnerabilities.

That's a gap attackers are already exploiting.

Patching alone isn't enough.

Read: https://thehackernews.com/2026/06/ai-driven-exploitation-is-destroying.html

🚨 Android just patched 124 security flaws.

One of them — CVE-2025-48595 (CVSS 8.4) — may already be seeing limited targeted exploitation.

No user interaction required. #Android 14, 15, 16, and 16 QPR2 affected.

Read: https://thehackernews.com/2026/06/google-june-2026-android-update-patches.html

🚨 Big red flags for gamers and downloaders this week.

🔸 Weedhack malware is hitting #Minecraft players via YouTube fake mods and clients, stealing accounts and enabling remote spying.
🔸 CountLoader has infected 86,000 systems through cracked software.
🔸 Pirated streaming sites are silently installing crypto miners.

Read details: https://thehackernews.com/2026/06/weedhack-attacks-minecraft-users.html

Double-check every download.