Today's Top Windows System Articles for 2026-06-03
Articles for the IT Professional. Today's edition includes 150 articles from 31 sites. We chose these from 6975 articles found on 140 sites.
Today's featured sites are:
BleepingComputer, WinBuzzer, HTMD Community Intune Windows Modern Workplace Device Management, Irish Tech News, www.theregister.com - Articles, Microsoft unveils Scout, an autonomous AI agent built on OpenClaw – Computerworld, Radar, TechPlanet, IEEE Spectrum, Fast Company - technology, Techdirt, Windows 10 Help Forums, AppleInsider News, 9to5Mac, darkreading, Check Point Research, Reddit : Sysadmin, GeekWire, Latest from Windows Central , BetaNews, Krebs on Security, ATA Learning, Reddit : K-12 Systems Administrators, Ars Technica - All content, Virtually Boring, Azure Citadel, MSRC Security Update Guide, Neowin, Blog – Hackaday, Technology | Vox, Office 365 for IT Pros.
Critical Windows Netlogon RCE flaw now exploited in attacks
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vuln...
BleepingComputer
Jun 1, 2026 - bleepingcomputer.com
GitHub Ban Escalates Microsoft’s YellowKey Dispute
GitHub's reported ban on Nightmare-Eclipse after Windows zero-day posts has intensified Microsoft's YellowKey dispute over disclosure, bounties and trust. The post GitHub Ban Escalates Microsoft’s Yel...
WinBuzzer
Jun 1, 2026 - winbuzzer.com
How Automates Data Collection to Boost Phishing Protection using Intune Policy
Hello - Here is the new HTMD Blog Article for you. Enjoy reading it. Subscribe to YouTube Channel https://www.youtube.com/c/AnoopCNairSCCM?sub_confirmation=1 and LinkedIn page for latest updates htt...
HTMD Community Intune Windows Modern Workplace Device Management
Jun 1, 2026 - anoopcnair.com
What is the impact of ageing and impact of social media on the brain? Robert Boyle Summer School
Ageing mind and impact of social media on the brain up for debate at Robert Boyle Summer School June 4 to 7 What effect does social media have on the mind? What changes take place in the ageing mind a...
Irish Tech News
Jun 1, 2026 - irishtechnews.ie
Techie expensed a bag of oranges and then juiced up a stupid security incident
He knew this was amazingly dumb but couldn’t stop laughing as the fruit went splat
www.theregister.com - Articles
Jun 1, 2026 - theregister.com
Race Against Time: Why Faster Vulnerability Alerts Matter
Attackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response ti...
BleepingComputer
Jun 1, 2026 - bleepingcomputer.com
LLMs are closer to religion than they appear. Watch out for those who like it that way
Papal's 40k-word encyclical drops and lawyers already asking if Catholics can refuse workplace AI on religious grounds
www.theregister.com - Articles
Jun 1, 2026 - theregister.com
Microsoft investigates Office Apps, Teams file access issues
Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]
BleepingComputer
Jun 1, 2026 - bleepingcomputer.com
Windows 11 Smart App Control explained
In the ever-evolving cybersecurity landscape, Microsoft has introduced various new features in Windows 11 designed to protect users from modern workplace threats. Among such features, Smart App Contro...
Microsoft unveils Scout, an autonomous AI agent built on OpenClaw – Computerworld
Jun 1, 2026 - computerworld.com
SaaS Is Not Dead Yet
With the rise of agents, many people have been proclaiming that the age of software as a service (SaaS) is over. Who needs to subscribe to a service when you can create your own software with a few En...
Radar
Jun 1, 2026 - oreilly.com
Chuwi Minibook X: The Modern Netbook We Didn't Know We Needed
Netbooks Are Dead, Long Live the Minibook Netbooks were a phenomenon of the late 2000s — cheap, portable, underpowered laptops that promised computing on the go. They mostly failed because they were t...
TechPlanet
Jun 1, 2026 - techplanet.today
Why Sardinians Are Fighting the Renewable Energy Transition
“Not in my backyard” is the rallying cry of citizens everywhere resisting projects proposed for their locality. Whether it’s affordable housing, a waste treatment plant, or a new data center, they may...
IEEE Spectrum
Jun 1, 2026 - spectrum.ieee.org
AI was supposed to prevent downtime. Instead, it’s creating new kinds of outages
Enterprise AI promised executives something close to operational certainty: fewer outages, less human error, and systems capable of catching problems before customers ever noticed. But a new report fr...
Fast Company - technology
Jun 1, 2026 - fastcompany.com
IBM unveils tool to track sovereignty risks for cloud workloads
IBM has launched a tool designed to help customers assess cloud-sovereignty risks and meet regulatory compliance requirements. The Sovereignty Risk Profile launch comes as digital sovereignty becom...
Microsoft unveils Scout, an autonomous AI agent built on OpenClaw – Computerworld
Jun 1, 2026 - computerworld.com
AT&T Sues California Regulators For Trying To Make Broadband Affordable
Five years years ago AT&T effectively stopped selling DSL and started hanging up on DSL and copper phone line customers. While killing landlines and DSL is understandable given the limitations of the ...
Techdirt
Jun 1, 2026 - techdirt.com
Intel stakes new claim in physical AI with robotics chips
Intel is invading the physical AI space with a reentry into the robotics market it quit many years ago amid financial struggles. The robotics strategy is part of the company’s larger plan to establi...
Microsoft unveils Scout, an autonomous AI agent built on OpenClaw – Computerworld
Jun 1, 2026 - computerworld.com
Windows 10 Secure Boot Certificate Update Issue - 0x800f0922
*0x800f0922 - Cannot update Windows 10 - KB5082200 / KB5087544* Let me preface this by saying that this PC runs like a triple crown thoroughbred. It simply works without issue with this exception. ...
Windows 10 Help Forums
Jun 1, 2026 - tenforums.com
Nvidia's N1X Apple Silicon rival is two years behind
Nvidia has stepped into the processor market with its RTX Spark, but at first glance, it's clearly behind Apple Silicon by a considerable margin.The RTX Spark is attempting to take on Apple Silicon - ...
AppleInsider News
Jun 1, 2026 - appleinsider.com
Controller for HomeKit app adds AI feature: ‘Just say it’
The Controller for HomeKit app has just been updated with a new AI feature which the developer is promoting with the phrase “just say it”. The idea is that you use natural language to describe what...
9to5Mac
Jun 1, 2026 - 9to5mac.com
Password manager Dashlane suspends customer accounts amid brute-force attacks
Engineers' weekends ruined as Dashlane's automatic protections kicked in
www.theregister.com - Articles
Jun 1, 2026 - theregister.com
The Pentagon is pushing for AI on the battlefield. This top military leader is urging caution
The Trump administration is pushing to unleash the power of artificial intelligence for the U.S. military while facing calls to put up guardrails around the rapidly developing technology from some com...
Fast Company - technology
Jun 1, 2026 - fastcompany.com
As the U.S. faces a worsening shortage of care for the elderly, can robots fill the gap?
After outliving Booker T. Bones, their second service dog, Brenda and Brian Marquis still needed help with some of the more difficult parts of daily life.They found Robbie, a robot that rolls out of a...
Fast Company - technology
Jun 1, 2026 - fastcompany.com
Palo Alto VPN bug graduates from advisory to active exploitation
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users
www.theregister.com - Articles
Jun 1, 2026 - theregister.com
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
darkreading
Jun 1, 2026 - darkreading.com
1st June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Carnival Corporation, a global cruise line operator, h...
Check Point Research
Jun 1, 2026 - research.checkpoint.com
OpenAI enhances ChatGPT app with this hidden feature
OpenAI recently added a new feature to the ChatGPT app: a hidden gesture that lets you instantly set the effort level of a prompt. ChatGPT also introduced a new way to easily navigate longer conversat...
9to5Mac
Jun 1, 2026 - 9to5mac.com
If everything is a "Critical" priority, then nothing is
$1 submitted by /u/Exo_Skeleton99
Reddit : Sysadmin
Jun 1, 2026 - reddit.com
Zuckerberg’s yacht leaves Seattle’s Lake Union, anchors in Elliott Bay
After several days docked on Lake Union, drawing crowds and hecklers, Mark Zuckerberg's superyacht slipped back through the Ballard Locks and is now anchored in Elliott Bay. Why it's in Seattle remain...
GeekWire
Jun 1, 2026 - geekwire.com
Baldur's Gate 3's D&D RPG predecessor is getting a remake according to a new report — and I wouldn't be surprised if the first game was, too
Baldur's Gate 3 publisher Wizards of the Coast is reportedly making a remake of the second game in the D&D RPG series. Is the original getting one, too?
Latest from Windows Central
Jun 1, 2026 - windowscentral.com
California passes bill declaring death-by-algorithm to 3D-printed ghost guns
Last-hour amendments aim to allay privacy concerns, but broad scepticism about feasibility remains
www.theregister.com - Articles
Jun 1, 2026 - theregister.com
Leaker reveals new iPhone Ultra feature, release timing update
Weibo leaker Fixed Focus Digital has shared a new post about the iPhone Ultra today that reveals a feature not rumored before—a vapor chamber—alongside a release timing update. more…
9to5Mac
Jun 1, 2026 - 9to5mac.com
Microsoft fixes problem that stopped KB5089549 update for Windows 11 installing
After releasing yet another Windows 11 update that was problematic, Microsoft has been forced to issue a fix. The recently released KB5089549 update failed to install for some users, resulting in an 0...
BetaNews
Jun 1, 2026 - betanews.com
AI Sovereignty and the Architecture of Participation
Adam Tooze recently shared a piece from The Economist about Brazil’s push for what it calls “medical sovereignty,” the determination to make its own vaccines and the active ingredients that go into it...
Radar
Jun 1, 2026 - oreilly.com
Solved interpretation of chkdsk output and related issues
Hi all, my 1TB external Seagate HDD developed an issue 2 days ago, I saw the warning light from HDSentinel, opened it up and the health had been reduced to 13%. I ran their test at disk/surface tes...
Windows 10 Help Forums
Jun 1, 2026 - tenforums.com
Sketchy iPhone Fold production issue guesswork won't prevent a September launch
Problematic hinge and motherboard claims aside, the rumor mill has decided that the iPhone Fold will be coming out in the fall of 2026. Only Apple really knowsA render of what the iPhone Fold could lo...
AppleInsider News
Jun 1, 2026 - appleinsider.com
CBP Commander Greg Bovino Is Taking Guest Speaker Spots At White Nationalist Conferences
CBP Commander-at-Large Gregory Bovino made that title literal by showing up wherever Trump needed trouble started. Once he had arrived far north of the southern border he was supposed to be patrolling...
Techdirt
Jun 1, 2026 - techdirt.com
Microsoft’s own data suggests AI is more expensive than hiring humans, as a mystery firm burns USD 500 million on Claude in one month
Microsoft data shows AI costs surpass payroll, with a $500 million Claude fiasco proving how expensive automation can get.
Latest from Windows Central
Jun 1, 2026 - windowscentral.com
Scoop: Medical technology giant plans to put its longtime Seattle-area campus up for sale
Philips plans to put its Bothell, Wash., campus up for sale, marking a significant moment for Washington state’s medical device industry and for a site that helped establish the region as a global cen...
GeekWire
Jun 1, 2026 - geekwire.com
Insane response from Microsoft support
$1 submitted by /u/SurfeitedSysadmin
Reddit : Sysadmin
Jun 1, 2026 - reddit.com
Anyone shutting down all IT equipment down on July 13th 11:59pm?
$1 submitted by /u/Ooops-I-hid-it-again
Reddit : Sysadmin
Jun 1, 2026 - reddit.com
NVIDIA's new "RTX Spark" platform is less of a threat to Qualcomm's chips and more of an ally to Microsoft's Windows on ARM PCs
NVIDIA confidently enters the Windows on ARM space with its new RTX Spark processors, but that doesn't make the N1x chip an enemy to Qualcomm or Snapdragon X.
Latest from Windows Central
Jun 1, 2026 - windowscentral.com
macOS 26.5.1 is out with an important fix for enterprise users
Apple just rolled out macOS 26.5.1, which fixes a bug that had been causing Macs with the M5 Apple silicon to unexpectedly shut down under certain conditions. Here are the details. more…
9to5Mac
Jun 1, 2026 - 9to5mac.com
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions be...
Krebs on Security
Jun 1, 2026 - krebsonsecurity.com
How to Troubleshoot Active Directory Replication Errors
Troubleshoot Active Directory replication errors by isolating 1311, 1722, 2087, and USN rollback issues with repadmin, dcdiag, DNS, RPC, and KCC checks.
ATA Learning
Jun 1, 2026 - adamtheautomator.com
IEEE President’s Note: Designing a Safer Digital World for Kids
Children born after 2013 are the first generation to grow up fully immersed in digital systems, which weren’t designed with them in mind. One‑third of the world’s Internet users are younger than 18, a...
IEEE Spectrum
Jun 1, 2026 - spectrum.ieee.org
Update for iOS 26.5.1 fixes iPhone 17, iPhone Air wired charging bug
A point release for iOS 26.5.1 has arrived, with the minor changes fixing a charging bug affecting the iPhone 17 and iPhone Air.The iOS 26.5.1 update fixes a charging issue in the iPhone 17 family and...
AppleInsider News
Jun 1, 2026 - appleinsider.com
Unexpected M5 Mac shutdowns get a fix in macOS Tahoe 26.5.1
Apple has released macOS Tahoe 26.5.1, fixing a bug that could cause some M5 Macs using content-filtering network extensions to shut down unexpectedly.MacBook Air with M5 chipThe maintenance update ta...
AppleInsider News
Jun 1, 2026 - appleinsider.com
Windows Hello For Business For Passwordless Login For Entra IDP?
$1 submitted by /u/AverageDataAdmin
Reddit : K-12 Systems Administrators
Jun 1, 2026 - reddit.com
Microsoft's Zero-Day Legal Threats Spark Backlash
After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.
darkreading
Jun 1, 2026 - darkreading.com
A sports power play for Melinda French Gates as she takes minority stake in Seattle Kraken hockey team
French Gates called herself "a big believer in the power of sports" and said that after many years of "cheering on Seattle from the sidelines," she's excited "to have an even deeper connection to the ...
GeekWire
Jun 1, 2026 - geekwire.com
To all my 'jack of all trades' sysadmins - give me a list of everything you are responsible for you in your environment
$1 submitted by /u/ChesterM54
Reddit : Sysadmin
Jun 1, 2026 - reddit.com
Moderna gets $50 million to develop mRNA Ebola vaccine against Bundibugyo
Amid a raging Ebola outbreak, officials "urgently accelerate development" of vaccines.
Ars Technica - All content
Jun 1, 2026 - arstechnica.com
Election interlopers register 5K+ domains, hope to catch some voting phish
Hacking voting machines is so 2017. Phishing, impersonation pose the real election risks
www.theregister.com - Articles
Jun 1, 2026 - theregister.com
9to5Mac Daily: June 1, 2026 – Apple TV and AI glasses rumors
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple’s Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overca...
9to5Mac
Jun 1, 2026 - 9to5mac.com
Upgrading Proxmox VE 8 to 9: A Real-World Walkthrough
I’ll be honest — I’ve been putting this off for a while. Proxmox VE 9 dropped earlier this year, and every time I looked at the upgrade guide I thought “yeah, I’ll get to that.” This weekend I finally...
Virtually Boring
Jun 1, 2026 - virtuallyboring.com
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
TeamPCP? Or copycat malware dev?
www.theregister.com - Articles
Jun 1, 2026 - theregister.com
Terraform MCP Server update
The Terraform MCP Server has evolved significantly since I covered it in the Fabric Terraform series. It has moved well beyond a simple registry lookup tool and is now at v0.5.2. Here is a summary of ...
Azure Citadel
Jun 2, 2026 - azurecitadel.com
CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-6735 XSS within PHP-FPM status endpoint
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46184 sound: ua101: fix division by zero at probe
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-7568 Signed integer overflow in metaphone()
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Information published.
MSRC Security Update Guide
Jun 2, 2026 - msrc.microsoft.com
Feds Begin Targeting ‘Anti-Technology Extremists’ Which Is Going To Make Everything So Much Worse
The whole conversation around AI is about to get much, much worse. We’ve been talking a lot about AI, generative AI, LLMs, or whatever your preferred moniker has become, for some time now. And for goo...
Techdirt
Jun 2, 2026 - techdirt.com
OpenAI hit with new Florida lawsuit over claims it misled users about ChatGPT safety
The Florida Attorney General has filed a lawsuit against the AI lab OpenAI, claiming that the company exploits users and puts children at risk of self-harm. Read more...
Neowin
Jun 2, 2026 - neowin.net
Restoring Apple’s Terrible but Awesome iBook Laptop
Before the Apple MacBook there was the Apple iBook, fruity 1999 colors included. These PowerPC-based laptops targeted low-cost PC-compatible laptops much like the iMac did, albeit it the latter with …...
Blog – Hackaday
Jun 2, 2026 - hackaday.com
Americans don’t know how to fight AI. So they’re fighting data centers.
Demonstrators protest a data center in Tucson, Arizona, in May 2026. | Mamta Popat/Arizona Daily Star via Getty Images On its surface, the national revolt against data centers seems simple: They are...
Technology | Vox
Jun 2, 2026 - vox.com
How to Report Recent Changes made to Distribution Lists
A recent discussion about reporting changes to Microsoft 365 groups provoked the question about how to report distribution list changes. The answer is that the same structure can be taken in a PowerSh...
Office 365 for IT Pros
Jun 2, 2026 - office365itpros.com
The AI pricing conundrum — it started as a nightmare, now it’s worse.
Enterprise IT leaders have always struggled with AI pricing, especially the need to pay for AI in a way that delivers ROI. But the typical IT exec may not be right person to decide how a company uses ...
Microsoft unveils Scout, an autonomous AI agent built on OpenClaw – Computerworld
Jun 2, 2026 - computerworld.com
No battery percentage display in Taskbar/yellow triangles
This is concerning the wife's old laptop (Toshiba Satellite) that sat unused for a while. I can only assume (don't remember) if this problem existed before. There is no "Power" option in the Taskb...
Windows 10 Help Forums
Jun 2, 2026 - tenforums.com
Google fixes one actively exploited Android zero-day, 124 flaws
Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]