SECURITYINTEL DAILY BRIEF ■ ThreatIntel BriefWednesday, June 10, 2026 INTEL CONFIDENCE 100% | THREAT LEVEL CRITICAL |
|
THREAT OF THE DAY Active Chrome V8 Zero-Day and Record Patch Tuesday | CRITICAL |
|
5 C2 IPs | 63 OTX IOCs | 35 ARTICLES |
|
■ ANALYST TLDR The threat landscape is dominated by a massive June 2026 Patch Tuesday cycle alongside active zero-day exploitation. Organizations must immediately address an actively exploited Google Chrome V8 zero-day (CVE-2026-11645) and a critical Veeam Backup & Replication remote code execution vulnerability (CVE-2026-44963). Additionally, Microsoft has patched over 200 vulnerabilities, including a critical Microsoft Defender privilege escalation zero-day ("RoguePlanet") and supply chain compromises affecting GitHub, NPM, and PyPI. |
|
■ CRITICAL STORIES Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild Attackers are actively exploiting an out-of-bounds write vulnerability in Google Chrome's V8 engine to execute arbitrary code, necessitating immediate browser updates. |
A Record-Breaking Patch Tuesday for June 2026 Microsoft patched over 200 vulnerabilities, including three zero-days and 38 critical flaws, highlighting a massive attack surface expansion and urgent patching requirements. |
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code Tracked as CVE-2026-44963 (CVSS 9.4), this vulnerability allows authenticated domain users to execute remote code on backup infrastructure, posing a high risk of ransomware deployment. |
Microsoft Restores GitHub Repos Compromised in Miasma Supply Chain Attack Attackers compromised 73 open-source projects on GitHub to inject information stealers, part of a broader "Shai-Hulud" supply chain campaign impacting NPM and PyPI. |
|
■ CVEs IDENTIFIED CVE-2026-11645 Google Chrome (V8) — Out-of-bounds write leading to arbitrary code execution |
CVE-2026-44963 Veeam Backup & Replication — Remote code execution via domain user privileges |
[CVE-TBD] Microsoft Defender (RoguePlanet) — Local privilege escalation to SYSTEM privileges |
[CVE-TBD] ServiceNow API — Unauthenticated data exposure via vulnerable API endpoint |
|
■ THREAT ACTORS SiribClone | APT / Cyberespionage |
Targeting Russian soldiers with romance scams to conduct espionage |
Earth-aligned groups (Russia-aligned) | APT |
Exploiting WinRAR vulnerabilities to deploy information stealers in Ukraine |
Shai-Hulud / Miasma / Hades actors | Cybercrime / Supply Chain |
Compromising GitHub repos, NPM, and PyPI packages to inject info stealers |
|
|
|
■ ATT&CK TTPs | T1190 | | Exploit Public-Facing Application | ServiceNow API vulnerability exploited to query customer data |
| T1068 | | Exploitation for Privilege Escalation | Microsoft Defender 'RoguePlanet' zero-day used to gain SYSTEM privileges |
| T1195.002 | | Compromise Software Supply Chain | Shai-Hulud campaign injecting info stealers into GitHub, NPM, and PyPI packages |
| T1204.002 | | Malicious File | Russia-aligned groups exploiting WinRAR vulnerabilities via malicious archives |
| T1562.001 | | Disable or Modify Tools | Abusing cloud logging services to evade defense and visibility |
| T1566 | | Phishing | SiribClone using romance-themed phishing; OpenClaw AI agent falling for phishing |
|
■ PATCH PRIORITY CRITICAL — Google Chrome — Active in-the-wild exploitation of V8 zero-day (CVE-2026-11645) — THN |
CRITICAL — Veeam Backup & Replication — CVSS 9.4 RCE vulnerability (CVE-2026-44963) exploitable by domain users — THN |
CRITICAL — Microsoft Defender — 'RoguePlanet' zero-day grants local SYSTEM privileges — BC |
CRITICAL — Microsoft Windows — June 2026 Patch Tuesday fixes 200+ flaws and 3 zero-days — KRB |
|
|
|
■ RECOMMENDED ACTIONS TODAY | 1 | [P1] Immediately patch Google Chrome to address the actively exploited V8 zero-day (CVE-2026-11645). |
| 2 | [P1] Apply security updates for Veeam Backup & Replication to remediate the critical RCE vulnerability (CVE-2026-44963). |
| 3 | [P1] Deploy June 2026 Patch Tuesday updates for Microsoft Windows and Microsoft Defender to mitigate the 'RoguePlanet' SYSTEM privilege escalation zero-day. |
| 4 | [P2] Apply SAP June 2026 Security Patches for SAP NetWeaver and SAP Commerce Cloud to prevent memory corruption and data disclosure. |
| 5 | [P2] Audit and update Adobe Experience Manager deployments to patch critical arbitrary code execution vulnerabilities. |
|
|
|
C2 IP BLOCKLIST · AbuseCH Feodo · Showing 5 of 5 IP ADDRESS 162.243.103.246 | PORT 8080 | STATUS OFFLINE | MALWARE Emotet | COUNTRY US |
IP ADDRESS 50.16.16.211 | PORT 443 | STATUS ONLINE | MALWARE QakBot | COUNTRY US |
IP ADDRESS 34.204.119.63 | PORT 443 | STATUS OFFLINE | MALWARE QakBot | COUNTRY US |
IP ADDRESS 178.62.3.223 | PORT 443 | STATUS OFFLINE | MALWARE QakBot | COUNTRY GB |
IP ADDRESS 27.133.154.218 | PORT 443 | STATUS OFFLINE | MALWARE QakBot | COUNTRY JP |
|
FULL IOC EXPORT — GOOGLE SHEET All live IOCs with full SHA256 hashes (OTX), IPs, and domains. 2 tabs: C2 IPs · OTX IOCs
Updated daily · Export as CSV to import directly into your tools ■ Open Full IOC Sheet → |
|
IOC SOURCES: AbuseCH Feodo · AlienVault OTX
NEWS: THN · KRB · SANS · REC · BC · SW · AWS · GCP · MSFT · U42 · SCH · MWB |