Daily Security Briefing #279

June 8, 2026 | Read Online

Critical Check Point VPN Zero-Day Exploited, Zcash vulnerability exposed, Verizon VoLTE SIP manipulation, and AI training data poisoning…

Executive Summary

The cybersecurity landscape has witnessed a surge in critical vulnerabilities and exploits. A zero-day exploit of the Check Point VPN authentication bypass vulnerability (CVE-2026-50751) is being actively exploited. Meanwhile, a critical Zcash vulnerability was discovered and fixed by the Zcash team. Additionally, Verizon’s VoLTE infrastructure has been found vulnerable to SIP message manipulation. Furthermore, AI training data poisoning has become a growing concern.

Top Articles

Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751) A critical authentication bypass vulnerability affecting Check Point Remote Access VPN and Mobile Access deployments has been exploited in the wild. The vulnerability allows attackers to establish a VPN session without possession of a valid password. rapid7.com

Critical Zcash Vulnerability Found and Fixed A critical vulnerability was discovered in the Zcash Orchard privacy pool using Claude Opus 4.8, which has been fixed by the Zcash team. schneier.com

Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Check Point Research has identified active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN and Mobile Access deployments. checkpoint.com

Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts. gbhackers.com

One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public A security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. thehackernews.com

Attackers Can Manipulate SIP Messages in Verizon VoLTE Deployments A critical vulnerability has been discovered in Verizon’s Voice over LTE (VoLTE) infrastructure, exposing Session Initiation Protocol (SIP) messages to manipulation. cyberpress.org

New Lucid Stealer Targets Browsers, Crypto Wallets, and Discord Tokens A new build of Lucid Stealer, a Malware-as-a-Service (MaaS), targets numerous browsers, cryptocurrency wallets, and Discord tokens while providing operators with full post-infection access. cyberpress.org

Pink Hacking Group Targets Enterprises to Steal Cloud Passwords A newly observed extortion brand called Pink (CL-CRI-1147) is actively targeting enterprise users to harvest cloud storage credentials and bypass multi-factor authentication. gbhackers.com

Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order Meta detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group and is filing a federal court contempt order against the company for violating a permanent injunction. thehackernews.com

Anthropic’s Project Glasswing Update Anthropic has published an update on its Project Glasswing, which aims to let companies use their new model to find and fix vulnerabilities in their own software. schneier.com

How to Rate the AI We’re All Chasing A three-axis rating gauge for evaluating AI models based on customization, integration, and competence has been proposed. danielmiessler.com

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.