Ubiquiti Patches Critical Command Injection Flaws in UniFi OS

Ubiquiti patched five vulnerabilities in UniFi OS and UID Enterprise Agent, including three critical command injection and privilege escalation flaws with CVSS scores of 9.9. These vulnerabilities allow attackers with network access to take full control of networking hardware or steal sensitive data.

**Make sure all your UniFi OS devices and UID Enterprise Agents are isolated from the internet and reachable only from trusted networks. Prioritize fixing any devices that are currently internet-facing. Then update everything to the fixed versions right away: UID Enterprise Agent 1.61.4, UniFi OS 5.1.15 (or 5.1.16 for UNAS storage appliances), and Express 4.0.15.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ubiquiti-patches-critical-command-injection-flaws-in-unifi-os-y-b-9-z-4/gD2P6Ple2L

Norfolk and Norwich University Hospital Patient Data Stolen in Synnovis Ransomware Attack

Norfolk and Norwich University Hospital suffered a data breach after the Qilin ransomware group attacked its third-party provider, Synnovis, leaking sensitive medical records of tens of thousands of patients.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/norfolk-and-norwich-university-hospital-patient-data-stolen-in-synnovis-ransomware-attack-5-7-j-e-o/gD2P6Ple2L

Elmwood Home Care Ransomware Attack Exposes Patient Medical and Personal Data

Elmwood Home Care reported a ransomware attack by the Lockbit 5.0 group, resulting in the theft of sensitive personal and medical data from its systems between January and February 2026.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/elmwood-home-care-ransomware-attack-exposes-patient-medical-and-personal-data-r-g-g-7-g/gD2P6Ple2L

Palo Alto Networks Patches High-Severity Flaw in Cortex XSOAR and XSIAM

Palo Alto Networks patched nine vulnerabilities across PAN-OS, Cortex XSOAR/XSIAM, Prisma Access Agent, GlobalProtect, and Prisma Browser, the most severe being CVE-2026-0274, an unauthenticated credential-validation flaw in the CommvaultSecurityIQ integration that allows access and modification of protected resources by default.

**Make sure your firewall and security management interfaces are isolated from the internet and reachable only from trusted internal networks, since most of these Palo Alto flaws are far more dangerous when those interfaces are exposed. Then update all affected products right away, especially the Cortex XSOAR/XSIAM CommvaultSecurityIQ integration.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/palo-alto-networks-patches-high-severity-flaw-in-cortex-xsoar-and-xsiam-g-w-d-i-j/gD2P6Ple2L

Splunk Patches Critical Unauthenticated File Manipulation Vulnerability

Splunk patched a critical vulnerability (CVE-2026-20253, CVSS 9.8) in Splunk Enterprise and Cloud Platform that allows unauthenticated attackers to create or truncate arbitrary files via a PostgreSQL sidecar service.

**If you run Splunk Enterprise, update immediately to version 10.4.0, 10.2.4, or 10.0.7. And make sure to isolate the system from the internet and untrusted networks. If you use Splunk Cloud Platform, Splunk is already patching your instances, but verify you're on a fixed version (10.4.2604.3 or 10.2.2510.14 or higher) since there are no other ways to block this attack.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/splunk-patches-critical-unauthenticated-file-manipulation-vulnerability-8-g-w-0-w/gD2P6Ple2L

Critical Vertiv UPS Management Card Flaws Threaten Data Center Power Stability

Vertiv patched two critical vulnerabilities (CVE-2025-46412 and CVE-2025-41426) in its UPS management cards that allow attackers to bypass authentication and execute remote code to shut down data center power.

**Make sure your Vertiv Liebert UPS network cards (IS-UNITY-DP and RDU101) are isolated from the internet and reachable only from trusted internal networks or via VPN. Then apply the firmware updates ASAP. Review your UPS logs for any unexpected configuration changes or strange web requests.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vertiv-ups-management-card-flaws-threaten-data-center-power-stability-r-p-7-m-q/gD2P6Ple2L

Microsoft Defender Zero-Days GreatXML and RoguePlanet Bypass BitLocker and Escalate Privileges

Microsoft is dealing with multiple zero-day exploits, including GreatXML and RoguePlanet, which allow attackers to bypass BitLocker encryption and escalate privileges to SYSTEM by targeting Microsoft Defender.

**If you use Windows BitLocker encryption, switch it from TPM-only to TPM+PIN mode right away, so your drive requires a PIN at startup and can't be unlocked through the recovery environment. Keep an eye out for Microsoft patches for these two flaws (RoguePlanet and GreatXML), and limit physical access to your machines since the BitLocker bypass needs someone to physically touch the device.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-defender-zero-days-greatxml-and-rogueplanet-bypass-bitlocker-and-escalate-privileges-4-d-3-b-0/gD2P6Ple2L

Novo Nordisk Discloses Cyberattack and Theft of Clinical Trial Patient Data

Novo Nordisk reported a cyberattack on June 11, 2026, involving the unauthorized exfiltration of pseudonymized clinical trial patient data from its internal IT systems. The company isolated affected infrastructure and launched a forensic investigation. The core pharmaceutical operations are not affected.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/novo-nordisk-discloses-cyberattack-and-theft-of-clinical-trial-patient-data-v-b-y-s-8/gD2P6Ple2L

Max Severity Ivanti Sentry Vulnerability Exploited in Global Attacks

Ivanti Sentry gateways are being actively backdoored by attackers exploiting a maximum-severity remote code execution vulnerability (CVE-2026-10520). Security researchers warn that unpatched publicly accessible instances are likely already compromised.

**Now this becomes urgent. If you use Ivanti Sentry, act NOW. Make sure the appliance is isolated from the internet and reachable only from trusted networks, then immediately update to fixed versions R10.5.2, R10.6.2, or R10.7.1 to patch CVE-2026-10520 and CVE-2026-10523. After updating, check your admin logs for any accounts you didn't create or unusual activity.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/max-severity-ivanti-sentry-vulnerability-exploited-in-global-attacks-9-6-k-8-v/gD2P6Ple2L