UN World Food Programme application breached and more - Jun 7, 2026

Weekly Roundup

Jun 7

Written By RF Wave

Featured

UN has revealed their World Food Programme self-registration site has been breached

Info on 600k households were stolen as part of the breach

This Week’s Updates

Breaches

Toshiba and Muji warn visitors of malicious polyfill-injected login prompts appearing on their websites and collecting credentials

Vulnerabilities

Google patches 124 Android vulnerabilities including one actively exploited zero-day in the June 2026 security update

CISA orders federal agencies to patch a high-severity Oracle WebLogic Server flaw now actively exploited in attacks

Critical Kirki WordPress plugin privilege escalation flaw (CVE-2026-8206) actively exploited to hijack administrator accounts

Acer confirms two maximum-severity zero-day vulnerabilities in Wave 7 mesh routers and is working on patches

CISA warns of active exploitation of vulnerabilities in the Linux kernel and Android operating system

Cisco releases patch for critical Unified Communications Manager flaw allowing root privilege escalation, PoC exploit available

Cisco warns of actively exploited SD-WAN Manager zero-day (CVE-2026-20245) enabling root privilege escalation in targeted attacks

CISA warns hackers are actively exploiting a recently patched high-severity SolarWinds Serv-U vulnerability to crash servers

Critical Everest Forms Pro WordPress plugin flaw (CVE-2026-3300) actively exploited to gain complete control of websites

vulnerabilitydata breachUNCiscoAndroidGoogleToshibaMujiOracleWordPress pluginAcerLinuxSolarWinds

RF Wave

Carnival breached and more - May 30, 2026