“Pick one AI tool your clients are actually asking about and spend an hour getting genuinely hands-on with it this weekend. You can't advise on what you've never touched.”
Windows Netlogon RCE (CVE-2026-41089, CVSS 9.8) Now Actively Exploited — Patch DCs Immediately
Belgium's Centre for Cybersecurity (CCB) confirmed on Friday that threat actors are actively exploiting CVE-2026-41089, a stack-based buffer overflow in the Windows Netlogon service that allows unauthenticated remote code execution on domain controllers. Microsoft patched the flaw during May 2026 Patch Tuesday; any domain controller still unpatched should be treated as critically exposed. Workaround: restrict Netlogon RPC traffic at the network layer and review DC exposure — but patching all DCs in the same maintenance window is the only durable fix.
Read more →Android Zero-Day CVE-2025-48595 Patched in June 2026 Update — CISA KEV Listed
Google's June 2026 Android security update addresses 124 vulnerabilities including actively exploited zero-day CVE-2025-48595, an integer overflow in the Android Framework that allows local privilege escalation without user interaction on Android 14, 15, and 16. CISA has added it to the KEV catalog; Google confirmed 'limited, targeted exploitation' consistent with commercial spyware or nation-state actors. MSPs with corporate Android MDM enrolments should enforce a minimum patch level of 2026-06-05 immediately and restrict sensitive apps to compliant devices.
Read more →Authentik IdP CVE-2026-42849: CVSS 9.3 Reflected XSS Allows Full IDP Account Takeover
CVE-2026-42849, published June 2, 2026, is a reflected XSS vulnerability in the open-source Authentik identity provider's SFE AutosubmitStage that allows an unauthenticated attacker to steal session cookies and fully take over an IDP account by tricking a user into visiting a crafted URL. With a CVSS score of 9.3, this is a critical risk for any MSP using self-hosted Authentik for SSO or client authentication portals. Fix: upgrade to Authentik 2025.12.5 or 2026.2.3 immediately; no confirmed in-the-wild exploitation at time of publication.
Read more →June 2026 Patch Tuesday: Secure Boot Certificate Deadline June 26 — Emergency Action Required for Unpatched Devices
Microsoft's June 2026 Patch Tuesday is the final opportunity to deploy Secure Boot dbx certificate updates before the absolute non-negotiable deadline of 26 June 2026; devices that are not updated will enter a degraded security state from 27 June. Organisations that deferred the May deployment now face emergency conditions with limited testing time. Verify status with: Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State' -Name UEFICA2023Status — devices must return 'updated'.
Read more →Palo Alto Networks PAN-OS CVE-2026-0257 Authentication Bypass — KEV Deadline Passed, Still Exploited
CISA's KEV catalog confirms that PAN-OS CVE-2026-0257, an authentication bypass vulnerability allowing attackers to bypass security restrictions and establish unauthorised VPN connections, had its KEV deadline pass on 1 June 2026 and remains actively exploited. All organisations running affected PAN-OS versions should apply vendor patches immediately per the Palo Alto Networks security advisory. As a temporary workaround, restrict GlobalProtect and management interface access to trusted IP ranges only.
Read more →Cisco Unified CM CVE-2026-20230: Public PoC Exploit Available for File-Write-to-Root Flaw
Cisco has patched CVE-2026-20230 in Unified Communications Manager, an SSRF-based flaw that lets an unauthenticated network attacker write arbitrary files and escalate to root — and proof-of-concept exploit code is already publicly available. Cisco's PSIRT has not yet confirmed in-the-wild exploitation, but the public PoC dramatically shortens the window before weaponised attacks emerge. Workaround: isolate Unified CM management interfaces from untrusted network segments while scheduling the patch; check cisco.com/security for fixed versions.
Read more →SonicWall SMA1000 Series: SQL Injection CVE-2026-4112 and Three Additional Auth/VPN Bypass Flaws Patched
SonicWall has released patches for four vulnerabilities in its SMA1000 series firewalls, including CVE-2026-4112, a high-severity SQL injection that can elevate a read-only admin to primary admin, plus three further flaws enabling SSL VPN credential enumeration and TOTP authentication bypass. SonicWall reports no confirmed exploitation to date but urges immediate update. Workaround if patching is delayed: restrict SMA1000 management access to trusted IP ranges and disable any unused VPN authentication methods.
Read more →CRN Channel Awards Australia 2026: Entries Close June 12 — MSPs Should Apply Now
CRN Australia's Channel Awards 2026 entries are open with a deadline of June 12, recognising partners across MSP, security, cloud, and innovation categories. The awards are judged by an independent panel of channel leaders including MSP CEOs, regional vendor heads, and distributor managers. Australian MSPs looking to build brand recognition and demonstrate capability to prospective clients or vendor partners should submit entries before the deadline.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.