CVE-2026-9874: Use after free in Dawn
Critical. Potential sandbox escape/RCE via crafted content. (Reported anonymously). Part of 22 critical fixes in this 151-vuln update.
CVE-2026-9873: Use after free in Network
Critical. Remote attacker can execute arbitrary code inside sandbox with malicious page. Reported by cinzinga. $43k bounty. High risk for drive-by attacks.
In case you didn't notice last week...
CVE-2026-9872: Out-of-bounds write in GPU
Critical. Allows potential sandbox escape via crafted HTML page. Reported by cinzinga. $43k bounty. Update immediately to prevent RCE/sandbox bypass.
Brazilian tech company BC3 Tecnologia, specializing in software development, ERP systems, IT consulting & digital transformation, was hit by Nova ransomware group. Breach discovered ~May 30/June 1, 2026. Data accessed; group plans to publish if no contact.
Anandji Haridas & Co. Pvt. Ltd. (AHCPL) — specialists in cold forming, sheet metal & automotive parts — was hit by TheGentlemen ransomware group. Breach discovered June 1, 2026. Data accessed; leak volume undisclosed.
Good to know that this is the thing people are using to vibe code production systems, and also using this to check for security vulnerabilities before it gets promoted to production. 👍
Indonesian government agency Badan Pangan Nasional, responsible for food security, supply & reserves, was hit by Nova ransomware group. Breach discovered ~May 29/June 1, 2026. ~8GB data accessed.
Back to work after a holiday weekend be like...
https://t.co/t8sOyXuy34
I'll have to remember to brush my teeth with a screw driver tomorrow though.
Thanks, @ Michael Hickox