Microsoft fixes 200 flaws in major June Patch Tuesday update

Microsoft’s June 2026 Patch Tuesday delivered one of the largest security updates of the year, addressing 200 vulnerabilities across its product ecosystem, including five publicly disclosed zero-days and one flaw already exploited in attacks.

The update includes fixes for 33 critical vulnerabilities, most of them remote code execution issues, alongside elevation of privilege, spoofing, information disclosure, denial of service and security feature bypass flaws. Microsoft also addressed several high-profile zero-days, including Windows CTFMON, HTTP.sys, BitLocker and Windows Cloud Files Mini Filter Driver vulnerabilities.

The actively exploited issue, CVE-2026-42897, affects Microsoft Exchange Server and could allow attackers to execute JavaScript in a victim’s browser via a specially crafted email opened in Outlook Web Access.

The release follows a busy month for vendor security updates, with Adobe, Cisco, Fortinet, Google, SAP, Veeam and others also issuing critical fixes.

ServiceNow issues warning after API flaw exposes customer instance data

ServiceNow has warned affected customers after attackers exploited an unauthenticated access flaw in a vulnerable API endpoint, allowing them to query data from customer instances.

The company said it detected anomalous activity and applied a security update to hosted customer instances on 5 June 2026. The update changed the affected API endpoint configuration so that only authenticated users can access it.

While ServiceNow has not confirmed what data was accessed, customer instances can contain sensitive enterprise information, including IT tickets, employee records, asset inventories, internal documentation, incident reports and configuration details.

Administrators have linked the issue to the REST endpoint /api/now/related_list_edit/create, with some reporting suspicious requests from the IP address 51.159.98.241.

ServiceNow later said the observed activity may have been linked to security research or bug bounty submissions, but affected organisations should still review logs, exposed records and any credentials shared in support workflows.

French government messaging platform breached through hijacked account

DINUM, the French government’s digital affairs directorate, has warned that hackers breached Tchap, France’s encrypted messaging platform for public sector workers, using a compromised user account.

Tchap, developed by DINUM with ANSSI and based on the Matrix protocol, is used by more than 300,000 monthly users. The incident was detected by ANSSI, after which the affected account was blocked and an investigation launched into what conversations and data may have been accessed.

DINUM has also notified France’s data protection authority, CNIL, due to the potential exposure of personal data. Users were reminded that public chat rooms can be joined by any user and are not encrypted.

A threat actor claimed responsibility, alleging they used social engineering to access an education-related account and scrape messages, account information and files. DINUM has not confirmed the scale of the data exposure.

Ransomware jumps 48% as cyber threat landscape shifts says new report

Global cyber attacks fell slightly in May, but ransomware incidents rose sharply, highlighting a changing threat landscape rather than a reduction in risk.

According to Check Point Research, organisations faced an average of 2,055 weekly cyber attacks in May, down 7% from April but still 2% higher year on year. Education remained the most targeted sector, followed by government and telecommunications, while agriculture, hospitality, travel, recreation, construction and engineering saw faster annual growth.

Ransomware showed the most significant rise, with 698 reported attacks globally, up 48% from May 2025. Asia saw the steepest regional increase, while North America accounted for nearly half of all reported ransomware incidents.

Qilin was the most active ransomware group, followed by The Gentlemen and DragonForce.

Check Point also warned that generative AI tools are creating new data leakage risks, with one in 25 enterprise prompts carrying high-risk sensitive information.

University of Nottingham confirms student data breach

The University of Nottingham has confirmed that a cyber criminal group accessed a significant amount of personal data belonging to current students and alumni.

The breach affected the university’s Campus Solutions record system, with unauthorised activity identified on Tuesday. The university said it immediately took the affected systems offline, launched an investigation and contacted those believed to have been impacted.

While the full scope is still being verified, the university is working on the assumption that several categories of information may have been accessed. This includes contact details, course information, student or staff IDs, financial information, National Insurance numbers and protected characteristics.

The university said it is working with Action Fraud, the Information Commissioner’s Office and other regulatory bodies. The ICO confirmed it is assessing the information provided.

The incident highlights the continued targeting of education institutions, where large stores of personal and financial data remain attractive to attackers.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.