This Week in Cybersecurity
Another week, another stack of vulnerabilities, exploits, and incidents to track. This recap covers the most significant security events for the week ending June 15, 2026. The common thread: phishing kits are cheaper to rent than ever, AI product names are useful bait, login flows keep failing, and forgotten software in production keeps getting exploited.
Chrome Zero-Day Under Active Exploitation
Google pushed an emergency update for Chrome after a zero-day vulnerability was found to be actively exploited in the wild. The flaw allows attackers to escape the browser's sandbox or execute code via maliciously crafted web content. Users who have not yet updated should prioritize doing so immediately.
This continues a streak of browser zero-days being weaponized faster than vendors can respond — often within hours of initial discovery by threat actors with prior knowledge.
Action required: Update Chrome to the latest stable channel immediately.
UniFi Controller Exploits Surge
Ubiquiti's UniFi network management controller has been the target of active exploitation campaigns. Attackers are chaining known vulnerabilities in UniFi OS to gain unauthorized access to network management interfaces, allowing them to pivot through enterprise networks from a trusted networking appliance.
Organizations running UniFi Dream Machines, CloudKey controllers, or any self-hosted UniFi Network Application instances should verify they are on the latest patched firmware and have restricted management access to trusted networks only.
macOS Infostealer Wave
A fresh wave of macOS-targeting infostealers has been observed in the wild, distributed through fake software downloads, trojanized developer tools, and social engineering lures posing as AI product updates and browser helpers. The stealers target browser-stored credentials, cryptocurrency wallets, macOS Keychain data, and session tokens for popular SaaS platforms.
macOS users — particularly developers and IT staff — should be cautious about installing software from unofficial sources, even when the download appears to be a legitimate utility or update.
VPN Authentication Bypass Flaw
A critical authentication bypass vulnerability was disclosed affecting a widely deployed VPN product. The flaw allows attackers without valid credentials to gain access to protected internal networks by bypassing the VPN's authentication layer entirely. Details are being withheld to allow patching cycles, but organizations using the affected product have been notified and patches are available.
This type of vulnerability is particularly dangerous as VPN infrastructure is often the outermost perimeter of an organization's network defense and a top target for initial access brokers.
Broader Themes This Week
Phishing Infrastructure Commoditization
Phishing kits are increasingly available as turnkey rentals on criminal forums. A single kit can now target hundreds of platforms, rotate infrastructure automatically, and include built-in adversary-in-the-middle (AiTM) session hijacking capabilities that bypass MFA. The barrier to entry for credential theft campaigns has dropped dramatically.
AI Brand Abuse
Threat actors continue to exploit the popularity of AI product names as social engineering bait. Fake update notifications, malicious downloads masquerading as Claude, ChatGPT, or Copilot installers, and phishing pages impersonating AI services are being deployed at scale.
Legacy Software in Production
Multiple incidents this week trace back to abandoned software, forgotten login paths, and deprecated features that organizations failed to decommission. Attackers routinely scan for these soft spots — old admin portals, legacy LDAP endpoints, and unmaintained API paths that bypass modern security controls.
Key Takeaways
- Patch Chrome immediately — zero-day exploitation is active
- Audit and harden UniFi deployments — restrict management access to internal networks
- Warn macOS users about infostealer campaigns targeting developer tools
- Verify VPN patch status for all remote access products in your environment
- Treat AI product names in download prompts with suspicion