Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA orders FCEB remediation for CVE-2025-60710

Public Sector Action
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-60710 to its actively exploited catalog and gave FCEB agencies two weeks to secure systems under BOD 22-01. The move targets a Windows Task Host link-following privilege-escalation flaw affecting Windows 11 and Windows Server 2025. Because the flaw can let local attackers reach SYSTEM privileges, the directive raises the urgency of patching across federal civilian networks.

Related Happenings

Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw

Vulnerability
H score39 First: 10.06.2026 02:11 Last: 10.06.2026 02:11 Sources 1

About this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...

Latest development: 10.06.2026 08:22

The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.

Windows Collaborative Translation Framework CTFMON improper link resolution EoP security flaw (CVE-2026-45586)

Vulnerability
H score20 First: 09.06.2026 20:57 Last: 09.06.2026 20:57 Sources 1

About this happening: **Windows Collaborative Translation Framework (CTFMON)** has a **local privilege-escalation vulnerability**, **CVE-2026-45586**, that Microsoft patched in **June 2026**. An author...

Cisco Unified CM SSRF root-privilege flaw (CVE-2026-20230)

Vulnerability
H score49 First: 04.06.2026 14:09 Last: 04.06.2026 14:09 Sources 1

About this happening: **CVE-2026-20230** exposes **Cisco Unified CM** systems with **WebDialer enabled** to remote **SSRF** abuse that can lead to **root-level compromise**. The flaw can be triggered w...

Latest development: 26.06.2026 22:43

Cisco released a patch for CVE-2026-20230 in Cisco Unified Communications Manager Server and warned that the critical server-side request forgery flaw could be exploited remotely and without authentication via specially crafted HTTP requests.

CCB urgent patch warning for CVE-2026-41089 on Windows servers

Public Sector Action
H score48 First: 01.06.2026 15:30 Last: 01.06.2026 15:30 Sources 1

About this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
H score52 First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Timeline

  1. 15.04.2026 17:51 2 articles · 2mo ago

    CISA adds CVE-2025-60710 to actively exploited catalog

    Legal Policy Action Update

    CISA added CVE-2025-60710, a Windows Task Host link-following privilege-escalation flaw affecting Windows 11 and Windows Server 2025, to its actively exploited vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to secure their systems within two weeks under BOD 22-01. CISA also urged other defenders to apply vendor patches and mitigations because local attackers with basic user permissions could reach SYSTEM privileges and take full control of affected devices.

    Show sources