⚠️ LiveThreat Vulnerability Brief — Jun 04, 2026
📊 7 vulnerabilities & exploits tracked impacting the supply chain
━━━━━━━━━━━━━━━━━━━━━━
💥 Multiple Zero‑Day iPhone Exploits Discovered in Apple 2026 Security Roundup Threaten Millions of Users
Apple disclosed several zero‑day flaws in iOS and WebKit that enable remote code execution and privilege escalation on iPhones and iPads. The vulnerabilities af…
🔗 https://www.livethreat.ai/intelligence/apple-s-2026-security-events-iphone-exploits-zero-days-put-millions-at-risk-28388
💥 Active Exploitation of Oracle WebLogic CVE‑2024‑21182 Prompts CISA KEV Alert
CISA has listed Oracle WebLogic Server vulnerability CVE‑2024‑21182 in its Known Exploited Vulnerabilities catalog, indicating active exploitation. The RCE flaw…
🔗 https://www.livethreat.ai/intelligence/cisa-flags-2-year-old-oracle-weblogic-vulnerability-as-actively-exploited-28390
⚠️ Critical Unauthenticated RCE in HP Poly VoIP Phones (CVE-2026-0826) Threatens Enterprise Telephony
Rapid7 disclosed CVE‑2026‑0826, a critical unauthenticated stack‑based buffer overflow in HP Poly VoIP phones that permits remote root code execution via crafte…
🔗 https://www.livethreat.ai/intelligence/why-an-hp-poly-voip-phones-bug-could-become-an-enterprise-foothold-28147
⚠️ HTTP/2 Bomb DoS Attack Crashes Major Web Servers in Seconds
A new HTTP/2 Bomb denial‑of‑service technique can deplete server memory and shut down NGINX, Apache, IIS, Envoy, and Cloudflare Pingora within seconds, posing a…
🔗 https://www.livethreat.ai/intelligence/new-http-2-bomb-dos-attack-crashes-web-servers-in-under-a-minute-28329
⚠️ Coding Gaffe Exposes Microsoft 365 Android Apps, Potentially Compromising Millions of Accounts
A disabled security setting in Microsoft 365 Android Office apps bypasses authentication, allowing attackers to harvest credentials and potentially take over ac…
🔗 https://www.livethreat.ai/intelligence/coding-gaffe-exposes-microsoft-365-accounts-to-widespread-takeover-28367
💥 CISA Adds Android and Linux Kernel Flaws to Known Exploited Vulnerabilities Catalog
🔗 https://www.livethreat.ai/intelligence/u-s-cisa-adds-android-and-linux-kernel-flaws-to-its-known-exploited-vulnerabilities-catalog-28145
⚠️ Critical NTLMv2 Hash Disclosure via Windows Search URI Handler (CVE‑2026‑33829) Threatens Enterprise Environments
🔗 https://www.livethreat.ai/intelligence/unpatched-windows-search-uri-vulnerability-lets-attackers-steal-ntlmv2-hashes-28082
━━━━━━━━━━━━━━━━━━━━━━
🛡️ How many of your vendors are running these affected systems?
📖 View all → https://www.livethreat.ai/vulnerabilities
🔔 Follow LiveThreat for daily TPRM intelligence
#Cybersecurity #ThreatIntel #TPRM #InfoSec #VendorRisk #BreachWatch #DoNotBeLarry #VerisqAI #LiveThreat