Zero Day Mitigations
The latest Zero Day Mitigations coverage — news, analysis, and updates from the WindowsNews.AI desk.
iOS 26.6 Beta 2 Debuts New Blocked Contact Controls and iPhone Anti-Theft Intelligence
iOS 26.6 beta 2, released to developers on June 15 and public beta testers on June 16, introduces a unified blocked contacts manager and the first visible components of an on-device anti-theft engine code-named Sentinel. The update signals Apple’s intent to deliver meaningful security enhancements outside the annual release cycle, with significant implications for enterprise device management and ongoing convergence with Windows security philosophies.
Font-Based Zero-Days Under Active Attack: Microsoft Warns of Preview Pane RCE Risk
In late March 2020, Microsoft disclosed two actively exploited zero-day vulnerabilities in the Adobe Type Manager Library that could allow remote code execution simply by previewing a malicious font file. The company issued workarounds as a stopgap until the April Patch Tuesday fixes arrived, highlighting the persistent danger of font parsing flaws.
Windows 11 June 2026 Updates Block Office OLE Automation for Third-Party Apps, Microsoft Confirms
Microsoft confirmed on June 16, 2026, that Windows 11 updates KB5094126 and KB5093998, released June 9, break OLE Automation for third-party apps trying to launch Microsoft Office. This regression halts enterprise workflows that rely on programmatic Office control, with no official fix yet available beyond uninstalling the updates.
Android 17 Arrives With Floating Bubbles, Foldable Gaming Mode, and Deeper Windows Integration
Android 17, rolled out on June 16, 2026, introduces floating app bubbles, a foldable gaming mode that splits the screen, and robust new security rules. The update features deep Windows integration, including support for native Android windows on Windows 11/12, cross-device clipboard sync, and enhanced phone-to-PC gaming, making it a significant release for Windows enthusiasts.
Android 17 Hits Pixel with Floating Bubbles, Anti-Theft Shields, and Foldable Gaming Upgrades
Android 17 began rolling out to Pixel devices on June 16, 2026, with standout features including floating app bubbles, screen-reaction recording, hardened theft protections, enhanced privacy controls, and foldable gaming optimizations. The update also deepens on-device Gemini AI integration and sets the stage for tighter cross-device experiences with Windows.
FBI Warns of Kali365 Phishing Platform Stealing Microsoft 365 Credentials via Device Code Trick
The FBI warns of Kali365, a phishing-as-a-service platform that abuses Microsoft 365 OAuth device-code authentication to steal session tokens and bypass MFA. This article explains how the attack works, details the FBI's recommendations, and provides actionable defense steps for administrators and users.
GhostTree Attack Exploits NTFS Junctions to Blind EDR: Why Patching Windows and Enabling RedirectionGuard Are Non-Negotiable
The GhostTree attack technique exploits how NTFS junction points are resolved to bypass EDR systems, even with recursive scanning enabled. Microsoft recommends patching Windows, enabling the RedirectionGuard feature, and verifying that your EDR properly handles reparse points. This article explains the mechanics, provides actionable mitigation steps, and clarifies why EDR alone is insufficient.
Microsoft and Oracle Abandon Cloud Infrastructure Talks in June 2026 Over Unresolvable Security Hurdles
Microsoft and Oracle have reportedly abandoned negotiations over a cloud infrastructure leasing deal in June 2026, sources say. The proposed arrangement was halted due to irreconcilable security and compliance conflicts, ranging from hypervisor trust to data sovereignty. The breakdown preserves the existing Oracle Database@Azure service but dashes hopes for deeper integration, forcing enterprises to continue managing separate cloud environments.
CISA Orders Federal Agencies to Patch Actively Exploited Joomla JCE Vulnerability by July 7
CISA has added CVE-2026-48907, an actively exploited improper access control vulnerability in the Joomla JCE Widget Factory, to its Known Exploited Vulnerabilities catalog. Federal agencies must patch by July 7, 2026, and all Joomla site owners—especially those on Windows—should update immediately to prevent unauthorized access and potential server compromise.
Microsoft's Defender Hit by 'RoguePlanet' Zero-Day: Privilege Escalation Risk Before Patch
Microsoft published CVE-2026-50656, dubbed 'RoguePlanet,' an Important elevation-of-privilege vulnerability in the Microsoft Malware Protection Engine used by Defender. The zero-day allows local attackers to gain SYSTEM privileges, with no patch yet available. Organizations should enable cloud-delivered protection, enforce attack surface reduction rules, and monitor for anomalous engine behavior while awaiting Microsoft's fix.
Microsoft Unleashes Low Latency Mode on Windows 11 with June 2026 Patch Tuesday Update
Microsoft’s June 2026 cumulative update KB5094126 extends the Low Latency Profile power scheme to all Windows 11 editions, boosting build numbers to 26100.8655 (24H2) and 26200.8655 (25H2). The feature reduces input lag by keeping the CPU more alert, benefiting gamers, creators, and everyday users, though at the cost of higher power consumption.
Kali365 Phishing Kit Exploits OAuth Device Code Flow to Hijack Microsoft 365 Sessions, FBI Warns
The FBI warns that the Kali365 phishing kit bypasses passwords and MFA by tricking users into granting OAuth tokens to attackers via device code authentication. The kit, sold as a service, has already targeted Microsoft 365 users. Microsoft and security experts recommend disabling the device code flow where possible and enforcing strict Conditional Access policies.
CISA Flags High-Severity DoS Flaw in Rockwell CompactLogix 5370 PLCs Used Across Critical Manufacturing
CISA has republished a Rockwell Automation advisory warning of a denial-of-service vulnerability in CompactLogix 5370 L1, L2, and L3 controllers widely used in critical manufacturing. The flaw can trigger a major fault from specially crafted network traffic, halting operations. Users are urged to apply updated firmware and implement network segmentation to mitigate the risk.