HissenITIT Security Awareness News Roundup for June 2026
Added at 06/01/2026, last update at 06/13/2026
What matters most in IT security and awareness, and what should guide the attention of CIOs, CISOs, and CEOs?
Secure Programming / Coding Failures
Drupal SQL Code-Injection Vulnerability
The CVE-2026-9082 vulnerability is a critical SQL injection flaw in Drupal Core's database abstraction layer that allows unauthenticated attackers to inject malicious SQL queries via crafted requests against PostgreSQL-backed sites, potentially leading to data theft, privilege escalation, or remote code execution. (06/10/2026)
MS Exchange Server XSS Vulnerability
The vulnerability CVE-2026-42897 is a cross-site scripting (XSS) flaw in Exchange Server Outlook Web Access that allows attackers to execute malicious JavaScript in a user's browser via specially crafted emails. It is classified as a spoofing issue and can lead to session hijacking and account compromise within the OWA context. (06/09/2026)
Stored Cross-Site Scripting (XSS) Vulnerabilities in VMware Products
Broadcom has disclosed three high-severity stored cross-site scripting (XSS) vulnerabilities (CVE-2026-41722, CVE-2026-41723, CVE-2026-41724) affecting various VMware products. Attackers with permissions to create policies, views, or text widgets could inject malicious scripts and potentially perform actions with elevated privileges. Broadcom has released patches for all affected products, no workaround is available. (06/09/2026)
General IT Security Awareness Content
Microlearning for your Team: How Hackers create Website Fakes
What's a cookie?
Excerpt from the practical Online Course "IT Security Awareness Training for Employees" (SCORM Bundle)
How is your team’s security awareness? For real and for audits!?
Are you on a platform or are you owning your awareness program or both?
How do you manage your employees' IT security awareness?
Online learning, phishing simulations, in-person sessions, … - What works best for you?
