ThreatBrief AI

Check Point 8th June Threat Intelligence Bulletin: DentaQuest, Dashlane, Cisco, and Windows Netlogon Under Attack

Check Point weekly threat intel for June 1-7 covering DentaQuest breach, Dashlane compromise, Cisco UC/SME root RCE, Windows Netlogon exploitation, and AI threat developments.

+ +

Published

Jun 08, 2026

Duration

6 min read

Risk Level

High Severity

Why it matters

Check Point Research’s weekly Threat Intelligence Bulletin for June 1-7, 2026 reveals a threat landscape dominated by active exploitation of critical vulnerabilities (Cisco UC/SME root RCE, Windows Netlogon), large-scale data breaches (DentaQuest 2.6M records, UN WFP 600K Gaza households), and the rapid maturation of AI-enabled attack techniques including account takeover via support chatbots and notification-based prompt injection against voice assistants.

What happened

The reporting period saw several significant incidents. DentaQuest, a U.S. dental benefits administrator owned by Sun Life, confirmed a data breach after ShinyHunters leaked exfiltrated data affecting 2.6 million accounts with PII including government IDs and health insurance details. Dashlane disclosed a targeted brute-force attack that bypassed 2FA to download encrypted vaults for under 20 users. The United Nations World Food Programme suffered unauthorized access to its Gaza self-registration application, exposing data for approximately 600,000 Palestinian households. Meanwhile, Cisco CVE-2026-20230 and Windows Netlogon CVE-2026-41089 are being actively exploited with public PoCs available.

Technical details

Cisco CVE-2026-20230 is a critical unauthenticated RCE vulnerability in Unified Communications Manager and Session Management Edition, enabling file writes and root escalation when WebDialer is enabled. Microsoft Windows Netlogon CVE-2026-41089 is a stack-based buffer overflow allowing remote code execution through crafted network requests against domain controllers, giving attackers SYSTEM-level control. SolarWinds Serv-U CVE-2026-28318 is an unauthenticated flaw exploitable via crafted HTTP POST requests with a deflate header. Google’s June Android patch addresses 124 vulnerabilities including CVE-2025-48595, a high-severity Framework flaw under active exploitation on Android 14+. In the AI threat domain, researchers demonstrated Fake Context Alignment, a prompt injection technique against Google Gemini that enables device control and cross-device memory poisoning via notification manipulation.

Defender actions

Organizations should prioritize patching Cisco UC/SME (14SU6 or 15.x COP), Windows Server domain controllers against CVE-2026-41089, SolarWinds Serv-U (upgrade to 15.5.4 HF1), and Android devices (June 2026 security patch). Review Dashlane account activity logs for unauthorized device registrations around May 31. Implement monitoring for abnormal authentication patterns targeting VPN and remote access infrastructure. Review Meta AI agent permissions and disable account recovery authority for AI assistants. Deploy classifier updates for voice assistant platforms to mitigate notification-based prompt injection.