Security Signal Weekly: June 20-26, 2026

OverviewThis week was less about one headline vulnerability and more about the systems we quietly trust: network controllers, voice platforms, PLM tools, firewalls, browser extensions, AI agent skills, proxy infrastructure, remote management tools, and malware triage pipelines. The through line is simple enough: attackers keep looking for places where operational trust is high and day-to-day scrutiny is low.Reality check: The practical work this week is not just patching. It is proving exposure, rotating access, checking for persistence, and deciding which trusted integrations deserve to stay trusted.Top 10 Security Signals1. Ubiquiti UniFi OS flaws move from patch queue to active-exploitation queueWhat happened: CISA added three Ubiquiti UniFi OS vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. Bishop Fox’s technical writeup explains how CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 can be chained into unauthenticated command…