Signal Roundup — 10 June 2026
Six items this week: a record-breaking June Patch Tuesday with three public zero-days, a Purview label that blocks Copilot and connected services from reading content, a prompt injection flaw in the Claude Code GitHub Action, threat actors using AI brand names as phishing bait, Microsoft's push toward the Artifact Registry for PowerShell modules, and container labels that now cover guest access to security groups.
June Patch Tuesday lands a record 200-plus fixes and three public zero-days
Microsoft's June 2026 security release is the largest in the programme's history, addressing more than 200 vulnerabilities, including 33 rated critical. Three were publicly disclosed ahead of the patch, and one — a Windows Kernel remote code execution flaw (CVE-2026-45657, CVSS 9.8) — allows unauthenticated code execution at SYSTEM with no user interaction. None are reported as exploited in the wild yet, but 15 are flagged "exploitation more likely." Prioritise the kernel, Remote Desktop client, and BitLocker bypass fixes in this cycle.
Source: BleepingComputer — Microsoft June 2026 Patch Tuesday fixes 3 zero-days, 200 flaws
Purview sensitivity labels can now block connected services from reading content
A sensitivity label setting, BlockContentAnalysisServices, now prevents Microsoft 365 Copilot and other connected services from accessing the content of labelled Office documents. This gives a concrete, label-driven control for keeping sensitive material out of Copilot processing without blocking the files for the people who need them. It is a useful building block for any Copilot rollout where data exposure is a concern.
Source: Office 365 for IT Pros — Microsoft Extends Sensitivity Label Block for Connected Services
Prompt injection in the Claude Code GitHub Action could expose workflow secrets
Microsoft's security team detailed a prompt injection weakness in the Claude Code GitHub Action, where the agent's Read tool could be steered into reading environment variables and leaking workflow secrets. The post walks through the attack path and the mitigations, including scoping secrets and constraining what the agent is allowed to read. If you run Claude Code or any coding agent in CI/CD pipelines, it is worth reviewing your own workflow permissions against this guidance.
Source: Microsoft Security Blog — Securing CI/CD in an agentic world: Claude Code GitHub Action case
Threat actors are using AI brand names as phishing and malvertising bait
Microsoft reports a rise in campaigns that abuse well-known AI brand names — including ChatGPT, Claude, and DeepSeek — across phishing, malvertising, and fake installers to harvest credentials and deploy infostealers. The lure works precisely because users are actively seeking out these tools. Factor this into Defender for Office 365 tuning and user-awareness messaging, and watch for typosquatted AI-tool domains.
Microsoft points PowerShell module downloads at the Artifact Registry
Microsoft is encouraging administrators to pull first-party PowerShell modules from the Microsoft Artifact Registry rather than the PowerShell Gallery, positioning it as a more trustworthy supply source. For teams that script against Microsoft Graph or build repeatable baselines, this is a supply-chain hygiene change worth tracking as it matures. Review where your automation pulls its modules from, and how module versions are pinned.
Source: Office 365 for IT Pros — Microsoft Wants PowerShell Developers to Change How They Download Modules
Container management labels now cover guest access to security groups
Container management labels can now govern guest membership on security groups, blocking unintended external participation in sensitive groups. Previously this control did not extend cleanly to security groups, leaving a gap in collaboration governance. It is a small but practical tightening for tenants that rely on security groups for access decisions.
Source: Office 365 for IT Pros — Microsoft Launches Container Management Support for Security Groups