Feed aggregator

COLUMBUS, Ohio (WCMH) — Conversations about possible changes to the city of Columbus' curfew are taking place and are expected to be voted on by city council before it takes its summer recess. A group of more than 100 central Ohio teenagers are spending their summers looking toward their futures and learning life lessons. “So [...]

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available.

The software giant said in a blog post last month that both its engineers and the security community are increasing using artificial intelligence tools to find bugs, meaning this month’s heavy Patch Tuesday may start to become the norm, said Satnam Narang, senior staff research engineer at Tenable.

“Some surveys put AI usage among security professionals generally at 90%, so it’s unsurprising that this volume of patches may be the norm,” Narang said. “Pandora’s proverbial box has been opened, and as more advanced AI models become available, we expect the norm to continue upward across the board, not just for Patch Tuesday.”

June’s zero-day bugs include CVE-2026-49160, a denial of service vulnerability affecting a range of web servers, including Microsoft Internet Information Services (IIS). Microsoft says the flaw was reported by OpenAI’s Codex.

Two of the zero-days addressed this month appear to stem from recent vulnerability disclosures by Nightmare Eclipse, the nickname chosen by a security researcher who has been dropping exploits for various Windows flaws. One of those, dubbed “GreenPlasma,” leverages an elevation of privilege weakness in the Windows Collaborative Translation Framework, the same framework patched today in CVE-2026-45586.

Nightmare Eclipse also last month released “YellowKey,” an exploit for a Windows BitLocker vulnerability that allows an attacker with physical access to view encrypted data, and CVE-2026-50507 is a patch for an elevation of privilege bug in BitLocker.

Microsoft received heavily blowback on social media last month after it said in a blog post that it was considering taking legal action against the security researcher. The company later clarified on Twitter/X that while it has no intention of pursuing legal actions against researchers, it would report them to authorities if they break the law. The advisories for CVE-2026-49160 and CVE-2026-50507 do not credit any researchers in the acknowledgement section, saying only that “Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.”

Nightmare Eclipse claims to be a former employee of Microsoft, although Microsoft has not responded to questions about this claim. Rapid7 notes that a recent blog post by Nightmare Eclipse included an image of Albert Vesker, a character from the Resident Evil video game series who formerly worked as a researcher for a technology company before going rogue.

Nightmare Eclipse has pledged to release even more zero-day exploits for Windows in what they called a “bone shattering” drop planned for July 14 (the same day as next month’s Patch Tuesday). Immediately following the release of Microsoft patches today, the researcher published an exploit for what they claimed was a zero-day bug in Windows Defender.

While 200 vulnerabilities may be a record for Patch Tuesday, the actual number of security flaws Microsoft addressed this month is far higher, said Rapid7’s Adam Barnett.

“So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years,” Barnett wrote. “As usual, browser [flaws] are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update Guide.”

Microsoft also patched a zero-day vulnerability in Visual Studio Code that allows attackers to steal GitHub tokens with a single click. The company was forced to push a stopgap fix for the flaw on June 3, after a researcher published instructions showing how to exploit it. The researcher said they opted not to work with Microsoft because of a recent experience wherein Redmond silently patched a flaw they reported without offering credit or recognition.

Microsoft battled its own internal zero-day emergencies last week, after at least 72 of the company’s public code repositories were infected with a variant of the Shai-Hulud worm. Researchers found that all of the affected packages were connected to Microsoft official Azure Durable Task SDK, which got hit by the same Shai-Hulud worm in May.

Other major software makers are also shipping outsized update bundles this month. Adobe has released updates to fix a massive number of critical vulnerabilities across a range of products, including Adobe Experience Manager, Acrobat Reader and Cold Fusion. On June 3, Google resolved a whopping 429 vulnerabilities in its latest Chrome browser update (Chrome automatically downloads updates but installing them usually requires a complete restart of the browser).

As ever, please consider backing up your data before applying operating system updates, and drop a note in the comments if you run into any problems with this month’s patches.

Further reading:

Microsoft’s Security Update Guide

Action1’s Patch Tuesday breakdown

SANS Internet Storm Center notes on Patch Tuesday

COLUMBUS, Ohio (WCMH) -- Thousands of Franklin County homeowners are about to get an updated value for their home. The Franklin County Auditor's Office released tentative property values on June 9, and once again, home values are on the rise. NBC4 Investigates looked into if an increase in value means an increase in taxes, and [...]

COLUMBUS, Ohio (WCMH) -- The U.S. Department of Housing and Urban Development released its annual homelessness assessment report, showing homelessness is on the rise across Ohio and is above the national average.  Carlie Boos, who serves as the executive director of the Affordable Housing Alliance of Central Ohio, noted homelessness is directly linked to housing policy. Boos explained the report [...]

MANSFIELD, Ohio (WCMH) — The Ohio State Highway Patrol is investigating the death of a woman who was found at a Richland County rest area Tuesday morning. According to the OSHP, troopers arrived at a rest area along U.S. Route 30 in Richland County off of the eastbound lanes near Mansfield, Ohio and just west [...]

Due Amici, a popular Italian restaurant in Columbus, Ohio, closed its doors after 22 years due to changing circumstances in the downtown area.

COLUMBUS, Ohio (WCMH) -- Ohio lawmakers have dropped a proposal that would have banned family members who care for their loved ones from receiving Medicaid payments after receiving backlash. The proposal was suggested as the state's Medicaid committee looks to crack down on home healthcare systems amid allegations of fraud. A new amendment introduced Monday [...]

COLUMBUS, Ohio (WCMH) – Zaxbys, a Southern-based fast-casual fried chicken chain, is preparing to return to central Ohio after 17 years. The brand is slated to open a restaurant at 1785 Hilliard Rome Road in northwest Columbus near Hilliard in early 2027, according to NBC4’s partner Columbus Business First. The address previously housed a KFC, [...]

NEWARK, Ohio (WCMH) — Two men allegedly involved in a “calculated” drive-by shooting have each been issued high bond amounts while facing attempted murder charges. According to court documents, a magistrate with the Licking County Court of Common Pleas issued separate $5 million bonds on Monday for two suspects accused of firing over a dozen [...]

COLUMBUS, Ohio (WCMH) -- After years of waiting, millions of soccer fans across the globe will be laser-focused on North America for the World Cup. The United States, Mexico, and Canada will host the inaugural 48-team edition of one of the world's biggest sporting events, which will take place across 16 cities with 104 games [...]

Comedian Dave Chappelle has announced dates for his popular cornfield comedy series in Yellow Springs, Ohio, with nine performances taking place over three separate weeks in July and August.

COLUMBUS, Ohio (WCMH) — One person is dead after a man was ejected from his vehicle during a two-vehicle crash early Tuesday morning in east Columbus. According to a Columbus Police incident report, one driver in a 2020 Ford Fusion was entering East Livingston Avenue from the Embassy Plaza apartment complex in the Leawood neighborhood [...]

COLUMBUS, Ohio (WCMH) -- Columbus Water and Power will switch to monthly billing this summer. Customers will no longer be billed quarterly as part of the change. A letter was sent to customers notifying them of the transition. Columbus Water and Power, which was previously known as the Department of Public Utilities, said the change [...]

COLUMBUS, Ohio (WCMH) -- An Ohio bill would permanently stop all data center tax exemptions in Ohio. Gov. Mike DeWine implemented an temporary pause for Ohio's data center sales tax exemption, which took effect early last week. House Bill 975 -- introduced the same day DeWine announced the upcoming pause -- would end the sales [...]

COLUMBUS, Ohio (WCMH) – The families of missing Ohioans marched the streets of west Columbus on Saturday with posters of their loved ones in hand, hoping to bring them home. For the family of Andrew “Andy” Chapman, it’s been 19 years of searching. To ensure the Columbus man’s case is not forgotten, his sister Aimee [...]

COLUMBUS, Ohio (WCMH) -- Columbus City Council is taking a closer look at the fire vehicle shortage in the city. Chair of the city's public safety committee, Councilmember Emmanuel Remy, announced he is holding a public hearing to get a better understanding of where things stand. Remy said the issue did not happen overnight and [...]

COLUMBUS, Ohio (WCMH) -- Stonewall Columbus announced its executive director would be leaving the organization at the end of this month. After six years, Densil Porteous will end his time with the organization, which advocates for the LGBTQ+ community, on July 1. He will be taking a national leadership role with the Human Rights Campaign. [...]