IT News Roundup: Record Patch Tuesday, VPN Exploit Alert, and AI Agent Security
It’s been a busy week in the world of IT security and AI — and not entirely in a good way. From a record-breaking Microsoft update drop to an actively exploited VPN flaw, there’s quite a bit to get your head around. Here’s what happened, why it matters, and what you should do about it.
Microsoft Drops a Record-Breaking Patch Tuesday
June’s Patch Tuesday has set an unwanted record: Microsoft pushed out fixes for nearly 200 security vulnerabilities across Windows and its wider software catalogue — the most it’s ever released in a single monthly update. Around 30 of those were rated “critical,” and perhaps most worryingly, working exploit code is already out in the wild for at least three of the flaws. That means attackers don’t need to do much legwork — the tools to take advantage of unpatched systems are already circulating.
If you’re running Windows at home or in a small business, this one is not to sit on. Get your updates installed as soon as you can. If you manage multiple machines, it’s worth checking that automatic updates are switched on across the board.
What this means for you: Check Windows Update today — with exploit code already public, the window for getting patched before attackers come knocking is shorter than usual.
Palo Alto’s GlobalProtect VPN Is Being Actively Exploited
Palo Alto Networks has confirmed that attackers are actively exploiting a recently discovered flaw in PAN-OS, the software that powers its GlobalProtect VPN product. The vulnerability — rated fairly serious with a CVSS score of 7.8 — is an authentication bypass, meaning a bad actor could potentially waltz through a VPN gateway without valid credentials. That’s a significant problem for any organisation using GlobalProtect to give staff secure remote access.
This is a good reminder that VPNs, like any software, need to be kept up to date. If your business uses Palo Alto kit, check for patches immediately. And if you’re a home user or smaller business using a consumer-grade VPN service like NordVPN or Surfshark, make sure the app itself is kept updated — reputable providers push security patches regularly.
What this means for you: If you use GlobalProtect, treat this as urgent — check Palo Alto’s official guidance and patch now; for everyone else, it’s a timely nudge to keep your VPN software current.
AI Agents Get a Security “Immune System”
On the AI front, the team behind NanoClaw — an open-source AI agent framework popular in enterprise circles — has teamed up with software supply chain specialist JFrog to build what they’re calling an “immune system” for AI agents. The idea is to stop autonomous AI agents from inadvertently downloading or executing malicious code as they go about their tasks.
This might sound like deep-tech territory, but it points to a very real and growing concern: as AI tools become more capable of taking actions on your behalf — browsing the web, writing and running code, managing files — the attack surface grows with them. An AI agent that can be tricked into pulling in dodgy code is a serious risk, especially in business environments. It’s still early days for this kind of tooling, but it’s encouraging to see the security community taking it seriously from the ground up.
What this means for you: If your business is experimenting with AI automation tools, keep an eye on what permissions and network access those tools have — security for AI agents is a fast-moving space worth watching.
The Claude Models You Can’t Use (For Now)
In a rather dramatic turn, Anthropic has shut down global access to its two most advanced AI models — Claude Fable 5 and Claude Mythos 5 — following a directive from the US government citing national security concerns. Even paying subscribers worldwide lost access overnight. Anthropic says it had no choice but to comply immediately.
It’s a stark illustration of how quickly access to AI tools can disappear, and a useful reminder not to build critical workflows around a single AI provider without a backup plan.
What this means for you: If you rely on Claude for day-to-day tasks, it’s worth having a secondary tool in mind — the AI landscape can shift quickly and for reasons entirely outside your control.
That’s your week in IT. It’s been a heavy one on the security side, with Microsoft’s mega-update and the VPN exploit both demanding fairly prompt action. Meanwhile, the AI world continues to move fast in ways that aren’t always predictable. Stay patched, stay curious, and we’ll see you next week.