Ransomware BlueHammer Vulnerability Exploited in Ransomware Attacks The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released. Eduard Kovacs4 days ago
Vulnerabilities Exploitation of Recent Oracle E-Business Suite Vulnerability Begins The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product. Ionut Arghire4 days ago
Malware & Threats Critical SimpleHelp Vulnerability Exploited for Malware Delivery The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. Ionut Arghire4 days ago
ICS/OT First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. Eduard KovacsJune 26, 2026
ICS/OT Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project. Eduard KovacsJune 25, 2026
Vulnerabilities Cisco SD-WAN Zero-Day Exploited Months Before Patching CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching. Eduard KovacsJune 25, 2026
Vulnerabilities Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands. Ionut ArghireJune 24, 2026
Network Security Hackers Exploiting Cisco Unified CM Vulnerability Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June. Eduard KovacsJune 24, 2026
Vulnerabilities Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. Ionut ArghireJune 22, 2026
Vulnerabilities Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. Eduard KovacsJune 19, 2026
Vulnerabilities Joomla, LiteSpeed Vulnerabilities Exploited in Attacks The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers. Ionut ArghireJune 17, 2026
Vulnerabilities 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs SOCRadar has detected 30,000 compromised Fortinet firewalls that expose networks to hacking. Eduard KovacsJune 17, 2026
Network Security Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. Eduard KovacsJune 16, 2026
Vulnerabilities Ivanti Sentry Exploitation Attempts Hitting Honeypots The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. Ionut ArghireJune 12, 2026
Cybercrime Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation. Eduard KovacsJune 12, 2026
Vulnerabilities Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks Oracle has released mitigations for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. Eduard KovacsJune 11, 2026
Vulnerabilities Hackers Exploit Langflow Vulnerability for Remote Code Execution Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. Ionut ArghireJune 11, 2026
Vulnerabilities Microsoft Patches Exploited Exchange Server Vulnerability The company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14. Eduard KovacsJune 11, 2026
Vulnerabilities ServiceNow Patches Vulnerability Exploited Against Some Customers The company updated hosted customer instances to patch a security issue it reportedly had known about since April 7. Eduard KovacsJune 10, 2026
Vulnerabilities No Patch Planned for Exploited Arista EOS Vulnerability Organizations are advised to apply vendor-supplied mitigations or discontinue the vulnerable devices. Ionut ArghireJune 10, 2026