Vulnerabilities CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). Ionut Arghire2 days ago
Vulnerabilities Google Patches 382 Chrome Vulnerabilities Fifteen of the newly patched flaws have been rated ‘critical’ and 67 have been rated ‘high severity’. Eduard Kovacs3 days ago
Vulnerabilities Exploitation of Recent Oracle E-Business Suite Vulnerability Begins The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product. Ionut Arghire3 days ago
Malware & Threats Critical SimpleHelp Vulnerability Exploited for Malware Delivery The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. Ionut Arghire4 days ago
ICS/OT New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking CISA has published an advisory to inform organizations about three vulnerabilities found by a researcher in Daktronics controllers. Eduard Kovacs4 days ago
Artificial Intelligence Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. Eduard KovacsJune 26, 2026
Application Security Linux Foundation Unveils New Open Source Security Project Akrites It will provide the tools and channels to report, patch, and disclose open source software vulnerabilities. Ionut ArghireJune 26, 2026
ICS/OT First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. Eduard KovacsJune 26, 2026
Vulnerabilities GitLab Patches Code Execution, Information Disclosure Vulnerabilities The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects. Ionut ArghireJune 25, 2026
Vulnerabilities 25-Year-Old Vulnerability Patched in Curl The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities. Ionut ArghireJune 25, 2026
Vulnerabilities Chrome 149 Update Resolves 18 Severe Vulnerabilities More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution. Ionut ArghireJune 25, 2026
Vulnerabilities Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands. Ionut ArghireJune 24, 2026
Application Security Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking The security defects allow unauthenticated users to take control of the open source software supply chain. Ionut ArghireJune 24, 2026
Artificial Intelligence Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs. Ionut ArghireJune 23, 2026
Vulnerabilities FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library. Ionut ArghireJune 23, 2026
Data Protection Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability. Eduard KovacsJune 22, 2026
Vulnerabilities Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. Ionut ArghireJune 22, 2026
Vulnerabilities Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. Eduard KovacsJune 19, 2026
Vulnerabilities Atlassian, Splunk Patch Critical Vulnerabilities Splunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies. Ionut ArghireJune 18, 2026
Network Security Critical Command Execution Vulnerability Patched in Cisco ISE Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. Ionut ArghireJune 18, 2026