Vulnerabilities

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

Data leak, Data Protection, memory leak, Squid, Squidbleed, Vulnerabilities, vulnerability /

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data 2026-06-22 at 16:22 By Eduard Kovacs Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.  The post Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data Read More »

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

exploited, Vulnerabilities, vulnerability, WordPress /

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data 2026-06-22 at 14:45 By Ionut Arghire Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data Read More »

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

In Other News, Malware & Threats, Vulnerabilities /

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum 2026-06-19 at 18:23 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover. The post In Other

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum Read More »

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

CISA KEV, exploited, Featured, Splunk, Vulnerabilities, vulnerability /

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure 2026-06-19 at 07:10 By Eduard Kovacs CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek. This article is an excerpt

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure Read More »

Majority of Internet-Accessible REDCap Servers Outdated

REDCap, Vulnerabilities /

Majority of Internet-Accessible REDCap Servers Outdated 2026-06-18 at 20:07 By Ionut Arghire These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment. The post Majority of Internet-Accessible REDCap Servers Outdated appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Majority of Internet-Accessible REDCap Servers Outdated Read More »

Operation FlutterBridge: The FlutterShell macOS Backdoor

Threat Intelligence, Vulnerabilities /

Operation FlutterBridge: The FlutterShell macOS Backdoor 2026-06-18 at 17:00 By Maor Gabay Identified through macOS endpoint monitoring, the CL-CRI-1089 cluster, delivered under the publicly reported Operation FlutterBridge campaign, demonstrates a deliberate misuse of the Flutter framework for macOS malware delivery. Rather than re-documenting the campaign itself, this report treats the recovered FlutterShell artifacts as a

Operation FlutterBridge: The FlutterShell macOS Backdoor Read More »

Atlassian, Splunk Patch Critical Vulnerabilities

Atlassian, patches, Splunk, Vulnerabilities, vulnerability /

Atlassian, Splunk Patch Critical Vulnerabilities 2026-06-18 at 13:59 By Ionut Arghire Splunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies. The post Atlassian, Splunk Patch Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Atlassian, Splunk Patch Critical Vulnerabilities Read More »

Critical Command Execution Vulnerability Patched in Cisco ISE

Cisco, Network Security, patches, Vulnerabilities, vulnerability /

Critical Command Execution Vulnerability Patched in Cisco ISE 2026-06-18 at 13:27 By Ionut Arghire Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. The post Critical Command Execution Vulnerability Patched in Cisco ISE appeared first on SecurityWeek. This article is an excerpt from

Critical Command Execution Vulnerability Patched in Cisco ISE Read More »

F5 Patches Critical, High-Severity NGINX Vulnerabilities

F5, Nginx, patched, Vulnerabilities, vulnerability /

F5 Patches Critical, High-Severity NGINX Vulnerabilities 2026-06-18 at 12:39 By Ionut Arghire Critical flaws in NGINX could allow remote, unauthenticated attackers to cause a restart and potentially execute arbitrary code. The post F5 Patches Critical, High-Severity NGINX Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

F5 Patches Critical, High-Severity NGINX Vulnerabilities Read More »

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

ICS, ICS/OT, Rockwell Automation, Vulnerabilities, vulnerability /

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software 2026-06-17 at 14:32 By Eduard Kovacs The industrial automation giant has fixed security holes in Logix, CompactLogix, Flex, RSLinx, and FactoryTalk products. The post Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software Read More »

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Chaotic Eclipse, Microsoft Defender, mitigations, RoguePlanet, Vulnerabilities, Zero-Day /

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day 2026-06-17 at 12:41 By Ionut Arghire The public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges. The post Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day Read More »

Oracle’s Second Monthly Security Updates Deliver 245 Patches 

Oracle, Oracle CSPU, patches, Vulnerabilities, vulnerability /

Oracle’s Second Monthly Security Updates Deliver 245 Patches  2026-06-17 at 12:04 By Eduard Kovacs Oracle has released its June 2026 Critical Security Patch Update to fix vulnerabilities in Communications, EBS, Enterprise Manager and other products. The post Oracle’s Second Monthly Security Updates Deliver 245 Patches  appeared first on SecurityWeek. This article is an excerpt from

Oracle’s Second Monthly Security Updates Deliver 245 Patches  Read More »

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities 2026-06-17 at 11:21 By Ionut Arghire The browser updates address multiple memory safety bugs that could potentially lead to remote code execution. The post Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities Read More »

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

CISA KEV, cPanel, exploited, Joomla, Vulnerabilities, vulnerability /

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks 2026-06-17 at 10:28 By Ionut Arghire The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers. The post Joomla, LiteSpeed Vulnerabilities Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks Read More »

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

exploited, Featured, FortiBleed, Fortinet, FortiSandbox, Vulnerabilities, vulnerability /

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs 2026-06-17 at 09:53 By Eduard Kovacs SOCRadar has detected 30,000 compromised Fortinet firewalls that expose networks to hacking.  The post 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs Read More »

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure

Application Security, Athena, Chainguard, Coalition, open source, OSS, Vulnerabilities /

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure 2026-06-16 at 12:39 By Ionut Arghire Over two dozen organizations built a shared platform to triage vulnerabilities, fix them, and secure the software before patches arrive. The post Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure appeared first on SecurityWeek. This article is an excerpt

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure Read More »

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Cisco, exploited, Featured, Network Security, SD-WAN, Vulnerabilities, Zero-Day /

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks 2026-06-16 at 09:20 By Eduard Kovacs Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. The post Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks Read More »

Reversing NVIDIA’s CVE-2026-24190: How a Kernel Flaw Put Enterprise AI Clusters and Workstations at Risk

Artificial Intelligence, Vulnerabilities /

Reversing NVIDIA’s CVE-2026-24190: How a Kernel Flaw Put Enterprise AI Clusters and Workstations at Risk 2026-06-15 at 17:00 By Alon Bancic Executive Summary: Bypassing Boundaries in Enterprise AI Infrastructure The massive global adoption of artificial intelligence (AI) and large language models (LLMs) has fundamentally rewritten the enterprise threat landscape. Modern high-compute bare metal clusters, cloud

Reversing NVIDIA’s CVE-2026-24190: How a Kernel Flaw Put Enterprise AI Clusters and Workstations at Risk Read More »

Ivanti Sentry Exploitation Attempts Hitting Honeypots

CISA KEV, exploited, Ivanti, Vulnerabilities, vulnerability /

Ivanti Sentry Exploitation Attempts Hitting Honeypots 2026-06-12 at 12:44 By Ionut Arghire The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti Sentry Exploitation Attempts Hitting Honeypots Read More »

Scroll to Top