Vulnerabilities

Cisco SD-WAN Zero-Day Exploited Months Before Patching

Cisco SD-WAN Zero-Day Exploited Months Before Patching 2026-06-25 at 09:08 By Eduard Kovacs CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching. The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco SD-WAN Zero-Day Exploited Months Before Patching Read More »

Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk

Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk 2026-06-24 at 17:30 By Kevin Townsend The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven environments. The post Exclusive: Meet AIVEX, a New Triage Model

Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk Read More »

LokiBot After a Decade: An Analysis of a Recent LokiBot Campaign

LokiBot After a Decade: An Analysis of a Recent LokiBot Campaign 2026-06-24 at 16:43 By Dawid Nesterowicz In Norse mythology, Loki, the god of mischief, has powerful and deceptive transformation abilities. True to its namesake, the malware LokiBot has appeared in numerous variants and payload formats since its discovery more than a decade ago. In

LokiBot After a Decade: An Analysis of a Recent LokiBot Campaign Read More »

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs 2026-06-24 at 15:32 By Ionut Arghire The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands. The post Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs Read More »

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking 2026-06-24 at 13:55 By Ionut Arghire The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking Read More »

Hackers Exploiting Cisco Unified CM Vulnerability

Hackers Exploiting Cisco Unified CM Vulnerability 2026-06-24 at 08:44 By Eduard Kovacs Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June. The post Hackers Exploiting Cisco Unified CM Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Exploiting Cisco Unified CM Vulnerability Read More »

Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says

Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says 2026-06-24 at 06:29 By Associated Press Come vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said. The post Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official

Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says Read More »

Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps

Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps 2026-06-23 at 18:36 By Ionut Arghire Attackers could abuse Dify’s multi-tenant cloud service to read private chats, preview other tenants’ documents, and reach internal APIs. The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appeared first on SecurityWeek.

Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps Read More »

Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks

Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks 2026-06-23 at 16:00 By Kevin Townsend The high-severity use-after-free vulnerability in Samsung’s KNOX security framework affected Android-powered Galaxy devices from the S9 through S25. The post Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks appeared first on SecurityWeek. This

Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks Read More »

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances 2026-06-23 at 14:48 By Ionut Arghire Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library. The post FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances appeared first on SecurityWeek. This article

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances Read More »

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data 2026-06-22 at 16:22 By Eduard Kovacs Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.  The post Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data Read More »

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data 2026-06-22 at 14:45 By Ionut Arghire Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data Read More »

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum 2026-06-19 at 18:23 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover. The post In Other

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum Read More »

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure 2026-06-19 at 07:10 By Eduard Kovacs CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek. This article is an excerpt

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure Read More »

Majority of Internet-Accessible REDCap Servers Outdated

Majority of Internet-Accessible REDCap Servers Outdated 2026-06-18 at 20:07 By Ionut Arghire These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment. The post Majority of Internet-Accessible REDCap Servers Outdated appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Majority of Internet-Accessible REDCap Servers Outdated Read More »

Operation FlutterBridge: The FlutterShell macOS Backdoor

Operation FlutterBridge: The FlutterShell macOS Backdoor 2026-06-18 at 17:00 By Maor Gabay Identified through macOS endpoint monitoring, the CL-CRI-1089 cluster, delivered under the publicly reported Operation FlutterBridge campaign, demonstrates a deliberate misuse of the Flutter framework for macOS malware delivery. Rather than re-documenting the campaign itself, this report treats the recovered FlutterShell artifacts as a

Operation FlutterBridge: The FlutterShell macOS Backdoor Read More »

Atlassian, Splunk Patch Critical Vulnerabilities

Atlassian, Splunk Patch Critical Vulnerabilities 2026-06-18 at 13:59 By Ionut Arghire Splunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies. The post Atlassian, Splunk Patch Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Atlassian, Splunk Patch Critical Vulnerabilities Read More »

Critical Command Execution Vulnerability Patched in Cisco ISE

Critical Command Execution Vulnerability Patched in Cisco ISE 2026-06-18 at 13:27 By Ionut Arghire Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. The post Critical Command Execution Vulnerability Patched in Cisco ISE appeared first on SecurityWeek. This article is an excerpt from

Critical Command Execution Vulnerability Patched in Cisco ISE Read More »

Scroll to Top