Vulnerabilities

Operation FlutterBridge: The FlutterShell macOS Backdoor

Operation FlutterBridge: The FlutterShell macOS Backdoor 2026-06-18 at 17:00 By Maor Gabay Identified through macOS endpoint monitoring, the CL-CRI-1089 cluster, delivered under the publicly reported Operation FlutterBridge campaign, demonstrates a deliberate misuse of the Flutter framework for macOS malware delivery. Rather than re-documenting the campaign itself, this report treats the recovered FlutterShell artifacts as a […]

Operation FlutterBridge: The FlutterShell macOS Backdoor Read More »

Atlassian, Splunk Patch Critical Vulnerabilities

Atlassian, Splunk Patch Critical Vulnerabilities 2026-06-18 at 13:59 By Ionut Arghire Splunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies. The post Atlassian, Splunk Patch Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Atlassian, Splunk Patch Critical Vulnerabilities Read More »

Critical Command Execution Vulnerability Patched in Cisco ISE

Critical Command Execution Vulnerability Patched in Cisco ISE 2026-06-18 at 13:27 By Ionut Arghire Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. The post Critical Command Execution Vulnerability Patched in Cisco ISE appeared first on SecurityWeek. This article is an excerpt from

Critical Command Execution Vulnerability Patched in Cisco ISE Read More »

F5 Patches Critical, High-Severity NGINX Vulnerabilities

F5 Patches Critical, High-Severity NGINX Vulnerabilities 2026-06-18 at 12:39 By Ionut Arghire Critical flaws in NGINX could allow remote, unauthenticated attackers to cause a restart and potentially execute arbitrary code. The post F5 Patches Critical, High-Severity NGINX Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

F5 Patches Critical, High-Severity NGINX Vulnerabilities Read More »

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software 2026-06-17 at 14:32 By Eduard Kovacs The industrial automation giant has fixed security holes in Logix, CompactLogix, Flex, RSLinx, and FactoryTalk products. The post Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software Read More »

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day 2026-06-17 at 12:41 By Ionut Arghire The public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges. The post Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day Read More »

Oracle’s Second Monthly Security Updates Deliver 245 Patches 

Oracle’s Second Monthly Security Updates Deliver 245 Patches  2026-06-17 at 12:04 By Eduard Kovacs Oracle has released its June 2026 Critical Security Patch Update to fix vulnerabilities in Communications, EBS, Enterprise Manager and other products. The post Oracle’s Second Monthly Security Updates Deliver 245 Patches  appeared first on SecurityWeek. This article is an excerpt from

Oracle’s Second Monthly Security Updates Deliver 245 Patches  Read More »

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities 2026-06-17 at 11:21 By Ionut Arghire The browser updates address multiple memory safety bugs that could potentially lead to remote code execution. The post Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities Read More »

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks 2026-06-17 at 10:28 By Ionut Arghire The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers. The post Joomla, LiteSpeed Vulnerabilities Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks Read More »

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs 2026-06-17 at 09:53 By Eduard Kovacs SOCRadar has detected 30,000 compromised Fortinet firewalls that expose networks to hacking.  The post 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs Read More »

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure 2026-06-16 at 12:39 By Ionut Arghire Over two dozen organizations built a shared platform to triage vulnerabilities, fix them, and secure the software before patches arrive. The post Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure appeared first on SecurityWeek. This article is an excerpt

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure Read More »

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks 2026-06-16 at 09:20 By Eduard Kovacs Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. The post Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks Read More »

Reversing NVIDIA’s CVE-2026-24190: How a Kernel Flaw Put Enterprise AI Clusters and Workstations at Risk

Reversing NVIDIA’s CVE-2026-24190: How a Kernel Flaw Put Enterprise AI Clusters and Workstations at Risk 2026-06-15 at 17:00 By Alon Bancic Executive Summary: Bypassing Boundaries in Enterprise AI Infrastructure The massive global adoption of artificial intelligence (AI) and large language models (LLMs) has fundamentally rewritten the enterprise threat landscape. Modern high-compute bare metal clusters, cloud

Reversing NVIDIA’s CVE-2026-24190: How a Kernel Flaw Put Enterprise AI Clusters and Workstations at Risk Read More »

Ivanti Sentry Exploitation Attempts Hitting Honeypots

Ivanti Sentry Exploitation Attempts Hitting Honeypots 2026-06-12 at 12:44 By Ionut Arghire The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti Sentry Exploitation Attempts Hitting Honeypots Read More »

Chrome 149 Update Patches 28 Vulnerabilities

Chrome 149 Update Patches 28 Vulnerabilities 2026-06-12 at 12:27 By Ionut Arghire The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 149 Update Patches 28 Vulnerabilities Read More »

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters 2026-06-12 at 09:44 By Eduard Kovacs Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation. The post Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters Read More »

Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks 2026-06-11 at 16:57 By Eduard Kovacs Oracle has released a patch for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek. This article is an excerpt

Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks Read More »

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk 2026-06-11 at 16:01 By Ionut Arghire The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries. The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek. This

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk Read More »

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers Exploit Langflow Vulnerability for Remote Code Execution 2026-06-11 at 14:52 By Ionut Arghire Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Hackers Exploit Langflow Vulnerability for Remote Code Execution Read More »

Scroll to Top