vulnerability

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

Data leak, Data Protection, memory leak, Squid, Squidbleed, Vulnerabilities, vulnerability /

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data 2026-06-22 at 16:22 By Eduard Kovacs Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.  The post Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data Read More »

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

exploited, Vulnerabilities, vulnerability, WordPress /

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data 2026-06-22 at 14:45 By Ionut Arghire Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data Read More »

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

CISA, Don't miss, enterprise, Hot stuff, monitoring, News, Resecurity, SIEM, Splunk, vulnerability /

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) 2026-06-19 at 13:50 By Zeljka Zorz CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) Read More »

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

CISA KEV, exploited, Featured, Splunk, Vulnerabilities, vulnerability /

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure 2026-06-19 at 07:10 By Eduard Kovacs CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek. This article is an excerpt

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure Read More »

Atlassian, Splunk Patch Critical Vulnerabilities

Atlassian, patches, Splunk, Vulnerabilities, vulnerability /

Atlassian, Splunk Patch Critical Vulnerabilities 2026-06-18 at 13:59 By Ionut Arghire Splunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies. The post Atlassian, Splunk Patch Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Atlassian, Splunk Patch Critical Vulnerabilities Read More »

Critical Command Execution Vulnerability Patched in Cisco ISE

Cisco, Network Security, patches, Vulnerabilities, vulnerability /

Critical Command Execution Vulnerability Patched in Cisco ISE 2026-06-18 at 13:27 By Ionut Arghire Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. The post Critical Command Execution Vulnerability Patched in Cisco ISE appeared first on SecurityWeek. This article is an excerpt from

Critical Command Execution Vulnerability Patched in Cisco ISE Read More »

F5 Patches Critical, High-Severity NGINX Vulnerabilities

F5, Nginx, patched, Vulnerabilities, vulnerability /

F5 Patches Critical, High-Severity NGINX Vulnerabilities 2026-06-18 at 12:39 By Ionut Arghire Critical flaws in NGINX could allow remote, unauthenticated attackers to cause a restart and potentially execute arbitrary code. The post F5 Patches Critical, High-Severity NGINX Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

F5 Patches Critical, High-Severity NGINX Vulnerabilities Read More »

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

ICS, ICS/OT, Rockwell Automation, Vulnerabilities, vulnerability /

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software 2026-06-17 at 14:32 By Eduard Kovacs The industrial automation giant has fixed security holes in Logix, CompactLogix, Flex, RSLinx, and FactoryTalk products. The post Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software Read More »

Oracle’s Second Monthly Security Updates Deliver 245 Patches 

Oracle, Oracle CSPU, patches, Vulnerabilities, vulnerability /

Oracle’s Second Monthly Security Updates Deliver 245 Patches  2026-06-17 at 12:04 By Eduard Kovacs Oracle has released its June 2026 Critical Security Patch Update to fix vulnerabilities in Communications, EBS, Enterprise Manager and other products. The post Oracle’s Second Monthly Security Updates Deliver 245 Patches  appeared first on SecurityWeek. This article is an excerpt from

Oracle’s Second Monthly Security Updates Deliver 245 Patches  Read More »

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities 2026-06-17 at 11:21 By Ionut Arghire The browser updates address multiple memory safety bugs that could potentially lead to remote code execution. The post Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities Read More »

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

CISA KEV, cPanel, exploited, Joomla, Vulnerabilities, vulnerability /

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks 2026-06-17 at 10:28 By Ionut Arghire The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers. The post Joomla, LiteSpeed Vulnerabilities Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks Read More »

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

exploited, Featured, FortiBleed, Fortinet, FortiSandbox, Vulnerabilities, vulnerability /

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs 2026-06-17 at 09:53 By Eduard Kovacs SOCRadar has detected 30,000 compromised Fortinet firewalls that expose networks to hacking.  The post 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs Read More »

Attackers are exploiting FortiSandbox vulnerabilities

Defused, Don't miss, exploit, Fortinet, Hot stuff, News, sandbox, vulnerability /

Attackers are exploiting FortiSandbox vulnerabilities 2026-06-16 at 18:27 By Zeljka Zorz Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning came on Monday from threat intelligence company Defused, which said

Attackers are exploiting FortiSandbox vulnerabilities Read More »

SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)

Don't miss, enterprise, Horizon3.ai, Hot stuff, MSP, News, remote management, SimpleHelp, SMBs, vulnerability /

SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558) 2026-06-16 at 16:33 By Zeljka Zorz A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed endpoints, execute scripts,

SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558) Read More »

Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)

Check Point, Don't miss, Hot stuff, News, PoC, VPN, vulnerability, WatchTowr /

Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) 2026-06-12 at 15:14 By Zeljka Zorz WatchTowr researchers have disclosed a technical analysis and a “Detection Artefact Generator” for CVE-2026-50751, an authentication bypass flaw in Check Point’s Remote Access VPN and Mobile Access, which the vendor confirmed to be actively exploited. The attacks were

Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) Read More »

Ivanti Sentry Exploitation Attempts Hitting Honeypots

CISA KEV, exploited, Ivanti, Vulnerabilities, vulnerability /

Ivanti Sentry Exploitation Attempts Hitting Honeypots 2026-06-12 at 12:44 By Ionut Arghire The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti Sentry Exploitation Attempts Hitting Honeypots Read More »

Chrome 149 Update Patches 28 Vulnerabilities

Chrome, Vulnerabilities, vulnerability /

Chrome 149 Update Patches 28 Vulnerabilities 2026-06-12 at 12:27 By Ionut Arghire The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 149 Update Patches 28 Vulnerabilities Read More »

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk

BOD, CISA, CISA KEV, Government, Vulnerabilities, vulnerability, vulnerability management /

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk 2026-06-11 at 16:01 By Ionut Arghire The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries. The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek. This

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk Read More »

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert

0-day, Data leak, data theft, Don't miss, education, extortion, Hot stuff, News, Oracle, vulnerability /

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert 2026-06-11 at 15:41 By Zeljka Zorz A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert Read More »

Hackers Exploit Langflow Vulnerability for Remote Code Execution

exploited, Langflow, remote code execution, Vulnerabilities, vulnerability /

Hackers Exploit Langflow Vulnerability for Remote Code Execution 2026-06-11 at 14:52 By Ionut Arghire Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Hackers Exploit Langflow Vulnerability for Remote Code Execution Read More »

Scroll to Top