top of page
ALL POSTS
Cisco SD-WAN Vulnerability Now Exploited in the Wild: Patch CVE-2026-20262 Immediately
Key Findings CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager and is actively exploited in the wild The vulnerability allows authenticated attackers to write or overwrite arbitrary files on the system Planted files can be leveraged to escalate privileges to root level All deployment types are vulnerable: On-Prem, Cloud-Pro, Cisco-managed cloud, and FedRAMP installations Cisco has released patched builds across all affected versions Attackers are already deploying suspicio
Jun 162 min read
LiteSpeed and FreeBSD Privilege Escalation Flaws Under Active Exploitation (CVE-2026-54420, CVE-2026-49413)
Key Findings LiteSpeed cPanel plugin versions before 2.4.8 contain a privilege escalation flaw actively exploited in the wild Vulnerability allows low-privileged users on shared hosting to gain full root access by abusing symlink handling Flaw affects servers running CloudLinux/CageFS and scores 8.5 on CVSS scale Patch available now in cPanel plugin v2.4.8 and WHM Plugin v5.3.2.1 Attackers use distinctive pattern of certificate endpoint calls repeated 7-10 times from single I
Jun 152 min read
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Bypass Flaw (CVE-2026-0257)
Key Findings CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS affecting GlobalProtect portals and gateways Active exploitation confirmed by Rapid7 starting May 17, 2026, with two distinct attack waves originating from different hosting providers Vulnerability allows attackers to forge authentication cookies and bypass VPN access controls without credentials CISA added the flaw to its Known Exploited Vulnerabilities catalog in early June, re
Jun 153 min read
Anthropic Claude: Export Ban Forces Refunds and Service Halt
Key Findings US government issued export control directive preventing foreign nationals in the US from accessing Claude Fable and Mythos 5 models Anthropic globally deactivated these systems in compliance, citing national security concerns Ban reportedly triggered by jailbreak vulnerabilities discovered by security researchers Anthropic established limited refund program with strict eligibility requirements and application deadline of June 20, 2026 Only subscriptions purchase
Jun 153 min read
WinRAR Vulnerability from Years Past Still Powering 2026 Attacks Against Ukraine
Key Findings CVE-2025-8088, a WinRAR path traversal flaw patched in July 2025, remains actively exploited against Ukrainian organizations as of April 2026, nearly a year after the fix was released Two Russia-aligned threat groups, SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon), are leveraging the vulnerability in coordinated campaigns targeting Ukrainian government and military entities The exploit abuses NTFS Alternate Data Streams to silently write files to the Wind
Jun 144 min read
Argamal Malware and RAT Discovered Embedded in Trojanized Hentai Games
Key Findings Kaspersky discovered Argamal, a remote access Trojan hidden in hentai game installers, detected in April 2026 The malware is distributed through adult game sites, file-sharing platforms like PixelDrain, and torrent trackers such as AniRena Infected games function perfectly, allowing users to remain unaware their systems are compromised The malware establishes persistence through COM hijacking of Windows Color System Calibration Loader Hundreds of users infected,
Jun 142 min read
Ukrainian Extradited to US Pleads Guilty in Conti Ransomware Operation
Key Findings Ukrainian national Oleksii Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware operations Conti infected over 1,000 computers and networks across 47 U.S. states, 31 countries, and generated at least $150 million in ransom payments by January 2022 Lytvynenko joined the conspiracy in September 2021 and worked on malware development including creating a "loader" for delivering additional malicious tools He possessed stolen d
Jun 142 min read
Critical Splunk Enterprise Vulnerability Enables Unauthenticated Remote Code Execution
Key Findings Critical vulnerability CVE-2026-20253 in Splunk Enterprise rated 9.8 on CVSS scale allows unauthenticated remote code execution Flaw exists in PostgreSQL sidecar service endpoint lacking authentication controls on versions below 10.0.7 and 10.2.4 Attackers can exploit /v1/postgres/recovery/backup and /v1/postgres/recovery/restore endpoints to write arbitrary files and execute malicious code Splunk Cloud unaffected; Splunk Enterprise 10.4 not vulnerable No evidenc
Jun 132 min read
U.S. CISA Adds Critical Enterprise Software Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added Oracle PeopleSoft Enterprise PeopleTools vulnerability CVE-2026-35273 (CVSS 9.8) to its Known Exploited Vulnerabilities catalog following active exploitation by ShinyHunters CISA added Ivanti Sentry vulnerability CVE-2026-10520 (CVSS 10.0) to its Known Exploited Vulnerabilities catalog with a mandatory federal agency patching deadline of June 14, 2026 The Oracle flaw was exploited as a zero-day for nearly two weeks before vendor disclosure, affecting o
Jun 133 min read
FBI dismantles massive China-based cybercrime network responsible for $1.9B in losses
Key Findings FBI, Google, and Lumen Technologies dismantled Outsider, a China-based cybercrime network responsible for $1.9 billion in losses across 55 countries Operation Ghost Hook seized multiple domains, admin servers, a Shopify storefront, approximately $100,000 from payment wallets, and thousands of domains Outsider provided phishing kits as a subscription service starting at $88 per week, enabling criminals to target hundreds of thousands of victims The network used AI
Jun 132 min read
Conti Ransomware Member's Guilty Plea Signals Breakthrough in Global Cybercrime Crackdown
Key Findings Ukrainian national Oleksii Oleksiyovych Lytvynenko pleaded guilty to wire fraud conspiracy related to Conti ransomware operations Conti attacked over 1,000 organizations across 47 U.S. states and 31 countries from 2020 to 2022, extorting at least $150 million Lytvynenko joined the conspiracy in September 2021 and developed malware used in the attacks He faces up to 20 years in prison with sentencing scheduled for September 10, 2026 Authorities continue pursuing f
Jun 133 min read
Europol Dismantles AudiA6 Crypto Laundering Network Behind Ransomware Operations
Key Findings Europol dismantled AudiA6, an industrial-scale cryptocurrency laundering service that processed over €336 million (~$389 million) in illicit funds since 2021 Two alleged administrators of Ukrainian and Russian nationality were arrested in Georgia on June 10, 2026 The operation seized over 30 servers, 25 domains, €692,000 in frozen cryptocurrency, and identified more than 6,000 fraudulent money mule accounts AudiA6 operators also ran Dark2Web, a dark web cybercrim
Jun 124 min read
Atomic Arch Campaign Hijacks 400+ Linux AUR Packages to Deploy Infostealer and eBPF Rootkit
Key Findings Over 400 packages in the Arch User Repository (AUR) were hijacked this week with malicious build scripts Attackers modified PKGBUILD files to inject a credential stealer written in Rust that harvests developer secrets The malware can load an eBPF rootkit when running with root privileges to hide its presence Attack targets orphaned packages with abandoned maintainers, then spoofs commit metadata to appear legitimate Malware collects browser cookies, SSH keys, Git
Jun 124 min read
Agentjacking: How Attackers Trick AI Coding Agents Into Executing Malicious Code
Key Findings Agentjacking attacks trick AI coding agents into executing arbitrary code by injecting malicious payloads into Sentry error events, achieving 85% exploitation success rate At least 2,388 organizations exposed with valid injectable Sentry DSNs; attackers need only a publicly available credential to launch attacks OpenClaw AI agent vulnerable to hidden command injection through contact names, vCards, and location pins that bypass visual truncation and rendering Var
Jun 124 min read
Chrome 149 and Spring HATEOAS Security Updates Address Critical Vulnerabilities and UAF Bugs
Key Findings Chrome 149 addresses 28 security vulnerabilities across desktop platforms, with 5 critical flaws that could enable arbitrary code execution Critical use-after-free bugs dominate the patch set, affecting Core, DigitalCredentials, WebMIDI, and GPU components One critical flaw involves insufficient input validation in Accessibility features, while another is a heap buffer overflow in GPU 23 high-severity issues span Network, Media, Cast, Autofill, DevTools, and Exte
Jun 122 min read
Multiple Security Flaws Resolved Across Framework and Core Application Components
Key Findings Java ecosystem receives critical security patches addressing multiple high-severity vulnerabilities across Spring Security, Spring Web Services, and Spring GraphQL frameworks Cross-site scripting flaw (CVE-2026-41003) in authentication filters allows remote code execution within user sessions Server-side request forgery vulnerability (CVE-2026-40999) enables attackers to access internal hosts and cloud metadata endpoints Unsafe deserialization defect (CVE-2026-41
Jun 123 min read
ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100+ Universities Worldwide
Key Findings ShinyHunters exploited CVE-2026-35273, a zero-day remote code execution vulnerability in Oracle PeopleSoft Enterprise PeopleTools rated 9.8/10, to breach over 100 organizations between May 27 and June 9 The vulnerability required only network access over HTTP with no authentication or user interaction, affecting any organization with Environment Management Hub endpoints exposed externally Approximately 68 percent of affected organizations were in higher education
Jun 113 min read
University of Nottingham Data Breach: 454,635 Accounts Compromised in ShinyHunters Leak
Key Findings University of Nottingham suffered a significant data breach in June 2026 affecting approximately 454,635 accounts Attack attributed to ShinyHunters group operating a "pay or leak" extortion campaign Over 40GB of sensitive data stolen including student records from UK, China, and Malaysia campuses Exposed data includes email addresses, names, addresses, phone numbers, passport numbers, National Insurance numbers, and financial records Both current students and alu
Jun 112 min read
Criminal IP Unveils AITEM at Infosecurity Europe 2026: Next-Generation Attack Surface Management Platform
Key Findings Criminal IP introduced AITEM (AI-based Threat Exposure Management), a framework extending Attack Surface Management beyond asset discovery to include AI-driven threat prioritization, owner attribution, and remediation Traditional ASM tools excel at visibility but struggle with actionability; security teams now face a critical gap between detecting threats and responding to them effectively AI is lowering the barrier for attackers through automated scanning and pu
Jun 113 min read
BitLocker Bypass via GreatXML: Public PoC Exploit Disclosed
Key Findings GreatXML BitLocker bypass exploit publicly disclosed, allowing local attackers full access to encrypted drives Exploit manipulates Windows Defender Offline Scan feature to grant unrestricted administrative shell Attack requires physical access and specific conditions: prior Defender offline scan or ability to boot into WinRE Researcher Nightmare Eclipse claims accidental discovery taking only 4 hours Ongoing dispute between researcher and Microsoft over vulnerabi
Jun 113 min read
bottom of page
