top of page

ALL POSTS

Cisco SD-WAN Vulnerability Now Exploited in the Wild: Patch CVE-2026-20262 Immediately

Key Findings CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager and is actively exploited in the wild The vulnerability allows authenticated attackers to write or overwrite arbitrary files on the system Planted files can be leveraged to escalate privileges to root level All deployment types are vulnerable: On-Prem, Cloud-Pro, Cisco-managed cloud, and FedRAMP installations Cisco has released patched builds across all affected versions Attackers are already deploying suspicio

LiteSpeed and FreeBSD Privilege Escalation Flaws Under Active Exploitation (CVE-2026-54420, CVE-2026-49413)

Key Findings LiteSpeed cPanel plugin versions before 2.4.8 contain a privilege escalation flaw actively exploited in the wild Vulnerability allows low-privileged users on shared hosting to gain full root access by abusing symlink handling Flaw affects servers running CloudLinux/CageFS and scores 8.5 on CVSS scale Patch available now in cPanel plugin v2.4.8 and WHM Plugin v5.3.2.1 Attackers use distinctive pattern of certificate endpoint calls repeated 7-10 times from single I

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Bypass Flaw (CVE-2026-0257)

Key Findings CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS affecting GlobalProtect portals and gateways Active exploitation confirmed by Rapid7 starting May 17, 2026, with two distinct attack waves originating from different hosting providers Vulnerability allows attackers to forge authentication cookies and bypass VPN access controls without credentials CISA added the flaw to its Known Exploited Vulnerabilities catalog in early June, re

Anthropic Claude: Export Ban Forces Refunds and Service Halt

Key Findings US government issued export control directive preventing foreign nationals in the US from accessing Claude Fable and Mythos 5 models Anthropic globally deactivated these systems in compliance, citing national security concerns Ban reportedly triggered by jailbreak vulnerabilities discovered by security researchers Anthropic established limited refund program with strict eligibility requirements and application deadline of June 20, 2026 Only subscriptions purchase

WinRAR Vulnerability from Years Past Still Powering 2026 Attacks Against Ukraine

Key Findings CVE-2025-8088, a WinRAR path traversal flaw patched in July 2025, remains actively exploited against Ukrainian organizations as of April 2026, nearly a year after the fix was released Two Russia-aligned threat groups, SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon), are leveraging the vulnerability in coordinated campaigns targeting Ukrainian government and military entities The exploit abuses NTFS Alternate Data Streams to silently write files to the Wind

Argamal Malware and RAT Discovered Embedded in Trojanized Hentai Games

Key Findings Kaspersky discovered Argamal, a remote access Trojan hidden in hentai game installers, detected in April 2026 The malware is distributed through adult game sites, file-sharing platforms like PixelDrain, and torrent trackers such as AniRena Infected games function perfectly, allowing users to remain unaware their systems are compromised The malware establishes persistence through COM hijacking of Windows Color System Calibration Loader Hundreds of users infected,

Ukrainian Extradited to US Pleads Guilty in Conti Ransomware Operation

Key Findings Ukrainian national Oleksii Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware operations Conti infected over 1,000 computers and networks across 47 U.S. states, 31 countries, and generated at least $150 million in ransom payments by January 2022 Lytvynenko joined the conspiracy in September 2021 and worked on malware development including creating a "loader" for delivering additional malicious tools He possessed stolen d

Critical Splunk Enterprise Vulnerability Enables Unauthenticated Remote Code Execution

Key Findings Critical vulnerability CVE-2026-20253 in Splunk Enterprise rated 9.8 on CVSS scale allows unauthenticated remote code execution Flaw exists in PostgreSQL sidecar service endpoint lacking authentication controls on versions below 10.0.7 and 10.2.4 Attackers can exploit /v1/postgres/recovery/backup and /v1/postgres/recovery/restore endpoints to write arbitrary files and execute malicious code Splunk Cloud unaffected; Splunk Enterprise 10.4 not vulnerable No evidenc

U.S. CISA Adds Critical Enterprise Software Vulnerabilities to Known Exploited Vulnerabilities Catalog

Key Findings CISA added Oracle PeopleSoft Enterprise PeopleTools vulnerability CVE-2026-35273 (CVSS 9.8) to its Known Exploited Vulnerabilities catalog following active exploitation by ShinyHunters CISA added Ivanti Sentry vulnerability CVE-2026-10520 (CVSS 10.0) to its Known Exploited Vulnerabilities catalog with a mandatory federal agency patching deadline of June 14, 2026 The Oracle flaw was exploited as a zero-day for nearly two weeks before vendor disclosure, affecting o

FBI dismantles massive China-based cybercrime network responsible for $1.9B in losses

Key Findings FBI, Google, and Lumen Technologies dismantled Outsider, a China-based cybercrime network responsible for $1.9 billion in losses across 55 countries Operation Ghost Hook seized multiple domains, admin servers, a Shopify storefront, approximately $100,000 from payment wallets, and thousands of domains Outsider provided phishing kits as a subscription service starting at $88 per week, enabling criminals to target hundreds of thousands of victims The network used AI

Conti Ransomware Member's Guilty Plea Signals Breakthrough in Global Cybercrime Crackdown

Key Findings Ukrainian national Oleksii Oleksiyovych Lytvynenko pleaded guilty to wire fraud conspiracy related to Conti ransomware operations Conti attacked over 1,000 organizations across 47 U.S. states and 31 countries from 2020 to 2022, extorting at least $150 million Lytvynenko joined the conspiracy in September 2021 and developed malware used in the attacks He faces up to 20 years in prison with sentencing scheduled for September 10, 2026 Authorities continue pursuing f

Europol Dismantles AudiA6 Crypto Laundering Network Behind Ransomware Operations

Key Findings Europol dismantled AudiA6, an industrial-scale cryptocurrency laundering service that processed over €336 million (~$389 million) in illicit funds since 2021 Two alleged administrators of Ukrainian and Russian nationality were arrested in Georgia on June 10, 2026 The operation seized over 30 servers, 25 domains, €692,000 in frozen cryptocurrency, and identified more than 6,000 fraudulent money mule accounts AudiA6 operators also ran Dark2Web, a dark web cybercrim

Atomic Arch Campaign Hijacks 400+ Linux AUR Packages to Deploy Infostealer and eBPF Rootkit

Key Findings Over 400 packages in the Arch User Repository (AUR) were hijacked this week with malicious build scripts Attackers modified PKGBUILD files to inject a credential stealer written in Rust that harvests developer secrets The malware can load an eBPF rootkit when running with root privileges to hide its presence Attack targets orphaned packages with abandoned maintainers, then spoofs commit metadata to appear legitimate Malware collects browser cookies, SSH keys, Git

Agentjacking: How Attackers Trick AI Coding Agents Into Executing Malicious Code

Key Findings Agentjacking attacks trick AI coding agents into executing arbitrary code by injecting malicious payloads into Sentry error events, achieving 85% exploitation success rate At least 2,388 organizations exposed with valid injectable Sentry DSNs; attackers need only a publicly available credential to launch attacks OpenClaw AI agent vulnerable to hidden command injection through contact names, vCards, and location pins that bypass visual truncation and rendering Var

Chrome 149 and Spring HATEOAS Security Updates Address Critical Vulnerabilities and UAF Bugs

Key Findings Chrome 149 addresses 28 security vulnerabilities across desktop platforms, with 5 critical flaws that could enable arbitrary code execution Critical use-after-free bugs dominate the patch set, affecting Core, DigitalCredentials, WebMIDI, and GPU components One critical flaw involves insufficient input validation in Accessibility features, while another is a heap buffer overflow in GPU 23 high-severity issues span Network, Media, Cast, Autofill, DevTools, and Exte

Multiple Security Flaws Resolved Across Framework and Core Application Components

Key Findings Java ecosystem receives critical security patches addressing multiple high-severity vulnerabilities across Spring Security, Spring Web Services, and Spring GraphQL frameworks Cross-site scripting flaw (CVE-2026-41003) in authentication filters allows remote code execution within user sessions Server-side request forgery vulnerability (CVE-2026-40999) enables attackers to access internal hosts and cloud metadata endpoints Unsafe deserialization defect (CVE-2026-41

ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100+ Universities Worldwide

Key Findings ShinyHunters exploited CVE-2026-35273, a zero-day remote code execution vulnerability in Oracle PeopleSoft Enterprise PeopleTools rated 9.8/10, to breach over 100 organizations between May 27 and June 9 The vulnerability required only network access over HTTP with no authentication or user interaction, affecting any organization with Environment Management Hub endpoints exposed externally Approximately 68 percent of affected organizations were in higher education

University of Nottingham Data Breach: 454,635 Accounts Compromised in ShinyHunters Leak

Key Findings University of Nottingham suffered a significant data breach in June 2026 affecting approximately 454,635 accounts Attack attributed to ShinyHunters group operating a "pay or leak" extortion campaign Over 40GB of sensitive data stolen including student records from UK, China, and Malaysia campuses Exposed data includes email addresses, names, addresses, phone numbers, passport numbers, National Insurance numbers, and financial records Both current students and alu

Criminal IP Unveils AITEM at Infosecurity Europe 2026: Next-Generation Attack Surface Management Platform

Key Findings Criminal IP introduced AITEM (AI-based Threat Exposure Management), a framework extending Attack Surface Management beyond asset discovery to include AI-driven threat prioritization, owner attribution, and remediation Traditional ASM tools excel at visibility but struggle with actionability; security teams now face a critical gap between detecting threats and responding to them effectively AI is lowering the barrier for attackers through automated scanning and pu

BitLocker Bypass via GreatXML: Public PoC Exploit Disclosed

Key Findings GreatXML BitLocker bypass exploit publicly disclosed, allowing local attackers full access to encrypted drives Exploit manipulates Windows Defender Offline Scan feature to grant unrestricted administrative shell Attack requires physical access and specific conditions: prior Defender offline scan or ability to boot into WinRE Researcher Nightmare Eclipse claims accidental discovery taking only 4 hours Ongoing dispute between researcher and Microsoft over vulnerabi

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page