top of page
ALL POSTS
Microsoft Patch Tuesday: 206 Vulnerabilities Patched Including Zero-Days and Critical RCE Exploits
Key Findings Microsoft released 206 security patches in June 2026, a record number including 39 Critical and 167 Important severity flaws Three vulnerabilities were publicly disclosed at the time of release, including two BitLocker bypasses and an HTTP.sys denial-of-service flaw Patch set includes 56 remote code execution vulnerabilities, 63 privilege escalation flaws, and multiple critical kernel issues Three highest severity flaws all carry a CVSS score of 9.8 and enable un
Jun 103 min read
Cisco Unified CM Critical Vulnerability: Public Exploit Code Now Available
Key Findings CVE-2026-20230 affects Cisco Unified CM with a CVSS score of 8.6, elevated to Critical severity by vendor Unauthenticated remote attackers can exploit an SSRF flaw to write unauthorized files and potentially gain root access Public proof-of-concept exploit code is already available Vulnerability requires WebDialer service to be enabled, which is disabled by default Fixed releases available: version 14SU6 for Release 14 and 15SU5 for Release 15 No complete workaro
Jun 42 min read
CVE-2026-8732: WP Maps Pro Vulnerability Allows Unauthorized WordPress Admin Account Creation Without Password
Key Findings CVE-2026-8732 in WP Maps Pro allows unauthenticated attackers to create WordPress administrator accounts remotely CVSS score of 9.8 indicates critical severity Over 2,858 attacks blocked in 24 hours, indicating active mass exploitation Affects all versions through 6.1.0; patched in version 6.1.1 released May 20, 2026 Plugin installed on 15,000+ WordPress sites according to Envato Market sales data Exploitation began before most site owners had time to patch after
Jun 13 min read
Cisco Catalyst SD-WAN Controller Critical Authentication Bypass Under Active Exploitation for Admin Access
Key Findings Critical authentication bypass vulnerability CVE-2026-20182 (CVSS 10.0) in Cisco Catalyst SD-WAN Controller actively exploited in limited attacks since May 2026 Vulnerability allows unauthenticated remote attackers to gain administrative privileges and manipulate SD-WAN fabric network configurations CISA added the flaw to Known Exploited Vulnerabilities catalog with a May 17, 2026 deadline for federal agencies to remediate The vulnerability affects the vdaemon se
May 143 min read
Microsoft Patch Tuesday Updates for February 2026
Key Findings Microsoft released security updates to address 58 new vulnerabilities across Windows, Office, Azure, Edge, Exchange, Hyper-V, and other components. The update includes fixes for 6 zero-day vulnerabilities that are being actively exploited in the wild. 5 of the vulnerabilities were rated as "Critical" by Microsoft. Several vulnerabilities affect high-profile targets like GitHub Copilot, IDEs, and Azure cloud services. Background This month's Patch Tuesday from Mic
Feb 101 min read
bottom of page
