Security Articles

Stay ahead of emerging threats with expert analysis from 144 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Tuesday, June 16, 2026, the most urgent items for production stacks: a Palo Alto Networks GlobalProtect flaw, CVE-2026-0257, is under active exploitation — an authentication bypass in the GlobalProtect VPN portal (the gateway your remote staff log in through), meaning an attacker can slip past the login screen without valid credentials and reach your internal network, so apply Palo Alto's fix immediately and review the portal for unfamiliar sessions. The Oracle PeopleSoft zero-day CVE-2026-35273 is being used by the ShinyHunters extortion crew to break into more than 100 universities — a zero-day means a flaw the vendor had no patch ready for when attacks began, so the only defense is applying Oracle's emergency fix the moment it lands and watching for unfamiliar logins. Google has shipped an emergency patch for the Chrome V8 zero-day CVE-2026-11645, already under active exploitation through nothing more than a booby-trapped web page, so update every browser in your business today. The LiteLLM flaw CVE-2026-42271 has landed on the CISA Known Exploited Vulnerabilities (KEV) catalog — the U.S. government's list of bugs confirmed to be under real-world attack — and lets intruders run their own code on exposed AI gateways, the servers that broker requests between your apps and AI models. The Langflow bug CVE-2026-5027 is a path-traversal flaw — one that tricks a server into reaching files outside its intended folder — letting unauthenticated attackers plant code on roughly 7,000 internet-exposed AI servers. And the "Velvet Ant" espionage group quietly backdoored Linux PAM and OpenSSH — the components that handle logins on most Linux servers — to live undetected inside a single network for nearly a decade, a reminder that intrusion detection matters as much as patching. If your business runs Palo Alto GlobalProtect VPN, Oracle PeopleSoft, Chrome, self-hosted AI tooling like LiteLLM or Langflow, or Linux servers, these advisories require action now — start with the article-level remediation steps below.

Severity: All Critical High Medium Low
128 articles found
Featured Story
critical
Jun 19, 2026
criticalCVE AdvisoryVulnerability

CRITICAL: F5 Patches Two NGINX Flaws Handing Unauthenticated RCE to Remote Attackers

F5 disclosed two critical NGINX vulnerabilities on June 17, 2026, both scoring CVSS 4.0 9.2. CVE-2026-42530 is a use-after-free in the HTTP/3 QPACK encoder and CVE-2026-42055 is a heap-based buffer overflow in the HTTP/2 proxy and gRPC modules. Both are remotely exploitable by unauthenticated attackers and affect a huge swath of the NGINX Open Source and NGINX Plus install base.

By Danny MercerRead Full Article
high
CVE AdvisoryVulnerabilityJun 18, 2026

HIGH: Microsoft Defender RoguePlanet Zero-Day Hits SYSTEM Without a Patch in Sight (CVE-2026-50656)

Researcher Nightmare Eclipse dropped a public PoC for CVE-2026-50656 (RoguePlanet), a TOCTOU race condition in the Microsoft Defender Malware Protection Engine that yields NT AUTHORITY\SYSTEM on fully patched Windows 10 and Windows 11. Microsoft has confirmed the flaw, rated it CVSS 7.8, and is still working on a patch. The PoC works whether real-time protection is enabled or not, leaving defenders with detection and containment as the only options for now.

Read more
critical
CVE AdvisoryVulnerabilityJun 17, 2026

CRITICAL: Three FortiSandbox Flaws Under Active Exploitation as Attackers Chain Auth Bypass and Command Injection

Three critical FortiSandbox vulnerabilities are under active exploitation, led by CVE-2026-39813, a path traversal flaw in the JRPC API that lets unauthenticated attackers bypass authentication via crafted HTTP requests. Paired with two OS command injection bugs, the chain gives remote code execution on appliances running FortiSandbox 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8. Upgrade to 5.0.6 or 4.4.9 immediately.

Read more
critical
CVE AdvisoryVulnerabilityJun 16, 2026

CRITICAL: Three FortiSandbox Flaws Under Active Exploitation as Defenders Race to Patch

Defused Cyber reported active exploitation of three CVSS 9.1 FortiSandbox vulnerabilities inside a 24-hour window. CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 allow unauthenticated remote code execution and authentication bypass on the appliance that other Fortinet products trust to verdict malware. Patches are available, but the 4.2 branch requires migration to a supported release.

Read more
high
CVE AdvisoryVulnerabilityJun 13, 2026

HIGH: Velvet Ant Backdoored Linux PAM and OpenSSH to Live in One Network for Nearly a Decade

Sygnia disclosed Operation Highland this week, a China-nexus campaign by the Velvet Ant cluster that compromised core Linux authentication on a victim network from 2016 through 2026. Nine variants of backdoored PAM modules and patched OpenSSH binaries delivered hardcoded magic-password access plus continuous credential and command logging. A parallel commodity tool called PamDOORa now sells for $900 on a Russian forum, putting the same authentication-layer tradecraft within reach of any ransomware affiliate with root.

Read more
high
CVE AdvisoryVulnerabilityJun 11, 2026

HIGH: Langflow Path Traversal CVE-2026-5027 Lets Unauthenticated Attackers Plant Code on Roughly 7,000 Exposed AI Servers

A path traversal flaw in Langflow's POST /api/v2/files endpoint allows unauthenticated attackers to write files anywhere the platform process can reach, opening a clean route to remote code execution on the roughly seven thousand exposed instances Censys is currently tracking. Tenable disclosed CVE-2026-5027 in late March, the maintainers shipped a fix in version 1.10.0 on June 10, and VulnCheck honeypots are catching exploitation right now. Patch immediately or pull the instance off the public internet.

Read more
high
CVE AdvisoryVulnerabilityJun 8, 2026

HIGH: Miasma Worm Detonates 73 Microsoft GitHub Repos in npm Supply Chain Cascade

GitHub disabled 73 repositories across four Microsoft organizations after the Miasma worm spread through 57 npm packages, including @vapi-ai/server-sdk and ai-sdk-ollama. The TeamPCP-linked variant of Mini Shai-Hulud uses a Phantom Gyp binding.gyp injection plus AI coding assistant rule files in Claude Code, Cursor, Gemini CLI, and VS Code to harvest AWS, GCP, Azure, Vault, and GitHub Actions credentials.

Read more
high
CVE AdvisoryVulnerabilityJun 7, 2026

HIGH: Cisco Unified Communications Manager SSRF Flaw Has a Public PoC and a Root-Level Punchline (CVE-2026-20230)

Cisco's June 3 advisory for CVE-2026-20230 details a critical-rated SSRF in the Unified Communications Manager WebDialer service, with a CVSS 8.6 base score and a public proof-of-concept already in circulation. An unauthenticated attacker on the network can write arbitrary files to the underlying OS and chain that into root. Cisco has released fixes in 14SU6 and an interim COP for the 15 line, with 15SU5 due in September 2026. Disabling WebDialer is the recommended interim mitigation.

Read more
high
CVE AdvisoryVulnerabilityJun 6, 2026

HIGH: Cisco Catalyst SD-WAN Manager Zero-Day Under Active Exploitation, No Patch Available (CVE-2026-20245)

Cisco confirmed active exploitation of CVE-2026-20245, an unpatched command injection flaw in Catalyst SD-WAN Manager that lets authenticated attackers escalate to root and push malicious configurations to edge devices. The CVSS 7.8 bug is the seventh exploited SD-WAN zero-day since 2023 and chains with two prior auth bypass vulnerabilities to enable full remote takeover. No patch is available.

Read more
critical
CVE AdvisoryVulnerabilityJun 5, 2026

CRITICAL: Cisco Unified CM SSRF Flaw CVE-2026-20230 Hands Attackers Root, PoC Already Public

Cisco patched CVE-2026-20230, an unauthenticated SSRF in the Unified Communications Manager WebDialer Web Service that lets remote attackers write arbitrary files and escalate to root. Public proof-of-concept code is already circulating. CVSS 8.6 with a Critical Security Impact Rating from Cisco PSIRT. Version 14SU6 is fixed, but the 15 train waits until September 2026 for 15SU5 with only an interim COP patch available now.

Read more
critical
CVE AdvisoryVulnerabilityJun 4, 2026

CRITICAL: Active Exploitation Hits Magento Stores via Mirasvit Cache Warmer Bug (CVE-2026-45247)

CISA added CVE-2026-45247, a CVSS 9.8 PHP object deserialization flaw in the Mirasvit Full Page Cache Warmer extension for Adobe Commerce and Magento, to its Known Exploited Vulnerabilities catalog after Imperva confirmed active unauthenticated RCE attacks against gaming and business storefronts in the US, UK, France, and Australia. Patch to version 1.11.12 or disable the extension immediately.

Read more
high
CVE AdvisoryVulnerabilityJun 3, 2026

HIGH: HTTP/2 Bomb Vulnerability Lets a Home Connection Flatten NGINX, Apache, IIS, Envoy, and Cloudflare Pingora

A newly disclosed HTTP/2 vulnerability dubbed HTTP/2 Bomb lets a single client on a residential connection exhaust 32 gigabytes of server memory in under twenty seconds. The flaw, tracked as CVE-2026-49975 for Apache httpd, affects NGINX, Apache, Microsoft IIS, Envoy, and Cloudflare Pingora. NGINX and Apache shipped fixes. IIS, Envoy, and Pingora remain unpatched as of public disclosure on June 2, 2026.

Read more
critical
CVE AdvisoryVulnerabilityJun 1, 2026

CRITICAL: WP Maps Pro Bug (CVE-2026-8732) Spawns Admin Accounts on 15,000 WordPress Sites

A CVSS 9.8 unauthenticated admin account creation flaw in the WP Maps Pro WordPress plugin (CVE-2026-8732) is under active mass exploitation. Wordfence blocked 2,858 attempts and Defiant blocked more than 3,600 within a single 24 hour window. The bug abuses a vendor-support shortcut to mint administrator accounts via an unauthenticated AJAX endpoint. All versions through 6.1.0 are vulnerable. Patch to 6.1.1 and hunt for rogue admins emailed support@flippercode.com.

Read more
high
CVE AdvisoryVulnerabilityMay 31, 2026

HIGH: Palo Alto GlobalProtect Auth Bypass (CVE-2026-0257) Actively Exploited, Now on CISA KEV

A GlobalProtect authentication override flaw in PAN-OS lets unauthenticated attackers forge session cookies and walk into the VPN. Rapid7 observed two waves of in the wild exploitation in May, CISA added the bug to the KEV catalog on May 29 with a June 1 federal deadline, and Palo Alto Networks has confirmed active exploitation against unpatched devices.

Read more

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Page 1 of 7Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.