Security Articles

Stay ahead of emerging threats with expert analysis from 142 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Sunday, June 14, 2026, the most urgent items for production stacks: the Oracle PeopleSoft zero-day CVE-2026-35273 is being used by the ShinyHunters extortion crew to break into more than 100 universities — a zero-day means a flaw the vendor had no patch ready for when attacks began, so the only defense is applying Oracle's emergency fix the moment it lands and watching for unfamiliar logins. Google has shipped an emergency patch for the Chrome V8 zero-day CVE-2026-11645, already under active exploitation through nothing more than a booby-trapped web page, so update every browser in your business today. The LiteLLM flaw CVE-2026-42271 has landed on the CISA Known Exploited Vulnerabilities (KEV) catalog — the U.S. government's list of bugs confirmed to be under real-world attack — and lets intruders run their own code on exposed AI gateways, the servers that broker requests between your apps and AI models. The Langflow bug CVE-2026-5027 is a path-traversal flaw — one that tricks a server into reaching files outside its intended folder — letting unauthenticated attackers plant code on roughly 7,000 internet-exposed AI servers. And the "Velvet Ant" espionage group quietly backdoored Linux PAM and OpenSSH — the components that handle logins on most Linux servers — to live undetected inside a single network for nearly a decade, a reminder that intrusion detection matters as much as patching. If your business runs Oracle PeopleSoft, Chrome, self-hosted AI tooling like LiteLLM or Langflow, or Linux servers, these advisories require action now — start with the article-level remediation steps below.