Oracle Identity Manager RCE: CVSS 9.8 Flaw Needs Immediate Patch
Oracle patches CVE-2026-21992, a pre-auth RCE in Identity Manager scoring 9.8 CVSS. No credentials needed to exploit. Emergency patches available now.
Stay ahead of emerging threats with expert analysis from 144 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Tuesday, June 16, 2026, the most urgent items for production stacks: a Palo Alto Networks GlobalProtect flaw, CVE-2026-0257, is under active exploitation — an authentication bypass in the GlobalProtect VPN portal (the gateway your remote staff log in through), meaning an attacker can slip past the login screen without valid credentials and reach your internal network, so apply Palo Alto's fix immediately and review the portal for unfamiliar sessions. The Oracle PeopleSoft zero-day CVE-2026-35273 is being used by the ShinyHunters extortion crew to break into more than 100 universities — a zero-day means a flaw the vendor had no patch ready for when attacks began, so the only defense is applying Oracle's emergency fix the moment it lands and watching for unfamiliar logins. Google has shipped an emergency patch for the Chrome V8 zero-day CVE-2026-11645, already under active exploitation through nothing more than a booby-trapped web page, so update every browser in your business today. The LiteLLM flaw CVE-2026-42271 has landed on the CISA Known Exploited Vulnerabilities (KEV) catalog — the U.S. government's list of bugs confirmed to be under real-world attack — and lets intruders run their own code on exposed AI gateways, the servers that broker requests between your apps and AI models. The Langflow bug CVE-2026-5027 is a path-traversal flaw — one that tricks a server into reaching files outside its intended folder — letting unauthenticated attackers plant code on roughly 7,000 internet-exposed AI servers. And the "Velvet Ant" espionage group quietly backdoored Linux PAM and OpenSSH — the components that handle logins on most Linux servers — to live undetected inside a single network for nearly a decade, a reminder that intrusion detection matters as much as patching. If your business runs Palo Alto GlobalProtect VPN, Oracle PeopleSoft, Chrome, self-hosted AI tooling like LiteLLM or Langflow, or Linux servers, these advisories require action now — start with the article-level remediation steps below.
Oracle patches CVE-2026-21992, a pre-auth RCE in Identity Manager scoring 9.8 CVSS. No credentials needed to exploit. Emergency patches available now.
A second supply chain attack on Trivy compromised 75 GitHub Actions tags and spawned a credential-stealing worm across 47 npm packages. Check your CI pipeline.
Read moreU.S. authorities dismantled four IoT botnets (AISURU, Kimwolf, JackSkid, Mossad) responsible for the largest DDoS attacks ever recorded. Over 3 million enslaved devices generated attacks exceeding 31 Tbps.
Read moreOver 2,000 Kubernetes clusters compromised through RBAC misconfigurations. Attackers deploy cryptominers via default service accounts. Check your clusters now.
Read moreCritical authentication bypass in Veeam Backup & Replication allows attackers to delete backup repositories without credentials.
Read moreCritical VMware ESXi flaw lets attackers escape guest VMs and execute code on the hypervisor. If you run ESXi, this needs immediate patching.
Read moreSophisticated iOS exploit kit chains six vulnerabilities including three zero-days to achieve complete device takeover. Multiple threat actors including Russian espionage groups and commercial surveillance vendors observed using DarkSword against targets in Ukraine, Saudi Arabia, and Turkey.
Read moreNine critical vulnerabilities in budget IP KVM switches from GL-iNet, Angeet, Sipeed, and JetKVM allow unauthenticated code execution and hardware-level access.
Read moreCISA added CVE-2025-47813 (info disclosure) to KEV, used to enhance CVE-2025-47812 (CVSS 10.0 RCE) exploitation. Attackers chain both flaws for reliable remote access. Wing FTP patches available since May 2025. Federal deadline: March 30.
Read moreGoogle patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 sandbox escape), both CVSS 8.8 and actively exploited. CISA added to KEV with March 27 deadline. Update to Chrome 146.0.7680.75/76.
Read moreGoogle patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 implementation flaw), both actively exploited. Third Chrome zero-day emergency in 2026. Update to 146.0.7680.75/76 immediately.
Read moreCVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure.
Read moreA critical arbitrary file read vulnerability in Jenkins allows attackers to extract credentials, API keys, and secrets from CI/CD pipelines.
Read moreA managed SOC gives you 24/7 threat monitoring from $50K/yr vs $1M+ in-house. Learn what is included, how pricing works, and how to pick the right provider.
Read moreA complete guide to penetration testing pricing in 2026. Learn what drives costs, price ranges by test type, red flags to watch for, and how to get real value from your security investment.
Read moreA practical guide to SOC 2 audit preparation covering Type I vs Type II, the five Trust Services Criteria, common gaps, evidence collection, and how to accelerate the certification timeline.
Read moreA practical guide to small business cybersecurity covering the essentials that actually matter: MFA, email security, backups, employee training, and when to outsource to professionals.
Read moreQualys discovered nine vulnerabilities in AppArmor affecting 12.6 million Linux servers. CrackArmor enables unprivileged users to achieve root via confused deputy attacks, bypass container isolation, defeat KASLR, and manipulate security policies. All kernels since 4.11 affected.
Read moreCISA added CVE-2025-68613 to KEV after confirming active exploitation of n8n automation platform. Five critical RCE vulnerabilities (CVSS 9.4-9.5) allow credential theft via encryption key extraction. 24,700 instances exposed. Federal deadline: March 25, 2026.
Read moreSentinelOne documents campaign targeting FortiGate appliances to extract AD/LDAP credentials. Attackers exploit CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858, decrypt config files, and harvest NTDS.dit. Healthcare, government, and MSPs are primary targets.
Read moreOur CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.
Subscribe to our newsletter and get the latest security insights delivered to your inbox.