Attackers are actively exploiting critical vulnerabilities in Fortinet's FortiSandbox products, prompting CISA to issue a directive mandating patches. Researchers have identified abuse attempts targeting command injection flaws within these devices.
A new Windows zero-day exploit named LegacyHive has been publicly released by a security researcher. This exploit allows attackers to gain administrative privileges on patched Windows systems. The vulnerability is believed to affect specific Windows components and has been demonstrated to work on the latest Windows versions.
Google is addressing a vulnerability in Android's lock screen that allows the Gemini AI model to send SMS messages without requiring a PIN. A specific multi-touch gesture on the lock screen can bypass the authentication prompt, enabling unauthorized access to the messaging function.
A critical-severity security vulnerability in SharePoint has been disclosed and is already being exploited by attackers. The flaw allows authenticated remote attackers to execute arbitrary code on the server.
CISA has issued a directive to government agencies, mandating the immediate patching of two critical vulnerabilities found in Fortinet's FortiSandbox threat detection platform. These vulnerabilities are reportedly being actively exploited, underscoring the urgency of the advisory.
CISA has added a critical SharePoint Server remote code execution (RCE) vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are mandated to apply the necessary patches by July 19, 2026.
A flaw in Anthropic's Claude for Chrome browser extension could allow malicious extensions to trigger AI actions by simulating user clicks. This could enable attackers to abuse Claude's access to connected services like Gmail, Google Docs, Google Calendar, and Salesforce.
Zoom has patched a critical security vulnerability that could allow an unauthenticated user to take over accounts remotely. The company also addressed three other less severe privilege escalation flaws across various Zoom products for Windows. These patches are crucial given Zoom's widespread use in both personal and business environments.
The workflow automation platform n8n has a flaw in its token exchange mechanism. On enterprise instances configured with multiple token issuers, the platform incorrectly matches incoming JWTs to local users based solely on the 'sub' claim, ignoring the 'iss' claim. This allows a valid token from one issuer to log a user in as someone else if their 'sub' claim matches a user under a different issuer.
CISA has issued an urgent warning and urged organizations to harden their Microsoft SharePoint deployments due to active exploitation of three vulnerabilities. These vulnerabilities, now listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, pose a significant risk, especially for internet-facing instances, potentially allowing attackers initial access to enterprise environments.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These include two command injection vulnerabilities in Fortinet FortiSandbox OS and a deserialization vulnerability in Microsoft SharePoint. The update reinforces the importance of CISA's Binding Operational Directive (BOD) 26-04 for federal agencies to prioritize remediation of these high-risk vulnerabilities.
A NULL Pointer Dereference vulnerability has been identified in NASA's Core Flight System (cFS) Health & Safety (HS) Application. Successful exploitation could allow an unauthenticated attacker to cause a denial-of-service condition by crashing the application.
SALTO ProAccess Space software versions prior to 6.13 are vulnerable to a privilege escalation attack (CVE-2026-11889) if the partition feature is enabled. Successful exploitation by an authenticated attacker could allow access to spaces outside their assigned partition. A CVSS score of 6.5 has been assigned to this vulnerability.
Rockwell Automation's 1756-EN2, 1756-EN3, and 1756-ENBT communication modules are affected by a denial-of-service vulnerability due to improper validation of CIP Implicit Connection packets. An attacker could exploit this by sending crafted packets to disrupt device connections.
Rockwell Automation Flex 5000 Adapter version 6.011 is affected by a denial-of-service vulnerability (CVE-2026-12659) due to improper handling of crafted CIP packets. Successful exploitation could lead to a denial-of-service condition requiring a power cycle to recover the module.
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Rockwell Automation FactoryTalk DataMosaix Private Cloud versions less than or equal to 8.02. Successful exploitation by an authenticated attacker could allow for the injection and permanent storage of malicious scripts on the server, leading to potential account takeover or credential theft when other users access affected pages.
Rockwell Automation Arena has several vulnerabilities, including out-of-bounds writes in the model.exe component, that could allow an attacker to execute arbitrary code. These vulnerabilities affect versions less than or equal to V17.00.00. Rockwell Automation recommends updating to V17.00.01 to mitigate these risks.
Siemens SICAM 8 products are affected by multiple vulnerabilities, including an active debug code, initialization of a resource with an insecure default, and unverified password change. These flaws could allow an authenticated attacker to cause denial of service conditions by crashing the web process. Siemens has released updated versions to address these vulnerabilities.
CISA has issued an alert regarding multiple vulnerabilities in Rockwell Automation's CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix systems. Successful exploitation could lead to a denial-of-service condition.
AutomationDirect Productivity Suite versions prior to v4.6.2.2 are vulnerable to multiple security flaws including out-of-bounds writes, out-of-bounds reads, and divide-by-zero errors. Successful exploitation could allow a local attacker with physical access to cause memory corruption, information disclosure, application instability, or denial-of-service conditions.
Despite reaching its end of support in October 2025, a significant portion of Windows 10 machines remain unmigrated. This continued reliance on an unsupported operating system poses a substantial security risk, as these systems will no longer receive critical security patches.
CISA has issued a directive ordering federal agencies to patch a critical vulnerability in Oracle E-Business Suite by Saturday due to active exploitation. This vulnerability affects the financial application and poses a significant risk to sensitive government data and operations.
Splunk and Zoom have released patches for critical vulnerabilities that could allow attackers to gain unauthorized access to credentials and data, take over accounts, and escalate privileges. These flaws pose a significant risk to organizations using these platforms.
A critical vulnerability in Shark robot vacuums allows attackers to remotely control other vacuums in the same AWS region by extracting the device's certificate. Exploiting this flaw enables attackers to access the vacuum's camera, control its movement, read house maps, and steal Wi-Fi credentials.
F5 has released patches for multiple vulnerabilities affecting its NGINX and BIG-IP products. Attackers could exploit these flaws to modify configurations, terminate or restart processes, bypass security controls, leak memory, and execute arbitrary code.
Vulnerable UEFI shim bootloaders, signed by Microsoft, can be exploited to bypass Secure Boot on any operating system. This vulnerability allows attackers to potentially load malicious code during the boot process, undermining system integrity.
Zoom has released security updates for a critical vulnerability in its Windows client that could allow attackers to take over user accounts. The flaw, CVE-2026-53412, is rated with a CVSS score of 9.8 and affects multiple Zoom Windows applications.
Security experts are urging organizations to adopt "just in time" patching and re-evaluate their vulnerability management strategies due to an increasing rate of vulnerability exploitation, which is being amplified by AI tools. The surge in AI-driven vulnerability discovery threatens to overwhelm existing patching processes, exacerbating the gap between vulnerability identification and remediation.
A researcher has disclosed a Windows zero-day vulnerability named 'LegacyHive' following the 'Nightmare Eclipse' operation. The proof-of-concept exploit has been intentionally limited to prevent immediate widespread exploitation.
Leading cybersecurity firms Trend Micro, Tanium, ESET, and Tenable have all released patches for critical and high-severity vulnerabilities discovered within their respective products. These patches address security flaws that could have put users' systems at risk.
Microsoft SharePoint has a deserialization of untrusted data vulnerability that allows remote code execution by unauthorized attackers. Users are instructed to apply mitigations provided by the vendor, following CISA's guidance on prioritizing security updates and forensic triage requirements.
A critical OS command injection vulnerability (CVE-2026-25089) has been identified in Fortinet FortiSandbox products. An unauthenticated attacker can exploit this flaw via crafted HTTP requests to execute unauthorized commands. Organizations are urged to apply vendor-provided mitigations and adhere to CISA's risk-based patching guidance.
Attackers have exploited a vulnerability in UEFI shim bootloaders, allowing them to bypass Secure Boot protections for years. Nearly a dozen of these vulnerable bootloaders were revoked, but their prior trust created a security blind spot.
Zoom has issued a warning about a critical vulnerability affecting its desktop client and SDK for Windows. Attackers can exploit this flaw to take over user accounts without authentication. This vulnerability requires users to have Zoom installed and be logged into an account on the affected platform.
Microsoft has released a record number of patches for its operating systems and other products, addressing 76 vulnerabilities. Concurrently, a zero-day exploit dubbed HiveLegacy has surfaced, which researchers describe as a powerful primitive with the potential for further malicious activities.
A vulnerability in Anthropic's Claude AI model, dubbed "PromptFiction," could allow malicious prompts to be automatically sent to AI agents. When combined with another exploit, this flaw could have enabled an end-to-end attack on a targeted system. The vulnerability has since been fixed.
CISA has issued a warning about three actively exploited vulnerabilities in Microsoft SharePoint. Two of these flaws are rated as critical and could lead to further exploitation. Organizations are urged to apply patches immediately to mitigate the risks.
A vulnerability in the Cursor code editor allows attackers to execute arbitrary code by creating a malicious repository with a git.exe file in the project root. Cursor automatically executes this file, leading to potential code execution on the user's system.
CISA has issued a warning urging immediate patching of exploited SharePoint vulnerabilities. Three specific vulnerabilities are confirmed to be under active attack, with two of them being zero-day exploits.
Intruder has developed an AI-powered system, dubbed a "vulnerability vending machine," that automates the discovery of complex software vulnerabilities by integrating code slicing with large language models. The system successfully identified and exploited a previously unknown zero-day vulnerability in a WordPress plugin, with further discoveries being disclosed responsibly.
Mozilla has released updates for Firefox to fix two critical security vulnerabilities. The company has warned that exploit code for these flaws is publicly available. One vulnerability affects the WebAssembly component, while the other impacts the DOM navigation.
A newly discovered "2-click cursor exploit" leverages fundamental, age-old bugs within development environments to grant attackers access to sensitive developer secrets and source code. This vulnerability can lead to a full takeover of the development environment, posing a significant risk to intellectual property and software integrity.
Attackers are leveraging new techniques that abuse Windows Bind Links, a legitimate filesystem virtualization capability, to evade detection by endpoint security tools like EDR, AMSI, and AppLocker. Bitdefender researchers identified three methods – File Binding, Process-Binding, and Silo-Binding – that redirect trusted file paths to malicious ones, allowing malware to execute undetected.
Researchers have discovered two vulnerabilities in the Claude for Chrome extension that allow malicious browser extensions to trigger privileged actions, such as reading Gmail messages and Google Docs content. These flaws remain exploitable months after being reported, with the affected code appearing unchanged in recent versions.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, specifically CVE-2023-4346 and CVE-2026-46817, due to evidence of active exploitation. The article emphasizes the importance of the KEV Catalog for federal agencies in prioritizing security updates based on risk, as mandated by Binding Operational Directive (BOD) 26-04, and encourages all organizations to adopt similar risk-based vulnerability management practices.
A security researcher has released a proof-of-concept exploit for a new Windows zero-day vulnerability called LegacyHive. This vulnerability allows for arbitrary hive load elevation of privileges within the Windows User Profile Service, a critical system component.
Fortinet, Ivanti, and ServiceNow have released patches for critical vulnerabilities. A significant flaw in ServiceNow's AI platform could enable remote attackers to execute arbitrary code.
A critical flaw has been discovered in the Cursor code editor that allows malicious cloned repositories to execute arbitrary code on Windows. If a repository contains a file named 'git.exe' in its root directory, Cursor will automatically run it without any user interaction, potentially exposing sensitive data and credentials.
Progress has confirmed a zero-day vulnerability is the cause of recent disruptions affecting its ShareFile service. The company has released a patch and is working to restore access for affected Storage Zones Controller customers who apply the fix.
CISA has issued a warning regarding three actively exploited vulnerabilities in on-premises SharePoint Server instances. Administrators are urged to patch these flaws immediately to prevent further exploitation by attackers.