CVEs, zero-days, PoCs, patch advisories
Oracle has released its first monthly Critical Security Patch Update (CSPU), addressing a total of 77 vulnerabilities. These updates are part of Oracle's initiative to deliver critical fixes more rapidly.
Microsoft has threatened legal action against a security researcher who published several zero-day exploits, sparking backlash from the cybersecurity community. Critics argue that Microsoft's stance discourages responsible disclosure and could hinder vulnerability research.
A vulnerability in the WP Maps Pro WordPress plugin, identified as CVE-2026-8732, is being exploited by unauthenticated attackers. This flaw allows attackers to create administrative accounts on vulnerable WordPress sites.
Oracle has released its first monthly Critical Security Patch Update (CSPU) for May 2026, addressing 35 vulnerabilities, including 11 rated as critical. Among these are several flaws with publicly available exploit code, some of which have been known for a considerable time, highlighting ongoing challenges with patching embedded open-source components.
A new article by Melissa Hathaway argues that AI is dramatically accelerating vulnerability discovery, exposing decades of software development prioritizing speed over security. It calls for a coordinated national and international effort involving governments, vendors, and operators to accelerate remediation and invest in automated repair before adversaries exploit this opportunity.
Organizations are urged to patch CVE-2026-41089, a critical vulnerability affecting Windows Netlogon. Attackers are actively targeting this flaw, making timely patching essential for defense.
Palo Alto Networks is urging users to patch a critical authentication bypass vulnerability in its PAN-OS GlobalProtect VPN, which is being actively exploited in the wild. Adversaries have already launched two waves of attacks leveraging this flaw, highlighting the urgency for defenders to apply the necessary security updates.
Attackers are increasingly exploiting vulnerabilities before organizations can identify and patch them. Faster vulnerability alerts are crucial for reducing exposure and improving security response times.
This weekly recap highlights several cybersecurity events, including a new Linux vulnerability, an exploit targeting PAN-OS, the rise of AI-powered attacks, and OAuth-based phishing campaigns. It also mentions poisoned development tools and the increasing accessibility of malicious activities.
The Centre for Cybersecurity Belgium has issued a warning that threat actors are actively exploiting a critical Windows Netlogon Remote Code Execution (RCE) vulnerability in ongoing attacks. This vulnerability was recently patched, highlighting the ongoing threat posed by unaddressed security flaws.
Attackers are actively exploiting a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS software. This flaw allows unauthorized access to VPNs, necessitating urgent patching for affected users and organizations.
A critical remote code execution (RCE) vulnerability, tracked as CVE-2026-40933, has been discovered in self-hosted Flowise deployments. The flaw exists within the implementation of Model Context Protocol (MCP) stdio servers, allowing attackers to trigger code execution with a single click via a malicious chatflow import. This vulnerability could grant attackers root-level access in containerized environments.
CISA has added CVE-2024-21182, an unspecified vulnerability in Oracle WebLogic Server, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation, posing significant risks to federal networks. Federal agencies are required to remediate this vulnerability, and CISA strongly encourages all organizations to prioritize its patching.
A 19-year-old Linux kernel vulnerability, known as CIFSwitch, has been disclosed with a proof-of-concept exploit available. This flaw allows low-privileged users to gain root access on affected systems.
Hackers have been actively exploiting a critical authentication bypass vulnerability, identified as CVE-2026-0257, in Palo Alto Networks' PAN-OS software. The exploitation began just four days after the vulnerability was publicly disclosed.
Threat actors are actively exploiting a critical vulnerability in the WP Maps Pro WordPress plugin to create unauthorized administrator accounts. This plugin, used by over 15,000 sites, allows for custom map embedding.
Oracle WebLogic Server has an unspecified vulnerability allowing unauthenticated network attackers to compromise the server via T3 or IIOP protocols. Successful exploitation can lead to unauthorized access to critical or all accessible data.
A critical vulnerability in the WP Maps Pro plugin for WordPress is being actively exploited by hackers. The flaw allows unauthenticated attackers to create new administrator accounts on vulnerable websites. This could lead to full site compromise and malicious activity.
Palo Alto Networks has issued a warning that a critical authentication bypass flaw in its GlobalProtect VPN, identified as CVE-2026-0257, is actively being exploited by attackers to compromise corporate networks. The vulnerability allows unauthenticated attackers to bypass authentication and gain access to sensitive systems.
Exploit code has been publicly released for a critical remote code execution (RCE) vulnerability in Flowise. This vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow.
A new Linux kernel vulnerability named CIFSwitch has been discovered, enabling local privilege escalation. Attackers can exploit this flaw to forge CIFS authentication key descriptions and gain root access on affected systems.
Palo Alto Networks has issued a warning that a medium-severity authentication bypass vulnerability in PAN-OS and Prisma Access, tracked as CVE-2026-0257, is currently being actively exploited in the wild. Attackers can exploit this flaw to establish unauthorized VPN connections.
Microsoft and a security researcher named Nightmare Eclipse are publicly feuding over the handling of vulnerability disclosures. The researcher claims Microsoft rebuffed their attempts to report bugs, leading to public disclosure, while Microsoft asserts the disclosures were not coordinated and created unnecessary risk.
A critical remote code execution (RCE) vulnerability in the open-source Git service Gogs remains unfixed. An exploit module for this vulnerability has been released, and the researcher who discovered it has had no response from the maintainers since reporting it in March.
Researchers have discovered a vulnerability in OpenAI's ChatGPT dubbed ChatGPhish. This vulnerability exploits the AI assistant's trust in Markdown links and images within web summaries to facilitate prompt injection attacks, enabling phishing.
Swiss researchers have developed a new method for generating truly random numbers using quantum superconducting chips and a long microwave pipe. This advancement aims to overcome biases found in traditional random number generators, which have previously led to security issues in various applications.
An unidentified threat actor has exploited a vulnerability (CVE-2026-39987) in Marimo notebooks to gain initial access. Following this, the attacker deployed a large language model (LLM) agent to perform post-exploitation activities and extract cloud credentials.
Researchers have identified an exploit chain that leverages over-permissioned cloud roles, secrets discovery, and non-human identities to compromise automation services. This vulnerability chain highlights how seemingly small misconfigurations in complex cloud environments can lead to significant security breaches.
A critical-severity zero-day vulnerability in Gogs, a self-hosted Git service, allows authenticated attackers to execute remote code via pull requests with malicious branch names. The flaw has a CVSS score of 9.4 and is described as an argument injection vulnerability.
CISA has added CVE-2026-0257, a Palo Alto Networks PAN-OS authentication bypass vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This inclusion is due to evidence of active exploitation, posing significant risks to federal networks. CISA urges all organizations to prioritize the remediation of these cataloged vulnerabilities as part of their security practices.
Researchers have discovered that ChatGPT can be manipulated to execute arbitrary code when presented with specially crafted web content. By embedding malicious JavaScript within seemingly innocuous browser content, attackers can trick ChatGPT into running this code, potentially leading to system compromise or data exfiltration.
Google has released Chrome 148, which addresses a significant number of security vulnerabilities. The update resolves 151 security defects, including several critical-severity flaws that could have allowed for remote code execution.
Two high-severity vulnerabilities (CVE-2026-48778 and CVE-2026-48800) in Notepad++ allow local attackers to execute arbitrary code by tampering with the editor's XML configuration files. These flaws affect versions up to 8.9.6 and were patched in version 8.9.6.1.
A critical argument injection vulnerability has been discovered in the open-source Gogs Git service, allowing authenticated users to execute code remotely. The maintainer of Gogs has not responded to the vulnerability disclosure for over two months, leaving it unpatched and highlighting potential risks associated with self-hosted code platforms from smaller open-source projects.
A critical authentication bypass vulnerability (CVE-2026-0257) has been identified in Palo Alto Networks PAN-OS, allowing unauthorized VPN connections. Federal agencies must apply mitigations by June 1, 2026, or discontinue product use if mitigations are unavailable.
A security researcher, reportedly upset over perceived unfair credit for discovering vulnerabilities, has threatened to release multiple zero-day exploits against Microsoft products. The researcher claims to have identified six zero-days, with three already under active exploitation, and has indicated a further release is planned for July 14th.
Hackers are exploiting a critical vulnerability in FortiClient EMS to deploy a new infostealer malware known as EKZ. The vulnerability, an authentication bypass flaw, allows attackers to gain unauthorized access and push the malware to vulnerable systems.
A critical RCE vulnerability has been found in Gogs, an open-source self-hosted Git service. This flaw allows any authenticated user to execute arbitrary code on the server under specific circumstances. Rapid7 has rated the vulnerability a 9.4 on the CVSS scale, and it does not currently have a CVE identifier.
Threat actors are actively exploiting a critical, patched vulnerability in FortiClient Endpoint Management Server (EMS) to distribute credential-stealing malware. The campaign leverages trusted endpoint management infrastructure to deliver payloads disguised as legitimate Fortinet software across managed endpoints.
An unpatched zero-day vulnerability in the Gogs self-hosted Git service has been discovered. This flaw allows attackers to achieve remote code execution on exposed instances.
Microsoft is advocating for Coordinated Vulnerability Disclosure (CVD) and urging researchers to share their findings with vendors before public disclosure. This stance follows an incident where a researcher, Chaotic Eclipse, disclosed details of multiple zero-day vulnerabilities.
This article from ThreatsDay Bulletin covers a range of cybersecurity topics including security issues with Claude plugins, privilege escalation in Azure, a multi-factor authentication bypass for Kali365, and FIFA-related scams. It also highlights ongoing, low-effort attacks using various malware and exposed infrastructure.
Fortinet has released patches for a critical vulnerability in FortiClient EMS, which was actively exploited in the wild as a zero-day. The company urged users to apply the fixes immediately following the discovery of these attacks.
CISA is addressing multiple software supply chain attacks that target developer ecosystems, including CI/CD pipelines. These attacks involve malicious VS Code extensions and poisoned GitHub Action workflows, leading to unauthorized access and exfiltration of sensitive information like credentials and tokens. The incidents highlight the exploitation of developer tools and processes by threat actors.
CISA has issued an alert for a critical vulnerability (CVE-2026-7786) in Jinan USR IOT Technology Limited's USR-W610 RS232/485 to Wi-Fi/Ethernet Converter. The vulnerability stems from hard-coded administrative credentials embedded in the firmware, which can be exploited for administrator access. The affected product is deployed worldwide, including in critical manufacturing sectors.
CISA has issued an alert regarding a critical vulnerability in KMW CCTV Security Cameras, specifically versions KM-IP521 IPCAM_V4.04.91.230307 and KM-IP421 IPCAM_V4.04.53.210416. The vulnerability, CVE-2026-5386, allows for unauthenticated remote password resets, granting attackers full control over camera feeds and settings. KMW has released a firmware update to address this flaw, along with recommended mitigation steps for network segmentation and regular updates.
The Fourth Frontier Frontier X Mobile Application and Frontier X2 devices have a critical vulnerability (CVE-2026-5768) that allows unauthenticated attackers to read and write arbitrary handle values, change clinical readings, and take control of the device. Successful exploitation could lead to patient harm. Affected versions include Frontier X Android app <v15.0.0, Frontier X iOS app <v25.0.0, and Frontier X2 version all.
A stored Cross-Site Scripting (XSS) vulnerability, CVE-2026-6824, has been identified in CP Plus 8 Ch. Network Video Recorder devices. Successful exploitation allows attackers to inject malicious scripts that execute in the browser of authenticated users, potentially leading to session hijacking and data theft.
ABB has acknowledged vulnerabilities in specific versions of their Busch-Welcome 2 Wire Door Opener Actuator. An attacker could exploit these vulnerabilities to gain unauthorized physical access to buildings where the product is installed. The primary vulnerability is due to an 'Active Debug Code' that allows for an authentication bypass when compatibility mode is enabled by default.
This CISA alert details multiple critical vulnerabilities in XCharge C6 charging stations, including issues with firmware updates, buffer overflows, and insecure default resource initialization. Successful exploitation could grant an attacker administrator rights or allow code execution on affected devices.
