Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The …
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. …
JSP webshells being dropped on unpatched PTC Windchill instances
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software …
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal …
Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)
Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But …
CISA orders federal agencies to “patch smarter”
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches …
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure …
CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and …
A small Slovenian team handles 6,000 cyber incidents a year
Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen analysts …
Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. …
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It …
CISA’s new KEV nomination form opens reporting to vendors and researchers
The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited …
Featured news
Resources
Don't miss
- July 2026 Patch Tuesday forecast: Is CVE tracking still practical?
- The open source library holding up your stack might have one maintainer
- Most data brokers won’t tell you what happened to your deletion request
- Microsoft is rewriting Windows patch guidance because of AI
- Extortion crew hijacks Microsoft 365 accounts via fake passkey setup