enterprise
Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)
CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells …
What the Fortibleed campaign means for organizations running FortiGate firewalls
A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, …
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal …
Companies are discarding the logs they need to catch a breach
Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large …
74,000 Fortinet firewall credentials exposed in FortiBleed data leak
A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The …
SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)
A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to …
EU Cybersecurity Act 2.0: When good regulation goes bad
Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain …
A $2 trillion revenue shift hinges on AI data governance
Across large enterprises, a single question keeps surfacing when teams want to put customer data to work. Can this record be used for a given purpose, and does the consent …
China-linked spies backdoored authentication stack to stay hidden for years
A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the …
CISA orders federal agencies to “patch smarter”
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches …
Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)
Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the …
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the …
Featured news
Resources
Don't miss
- AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin
- Vulnerability reports are arriving faster than GitHub can review them
- JSP webshells being dropped on unpatched PTC Windchill instances
- Mozilla warns of indirect prompt injection risk in AI coding agents
- DarkMoon: Open-source AI pentesting platform