Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
malware
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. …

SimpleHelp
SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)

A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to …

LiteLLM
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)

A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure …

Help Net Security
Horizon3.ai introduces Rapid Response to prioritize and verify vulnerability remediation

Horizon3.ai has introduced Rapid Response, a capability that helps organizations assess exposure to newly disclosed threats, prioritize remediation, and verify that …

Apache ActiveMQ
Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)

In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code …

SolarWinds Web Help Desk
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!

SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers …

Fortinet
PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)

A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising …

Netscaler
Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)

With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix …

Langflow
RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has …

SSH
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All …

CrushFTP
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access …

Ivanti
PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools