Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Langflow
Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The …

ColdFusion
Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)

CVE-2026-48282, one of the maximum severity vulnerabilities patched in Adobe ColdFusion on June 30, 2026, has been targeted by attackers in the wild. Exploitation attempts …

Oracle
Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)

Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have …

malware
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. …

Apple AirDrop
AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin

Phones and laptops ship with a feature that sends files to nearby devices over the air, with no cables, accounts, or prior pairing. Apple calls its version AirDrop. Google and …

CISA
JSP webshells being dropped on unpatched PTC Windchill instances

The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software …

Synology
Synology issues critical fix for MailPlus Server vulnerabilities

Synology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices. The security update …

Cisco
Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)

CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells …

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal …

Fortinet
Attackers are exploiting FortiSandbox vulnerabilities

Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products …

SimpleHelp
SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)

A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to …

Check Point
Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)

WatchTowr researchers have disclosed a technical analysis and a “Detection Artefact Generator” for CVE-2026-50751, an authentication bypass flaw in Check …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools