Symantec found that DragonForce ransomware deployed Backdoor.Turn, a Go implant that hides C2 traffic inside Microsoft Teams TURN relay infrastructure.
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox’s Web UI exploitable by unauthenticated attackers via crafted HTTP
Black Lotus Labs tracked the JDY botnet’s growth to 1,500-plus compromised devices, with U.S. military networks identified as the primary
Ivanti Sentry CVE-2026-10520 is a CVSS 10.0 unauthenticated root RCE under active exploitation. Two instances were confirmed backdoored on disclosure
Cloud detection and response (CDR) delivers real-time threat visibility across cloud workloads. Learn how CDR works and how to implement
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox’s Web UI exploitable by unauthenticated attackers via crafted HTTP
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency
Fortinet researchers found C0XMO, a Gafgyt variant exploiting CVE-2021-27137 in DD-WRT routers, that kills rival botnets and supports 19 DDoS
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.