
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
Black Lotus Labs tracked the JDY botnet’s growth to 1,500-plus compromised devices, with U.S. military networks identified as the primary

Black Lotus Labs tracked the JDY botnet’s growth to 1,500-plus compromised devices, with U.S. military networks identified as the primary

Ivanti Sentry CVE-2026-10520 is a CVSS 10.0 unauthenticated root RCE under active exploitation. Two instances were confirmed backdoored on disclosure

Cloud detection and response (CDR) delivers real-time threat visibility across cloud workloads. Learn how CDR works and how to implement

Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.

Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox’s Web UI exploitable by unauthenticated attackers via crafted HTTP

Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency

Fortinet researchers found C0XMO, a Gafgyt variant exploiting CVE-2021-27137 in DD-WRT routers, that kills rival botnets and supports 19 DDoS

SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at

Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch

CISA, FBI, NSA, and DOE warned of active attacks on internet-exposed fuel tank monitoring systems via authentication bypass and command
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.