What is Cloud Detection and Response (CDR) and How Does it Work
June 10, 2026
Cloud detection and response (CDR) delivers real-time threat visibility across cloud workloads. Learn how CDR works and how to implement
Network Security
What is Cloud Detection and Response (CDR) and How Does it Work
Cloud detection and response (CDR) delivers real-time threat visibility across cloud workloads. Learn how CDR works and how to implement it.
Apache HTTP Server 2.4.68 Patches 13 CVEs Including HTTP/2 DoS
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox's Web UI exploitable by unauthenticated attackers via crafted HTTP requests.
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency hotfix.
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
Fortinet researchers found C0XMO, a Gafgyt variant exploiting CVE-2021-27137 in DD-WRT routers, that kills rival botnets and supports 19 DDoS attack methods.
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at federal civilian agencies.
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch available.
CISA, FBI, NSA, DOE Warn of Active Attacks on Fuel Tank Monitors
CISA, FBI, NSA, and DOE warned of active attacks on internet-exposed fuel tank monitoring systems via authentication bypass and command injection techniques.
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch until end of month.
Public PoC Released for Cisco Unified CM SSRF Bug
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
Apache HTTP Server 2.4.68 Patches 13 CVEs Including HTTP/2 DoS
June 10, 2026
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
June 10, 2026
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox’s Web UI exploitable by unauthenticated attackers via crafted HTTP
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
June 9, 2026
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
June 8, 2026
Fortinet researchers found C0XMO, a Gafgyt variant exploiting CVE-2021-27137 in DD-WRT routers, that kills rival botnets and supports 19 DDoS
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
June 8, 2026
SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
June 5, 2026
Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch
CISA, FBI, NSA, DOE Warn of Active Attacks on Fuel Tank Monitors
June 4, 2026
CISA, FBI, NSA, and DOE warned of active attacks on internet-exposed fuel tank monitoring systems via authentication bypass and command
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
June 4, 2026
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch
Public PoC Released for Cisco Unified CM SSRF Bug
June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.