FFmpeg PixelSmash Heap Overflow Enables RCE in Media Apps
June 23, 2026
JFrog disclosed CVE-2026-8461, a critical heap overflow in FFmpeg’s video decoder enabling remote code execution when processing malicious video files.
News
FFmpeg PixelSmash Heap Overflow Enables RCE in Media Apps
JFrog disclosed CVE-2026-8461, a critical heap overflow in FFmpeg's video decoder enabling remote code execution when processing malicious video files.
Microsoft AutoGen AI Framework Vulnerable to Localhost RCE
Microsoft disclosed AutoJack, a three-part vulnerability chain in AutoGen Studio that lets attackers hijack AI agents and execute arbitrary system commands.
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
Kaspersky found a WhatsApp phishing campaign using VBScript to install ManageEngine RMM software across multiple countries, granting attackers remote access.
TeamPCP Open-Source Supply Chain Investigation Reveals Years of Access
Researchers investigated the TeamPCP threat group that exploited open-source speed culture for years of supply chain access across thousands of organizations.
Multiple Groups Exploit Critical FortiSandbox Flaws Across 200 Countries
Multiple sources confirm active exploitation of CVE-2026-25089 and CVE-2026-39813 against FortiSandbox, with credentials compiled for tens of thousands of appliances.
Kodak Confirms Data Breach After ShinyHunters Sets Leak Deadline
Kodak confirms a data breach after the ShinyHunters hackgroup claimed 2.2 million records exfiltrated, with the company asserting no threat to current operations.
F5 Emergency Patch: Critical NGINX Unauthenticated RCE Hits 40 Percent of Web Servers
F5 released emergency patches for NGINX enabling unauthenticated RCE across 40 percent of web servers worldwide today in an accelerated disclosure window.
Atlassian and Splunk Patch Critical Flaws: Splunk AI Toolkit RCE, Atlassian Dependencies
Atlassian and Splunk emergency patches include an OS command injection in Splunk AI Toolkit plus dozens of Atlassian Server dependency flaws
Critical Command Execution Vulnerability Patched in Cisco ISE
Cisco patched a critical command execution vulnerability in its Identity Services Engine where insufficient input validation enabled root-level system access.
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps
The Rokarolla Android banking trojan evolved beyond credential theft with a 137-command C2 framework targeting 217 banking and cryptocurrency applications.
Microsoft AutoGen AI Framework Vulnerable to Localhost RCE
June 23, 2026
Microsoft disclosed AutoJack, a three-part vulnerability chain in AutoGen Studio that lets attackers hijack AI agents and execute arbitrary system
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
June 23, 2026
Kaspersky found a WhatsApp phishing campaign using VBScript to install ManageEngine RMM software across multiple countries, granting attackers remote access.
TeamPCP Open-Source Supply Chain Investigation Reveals Years of Access
June 23, 2026
Researchers investigated the TeamPCP threat group that exploited open-source speed culture for years of supply chain access across thousands of
Multiple Groups Exploit Critical FortiSandbox Flaws Across 200 Countries
June 23, 2026
Multiple sources confirm active exploitation of CVE-2026-25089 and CVE-2026-39813 against FortiSandbox, with credentials compiled for tens of thousands of appliances.
Kodak Confirms Data Breach After ShinyHunters Sets Leak Deadline
June 23, 2026
Kodak confirms a data breach after the ShinyHunters hackgroup claimed 2.2 million records exfiltrated, with the company asserting no threat
F5 Emergency Patch: Critical NGINX Unauthenticated RCE Hits 40 Percent of Web Servers
June 23, 2026
F5 released emergency patches for NGINX enabling unauthenticated RCE across 40 percent of web servers worldwide today in an accelerated
Atlassian and Splunk Patch Critical Flaws: Splunk AI Toolkit RCE, Atlassian Dependencies
June 23, 2026
Atlassian and Splunk emergency patches include an OS command injection in Splunk AI Toolkit plus dozens of Atlassian Server dependency
Critical Command Execution Vulnerability Patched in Cisco ISE
June 23, 2026
Cisco patched a critical command execution vulnerability in its Identity Services Engine where insufficient input validation enabled root-level system access.
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps
June 23, 2026
The Rokarolla Android banking trojan evolved beyond credential theft with a 137-command C2 framework targeting 217 banking and cryptocurrency applications.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.