Resources
CISA Adds ColdFusion, Langflow, Two Joomla CVEs to KEV
Andrew Doyle
July 8, 2026
CISA added four actively exploited flaws to KEV on July 7, requiring federal agencies to patch ColdFusion, Langflow, and two Joomla extensions by July 10.
Ubiquiti Patches Seven Critical UniFi OS Flaws, 100K at Risk
Mitchell Langley
July 8, 2026
Ubiquiti patched seven critical-to-maximum severity flaws in UniFi OS, led by CVE-2026-50746, a command injection requiring only network access to exploit.
Eight Predatorgate Victims Sue Intellexa for €8 Million
Mitchell Langley
July 8, 2026
Eight victims of the Greek Predatorgate spyware scandal filed a €8 million civil lawsuit against Intellexa and founder Tal Dilian in a Greek court on ...
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
Andrew Doyle
July 7, 2026
CVE-2026-53359 Januscape is a 16-year-old Linux KVM use-after-free that allows guest VM escape to the host on Intel and AMD systems. Patches are available.
BeyondTrust CVE-2026-40138 Auth Bypass Left Self-Hosted Users Exposed
Andrew Doyle
July 7, 2026
BeyondTrust patched a CVSS 9.2 auth bypass in Remote Support and PRA for SaaS users months ago but withheld notice from self-hosted operators until July ...
CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware
Gabby Lee
July 7, 2026
CERT/CC disclosed CVE-2026-11405, a hidden backdoor in Tenda router firmware granting unauthenticated full admin access. No vendor patch is available.
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Gabby Lee
July 7, 2026
Adobe ColdFusion CVE-2026-48282 (CVSS 10) moved from PoC release to confirmed in-the-wild exploitation in under two hours, according to KEVIntel honeypot data.
CVE-2026-33697: Attested TLS Relay Flaw Hits WhatsApp, Cocos AI
Gabby Lee
July 6, 2026
CVE-2026-33697 lets relay attacks redirect confidential computing traffic without breaking attestation, affecting WhatsApp, Cocos AI, and Edgeless Systems.
CVE-2026-8451 Exploited Within 24 Hours of Citrix NetScaler Patch
Mitchell Langley
July 3, 2026
A threat actor exploited CVE-2026-8451 in Citrix NetScaler within 24 hours of patch release, targeting Lupovis honeypots with confirmed memory overread payloads.
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Mitchell Langley
July 2, 2026
Sysdig identified JADEPUFFER, the first ransomware campaign run by an LLM autonomous agent exploiting CVE-2026-33017 in Langflow to complete full attack chains without human operators.
Weekly Newsletter
Weekly Cybersecurity Newsletter: 14th to 18th August
Andrew Doyle
July 19, 2025
Explore our latest cybersecurity podcast episodes featuring ransomware attacks, phishing campaigns, corporate breaches, legal showdowns, and deep dives into evolving threats and digital defenses.
This Week In Cybersecurity: 23rd June to 27th June
Andrew Doyle
June 30, 2025
News Stories New ‘FileFix’ Attack Exploits Windows File Explorer to Deliver Stealthy Commands Threat actors use the search-ms URI protocol ...
This Week In Cybersecurity: 26th to 30th May, 2025
Andrew Doyle
May 30, 2025
"Cybersecurity threats escalate as ransomware attacks target major organizations, exposing sensitive data and highlighting vulnerabilities in systems across various industries. Stay informed."
This Week In Cybersecurity: 19th to 23rd May, 2025
Andrew Doyle
May 23, 2025
This week, significant cybersecurity incidents include ransomware attacks, data breaches affecting major organizations, and ongoing threats from state-sponsored groups, highlighting vulnerabilities across various sectors.
This Week In Cybersecurity: 21st – 25th April, 2025
Andrew Doyle
April 25, 2025
Targeted malware, ransomware, phishing, and ad fraud hit SK Telecom, Baltimore schools, Google, and more this week—exposing critical data and abusing trusted systems.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.














