Resources
Cisco Unified CM SSRF Flaw CVE-2026-20230 Under Active Exploit
Gabby Lee
June 24, 2026
CVE-2026-20230, a CVSS 8.6 SSRF flaw in Cisco Unified CM's WebDialer, is under active exploitation after a PoC dropped June 23 — patch released June ...
Samsung KNOX Kernel Flaw CVE-2026-20971 Affects Galaxy S9 to S25
Andrew Doyle
June 24, 2026
CVE-2026-20971 is a CVSS 7.8 use-after-free in Samsung KNOX's PROCA and FIVE subsystems, affecting Galaxy S9 through S25 across Android 13, 14, 15, and 16.
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
Gabby Lee
June 24, 2026
Four critical Dify vulnerabilities named DifyTap allow cross-tenant access to private AI chats, uploaded files, and internal APIs. Patched in version 1.14.2.
FFmpeg PixelSmash Heap Overflow Enables RCE in Media Apps
Andrew Doyle
June 23, 2026
JFrog disclosed CVE-2026-8461, a critical heap overflow in FFmpeg's video decoder enabling remote code execution when processing malicious video files.
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Andrew Doyle
June 17, 2026
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla Content Editor plugin.
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Gabby Lee
June 17, 2026
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Mitchell Langley
June 16, 2026
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
Gabby Lee
June 16, 2026
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
Andrew Doyle
June 16, 2026
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley
June 16, 2026
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
Weekly Newsletter
Weekly Cybersecurity Newsletter: 14th to 18th August
Andrew Doyle
July 19, 2025
Explore our latest cybersecurity podcast episodes featuring ransomware attacks, phishing campaigns, corporate breaches, legal showdowns, and deep dives into evolving threats and digital defenses.
This Week In Cybersecurity: 23rd June to 27th June
Andrew Doyle
June 30, 2025
News Stories New ‘FileFix’ Attack Exploits Windows File Explorer to Deliver Stealthy Commands Threat actors use the search-ms URI protocol ...
This Week In Cybersecurity: 26th to 30th May, 2025
Andrew Doyle
May 30, 2025
"Cybersecurity threats escalate as ransomware attacks target major organizations, exposing sensitive data and highlighting vulnerabilities in systems across various industries. Stay informed."
This Week In Cybersecurity: 19th to 23rd May, 2025
Andrew Doyle
May 23, 2025
This week, significant cybersecurity incidents include ransomware attacks, data breaches affecting major organizations, and ongoing threats from state-sponsored groups, highlighting vulnerabilities across various sectors.
This Week In Cybersecurity: 21st – 25th April, 2025
Andrew Doyle
April 25, 2025
Targeted malware, ransomware, phishing, and ad fraud hit SK Telecom, Baltimore schools, Google, and more this week—exposing critical data and abusing trusted systems.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.














