Resources
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
Mitchell Langley
June 16, 2026
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Gabby Lee
June 15, 2026
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee
June 12, 2026
Google's Chrome 149 security update patches 28 vulnerabilities, roughly 12 use-after-free bugs, a memory corruption class tied to drive-by code execution.
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
Mitchell Langley
June 12, 2026
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox's Web UI exploitable by unauthenticated attackers via crafted HTTP requests.
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Mitchell Langley
June 12, 2026
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via crafted S/MIME messages.
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Andrew Doyle
June 12, 2026
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway River Country Club, and SMPC ...
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Gabby Lee
June 11, 2026
Oracle issued emergency mitigations for CVE-2026-35273, an RCE flaw in PeopleSoft, after ShinyHunters breached 300 instances across more than 100 organizations.
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
Gabby Lee
June 11, 2026
CISA BOD 26-04 requires all federal civilian agencies to patch critical KEV-listed exploited vulnerabilities within three days, cutting the two-week timeline.
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Gabby Lee
June 11, 2026
Ivanti Sentry CVE-2026-10520 is a CVSS 10.0 unauthenticated root RCE under active exploitation. Two instances were confirmed backdoored on disclosure day.
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
Mitchell Langley
June 11, 2026
CVE-2026-5027 in Langflow allows unauthenticated attackers to write arbitrary files via path traversal, achieving RCE on 7,000 publicly exposed AI instances.
Weekly Newsletter
Weekly Cybersecurity Newsletter: 14th to 18th August
Andrew Doyle
July 19, 2025
Explore our latest cybersecurity podcast episodes featuring ransomware attacks, phishing campaigns, corporate breaches, legal showdowns, and deep dives into evolving threats and digital defenses.
This Week In Cybersecurity: 23rd June to 27th June
Andrew Doyle
June 30, 2025
News Stories New ‘FileFix’ Attack Exploits Windows File Explorer to Deliver Stealthy Commands Threat actors use the search-ms URI protocol ...
This Week In Cybersecurity: 26th to 30th May, 2025
Andrew Doyle
May 30, 2025
"Cybersecurity threats escalate as ransomware attacks target major organizations, exposing sensitive data and highlighting vulnerabilities in systems across various industries. Stay informed."
This Week In Cybersecurity: 19th to 23rd May, 2025
Andrew Doyle
May 23, 2025
This week, significant cybersecurity incidents include ransomware attacks, data breaches affecting major organizations, and ongoing threats from state-sponsored groups, highlighting vulnerabilities across various sectors.
This Week In Cybersecurity: 21st – 25th April, 2025
Andrew Doyle
April 25, 2025
Targeted malware, ransomware, phishing, and ad fraud hit SK Telecom, Baltimore schools, Google, and more this week—exposing critical data and abusing trusted systems.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.














