Resources

Application Security
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
Application Security
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Google's Chrome 149 security update patches 28 vulnerabilities, roughly 12 use-after-free bugs, a memory corruption class tied to drive-by code execution.
Application Security
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox's Web UI exploitable by unauthenticated attackers via crafted HTTP requests.
Application Security
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via crafted S/MIME messages.
Cybersecurity
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway River Country Club, and SMPC ...
Application Security
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Oracle issued emergency mitigations for CVE-2026-35273, an RCE flaw in PeopleSoft, after ShinyHunters breached 300 instances across more than 100 organizations.
CVE Vulnerability Alerts
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
CISA BOD 26-04 requires all federal civilian agencies to patch critical KEV-listed exploited vulnerabilities within three days, cutting the two-week timeline.
CVE Vulnerability Alerts
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Ivanti Sentry CVE-2026-10520 is a CVSS 10.0 unauthenticated root RCE under active exploitation. Two instances were confirmed backdoored on disclosure day.
Application Security
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
CVE-2026-5027 in Langflow allows unauthenticated attackers to write arbitrary files via path traversal, achieving RCE on 7,000 publicly exposed AI instances.

Weekly Newsletter

Weekly Cybersecurity Newsletter: 14th to 18th August
Cybersecurity Newsletter
Weekly Cybersecurity Newsletter: 14th to 18th August
Explore our latest cybersecurity podcast episodes featuring ransomware attacks, phishing campaigns, corporate breaches, legal showdowns, and deep dives into evolving threats and digital defenses.
This Week In Cybersecurity: 23rd June to 27th June
Cybersecurity Newsletter
This Week In Cybersecurity: 23rd June to 27th June
News Stories New ‘FileFix’ Attack Exploits Windows File Explorer to Deliver Stealthy Commands Threat actors use the search-ms URI protocol ...
This Week In Cybersecurity: 26th to 30th May, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 26th to 30th May, 2025
"Cybersecurity threats escalate as ransomware attacks target major organizations, exposing sensitive data and highlighting vulnerabilities in systems across various industries. Stay informed."
This Week In Cybersecurity: 19th to 23rd May, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 19th to 23rd May, 2025
This week, significant cybersecurity incidents include ransomware attacks, data breaches affecting major organizations, and ongoing threats from state-sponsored groups, highlighting vulnerabilities across various sectors.
This Week In Cybersecurity: 21st - 25th April, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 21st – 25th April, 2025
Targeted malware, ransomware, phishing, and ad fraud hit SK Telecom, Baltimore schools, Google, and more this week—exposing critical data and abusing trusted systems.