Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
June 8, 2026
Researcher Taylor Hornby used Claude Opus 4.8 to uncover a four-year-old Zcash Orchard flaw that could have enabled undetectable counterfeit
Security Spotlight
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Researcher Taylor Hornby used Claude Opus 4.8 to uncover a four-year-old Zcash Orchard flaw that could have enabled undetectable counterfeit ZEC creation.
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at federal civilian agencies.
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch available.
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
TheGentlemen ransomware struck Saudi Arabia, India, Thailand, and Portugal in one day, including a first GCC target, as the group exceeds 330 victims in 2026.
CISA to Issue Binding AI Security Directive This Week
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian executive branch agencies.
Fake Claude Code Installers on Google Sites Steal AI API Keys
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere's Web Server Plug-ins. Patches are available for WebSphere 8.5 and 9.0 and Liberty builds.
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Anthropic's Project Glasswing AI found 10,000+ high-severity CVEs in 1,000 open-source projects in one month, but only 97 patches were deployed upstream.
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Security researcher Louis found that Trump Mobile's HTTP POST API returned 27,000 customer records without any authorization check during the T1 phone launch.
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
CVE-2026-20223 lets unauthenticated remote attackers gain full Site Admin access to Cisco Secure Workload; no credentials or user interaction are required.
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
June 8, 2026
SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
June 5, 2026
Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
June 5, 2026
TheGentlemen ransomware struck Saudi Arabia, India, Thailand, and Portugal in one day, including a first GCC target, as the group
CISA to Issue Binding AI Security Directive This Week
June 4, 2026
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian
Fake Claude Code Installers on Google Sites Steal AI API Keys
June 4, 2026
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
June 2, 2026
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere’s Web Server Plug-ins. Patches are available for WebSphere 8.5 and
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
May 25, 2026
Anthropic’s Project Glasswing AI found 10,000+ high-severity CVEs in 1,000 open-source projects in one month, but only 97 patches were
Trump Mobile Exposes 27,000 Customer Records via Insecure API
May 25, 2026
Security researcher Louis found that Trump Mobile’s HTTP POST API returned 27,000 customer records without any authorization check during the
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
May 22, 2026
CVE-2026-20223 lets unauthenticated remote attackers gain full Site Admin access to Cisco Secure Workload; no credentials or user interaction are
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.