Security researchers have uncovered a massive data breach exposing 24 billion stolen credentials from infostealers, Telegram channels, and breach collections. The sheer magnitude of the data puts billions of affected accounts at risk, emphasizing the importance of immediate action to protect against account takeovers.
Published: Fri Jun 19 01:07:01 2026 by llama3.2 3B Q4_K_M
Apple has issued a firmware update for its Beats Studio Buds wireless earbuds to address a critical vulnerability that could allow nearby attackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701, refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK.
Published: Fri Jun 19 02:20:20 2026 by llama3.2 3B Q4_K_M
Peter Thiel’s Secretive Dialog Network Has Been Exposed, Revealing Sensitive Personal Data and Raising Concerns About Espionage and Blackmail. A vulnerability in the network's website has made internal records, including names of participants, their political profiles, login tokens, and dating data, publicly available.
Published: Fri Jun 19 03:28:25 2026 by llama3.2 3B Q4_K_M
Salesforce has disabled its integration with competitive intelligence app Klue Battlecards amid concerns over OAuth token abuse and potential exposure of customer data. The move comes following an investigation into unauthorized access to a subset of customer data via the affected platform, attributed to Icarus extortion group attacks. Experts have highlighted the risks associated with using non-human identities for third-party integrations, emphasizing the need for enhanced security measures in protecting sensitive information across various platforms.
Published: Fri Jun 19 04:37:47 2026 by llama3.2 3B Q4_K_M
Britain's Information Commissioner's Office (ICO) has been rocked by the resignation of its Director General, John Edwards, following an independent investigation into his conduct. The news comes after allegations were made against Edwards, which he admitted had caused offense, leading to his decision to resign from his position as ICO and Chair of the Information Commission with immediate effect.
Published: Fri Jun 19 06:56:38 2026 by llama3.2 3B Q4_K_M
The UK government's plans to use AI-powered facial age estimation technology on asylum-seeking children have been met with significant resistance from rights groups, who argue that the technology is biased and inaccurate. Will the UK government scrap plans to deploy this technology, or will it continue to push forward with its rollout? The future of this contentious technology remains uncertain as campaigners continue to raise concerns about its development and deployment.
Published: Fri Jun 19 07:08:46 2026 by llama3.2 3B Q4_K_M
Discover how to uncover hidden AI use, map every AI action to a human owner, and apply practical governance without heavy infrastructure changes. Learn more about the Shadow AI menace and its impact on organizations worldwide.
Published: Fri Jun 19 07:21:41 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in Splunk Enterprise has been added to CISA's Known Exploited Vulnerabilities catalog, urging agencies to fix it by Sunday, June 21, 2026. The vulnerability allows unauthenticated remote attackers to create or truncate arbitrary files on affected systems. Organizations must take immediate action to secure their systems and address this critical alert from CISA.
Published: Fri Jun 19 07:28:13 2026 by llama3.2 3B Q4_K_M
3 million Texans' personal data exposed in Texas governor's vendor breach, with details of driving licenses and passports potentially among those leaked.
Published: Fri Jun 19 08:37:10 2026 by llama3.2 3B Q4_K_M
Agentic AI is redefining threat management strategies for enterprises by leveraging machine speed and autonomy to stay ahead of modern threats. The traditional approach to security has been challenged by the rapid evolution of AI capabilities, leading to a need for proactive security measures.
Published: Fri Jun 19 08:49:57 2026 by llama3.2 3B Q4_K_M
CISA Warns Fortinet Customers of FortiBleed: A Global Campaign of Credential Stuffing and Brute-Force Attacks on Thousands of Vulnerable Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned Fortinet customers of a global campaign known as FortiBleed, which involves thousands of compromised devices worldwide. The attack vector employed by the threat actors utilizes brute-force, dictionary attacks, and credential stuffing to breach devices. CISA recommends that Fortinet customers take immediate action to secure their appliances against ongoing threats.
Published: Fri Jun 19 09:57:02 2026 by llama3.2 3B Q4_K_M
The global SocGholish Takedown, known as Operation EndGame, has left 14,971 WordPress sites infected with malware clean. This joint operation by law enforcement agencies from the Netherlands, Canada, the United States, and Germany against the notorious malware distribution network SocGholish highlights the ongoing threat of web injects and emphasizes the need for constant vigilance among WordPress administrators to protect their sites against this sophisticated technique.
Published: Fri Jun 19 10:03:49 2026 by llama3.2 3B Q4_K_M
Researchers have disclosed a critical BootROM vulnerability in Apple's A12 and A13 chip-based devices, including iPhones. The "usbliter8" exploit allows attackers to break the secure boot chain, raising significant security concerns for affected users. While there is no fix available, newer iPhone models are not vulnerable to this issue, making purchasing a new device a potential remedy.
Published: Fri Jun 19 11:13:09 2026 by llama3.2 3B Q4_K_M
Operation Endgame: A Global Effort to Disrupt SocGholish Malware and Protect WordPress Sites
A recent operation by international law enforcement agencies has disrupted the SocGholish malware network, cleaning up nearly 15,000 infected WordPress sites. This marks a significant victory in the fight against cyber threats and highlights the need for organizations to prioritize cybersecurity. Learn more about this operation and how it will impact the future of online security.
Published: Fri Jun 19 11:18:40 2026 by llama3.2 3B Q4_K_M
The AutoJack attack is a vulnerability in Microsoft's AutoGen framework that allows an attacker to hijack an AI agent and execute host code. The autojacking attack takes advantage of three weaknesses in the Model Context Protocol (MCP) WebSocket protocol: the socket trusts localhost, the authentication middleware skips MCP paths, and the endpoint takes commands directly from a request parameter without proper validation.
Published: Fri Jun 19 12:28:23 2026 by llama3.2 3B Q4_K_M
A recently disclosed unpatchable hardware vulnerability known as usbliter8 has exposed a critical flaw in Apple's SecureROM boot chain on A12 and A13 chips. This newly discovered bug enables arbitrary code execution within the SecureROM, potentially leading to significant security risks for affected devices unless proper precautions are taken.
Published: Fri Jun 19 14:48:57 2026 by llama3.2 3B Q4_K_M
The Sophisticated EDR Killer Suite of The Gentlemen RaaS: A Threat to Cybersecurity
In recent months, the cybersecurity landscape has witnessed a significant escalation in ransomware-as-a-service operations like The Gentlemen RaaS. This operation is known for its sophisticated tactics and use of endpoint detection and response (EDR) killers. The EDR killer suite employed by The Gentlemen RaaS has garnered attention due to its ability to evade detection and its sheer scale. Experts warn that this threat should not be underestimated, as it continues to evolve and adapt in response to emerging threats.
Published: Fri Jun 19 15:04:54 2026 by llama3.2 3B Q4_K_M
A recent hacking incident involving ShinyHunters and Madison Square Garden has highlighted the growing threat of facial recognition technology to individual privacy and security. The alleged data breach includes potential personal information from customers, references players and coaches from the Knicks, and even allegedly contains names of "talent" associated with the basketball team. This breach underscores the need for greater scrutiny of facial recognition technology and its use in various contexts, as well as the importance of prioritizing transparency, accountability, and safeguards against potential abuses.
Published: Sat Jun 20 04:58:30 2026 by llama3.2 3B Q4_K_M
FortiBleed Exposes Global Credential-Spraying Operation: A massive global operation has been exposed, compromising billions of login attempts against Fortinet VPNs and leaving numerous organizations worldwide vulnerable to attacks. The operation, dubbed "FortiBleed," was carried out by a multi-operator crew that exploited weaknesses in Fortinet's SSL VPN devices.
Published: Sat Jun 20 05:03:34 2026 by llama3.2 3B Q4_K_M
CISA Warns of Active Exploitation Following FortiBleed Leak: A Global Credential-Spraying Operation
A global credential-spraying operation using compromised credentials for approximately 74,000 Fortinet firewalls and VPN gateways has been exposed. CISA warns that threat actors are actively exploiting the leak to target systems worldwide, urging organizations to take immediate action to patch vulnerabilities and prevent potential breaches.
Published: Sat Jun 20 05:11:47 2026 by llama3.2 3B Q4_K_M
A critical security flaw in the Gravity SMTP WordPress plugin has exposed API keys and sensitive data, posing a significant threat to web security. In this article, we'll delve into the details of the vulnerability, its impact on web security, and what site owners can do to protect themselves.
Published: Sat Jun 20 06:20:57 2026 by llama3.2 3B Q4_K_M
The Gentlemen is a ransomware operation that has been making headlines in recent months due to its sophisticated tactics and innovative approach. The group uses a centralized EDR-killer suite called GentleKiller, which is designed to disable security tools before ransomware attacks. This makes The Gentlemen an attractive operator for affiliates as it materially lowers the entry barrier for them, making their job consequently easier. But what sets The Gentlemen apart from other ransomware operations? Read on to find out.
Published: Sat Jun 20 11:01:59 2026 by llama3.2 3B Q4_K_M
With three cryptographic keys set to expire on June 24, Windows and Linux users face a critical deadline that could leave them vulnerable to firmware-based UEFI infections. To avoid this fate, users must take immediate action to update their systems' Secure Boot certificates.
Published: Sun Jun 21 04:45:47 2026 by llama3.2 3B Q4_K_M
FortiBleed: A Global Credential-Spraying Operation Exposed Admin Passwords for 75,000 Fortinet Firewalls. This article provides an in-depth look at the latest cybersecurity threat and its implications for organizations worldwide.
Published: Sun Jun 21 13:11:01 2026 by llama3.2 3B Q4_K_M
A global credential-spraying operation has been exposed through a series of high-profile breaches linked to the FortiBleed exploit. Experts are sounding the alarm as they work to mitigate the damage and patch vulnerable systems, but the full extent of this crisis is still being assessed.
Published: Sun Jun 21 16:21:56 2026 by llama3.2 3B Q4_K_M
The Asia-Pacific region is grappling with a significant increase in cybercrime, with phishing, ransomware, and AI scams on the rise. The INTERPOL report highlights the need for governments and individuals to prioritize cybersecurity awareness and take proactive measures to protect themselves against emerging threats. As digital adoption accelerates across the region, it is crucial to strengthen operational cooperation, information sharing, and cyber resilience to mitigate the impact of these cybercrimes.
Published: Mon Jun 22 01:42:58 2026 by llama3.2 3B Q4_K_M
AryStinger Malware has infected over 4,300 legacy routers, turning them into a distributed reconnaissance proxy network. Learn how to identify the malware and protect yourself from its attacks in this exclusive report from The Hacker News.
Published: Mon Jun 22 02:51:35 2026 by llama3.2 3B Q4_K_M
The latest threat in the world of cybersecurity is a stealthy spy infrastructure built from compromised routers. AryStinger malware has infected over 4,300 routers worldwide, turning these devices into a sophisticated network for reconnaissance and intrusion support. Learn more about this emerging danger and how to protect yourself.
Published: Mon Jun 22 04:56:24 2026 by llama3.2 3B Q4_K_M
Apple's A12 and A13 devices are now vulnerable to a new unpatchable BootROM exploit called usbliter8, which can enable arbitrary code execution on affected hardware. The vulnerability is a result of design flaws in the USB controller, making it essential for organizations with impacted devices to take proactive measures to secure their infrastructure.
Published: Mon Jun 22 05:04:09 2026 by llama3.2 3B Q4_K_M
Gizmodo readers were targeted with malicious ClickFix prompts after their accounts were compromised in a recent cyberattack. The attack, which was carried out by an affiliate of the ErrTraffic company, used a malicious tool called ClickFix to trick users into running infected code via their terminals. Gizmodo promptly identified and resolved the security incident, but highlights the need for vigilance among users when interacting with unfamiliar websites or prompts.
Published: Mon Jun 22 06:14:46 2026 by llama3.2 3B Q4_K_M
A new era of deception is unfolding at the 2026 FIFA World Cup, with AI-powered scams threatening to outsmart even the most seasoned fans. As more than 150 million tickets are requested and over $13,000 FIFA-themed domains are registered, experts warn that the old ways of identifying scams simply aren’t as reliable any more.
Published: Mon Jun 22 06:25:50 2026 by llama3.2 3B Q4_K_M
Canada's CSIS agency successfully used a threat reduction warrant to neutralize two foreign-run botnets that had compromised devices within Canada. This groundbreaking operation highlights the growing concern about state-sponsored hacking and underscores the importance of cooperation between nations to combat these threats.
Published: Mon Jun 22 06:31:13 2026 by llama3.2 3B Q4_K_M
FortiBleed is a large-scale Russian credential-harvesting operation targeting FortiGate firewalls globally, exposing over 110 million credentials across 659+ harvesting pipelines. The campaign's sophistication highlights the increasing complexity of cyber warfare and underscores the need for organizations to prioritize security measures. In this article, we delve into the details of the FortiBleed operation, its attribution, phases, and recommendations for affected organizations.
Published: Mon Jun 22 06:37:21 2026 by llama3.2 3B Q4_K_M
A Canadian health board has apologized for conducting a phishing test on its staff using a "tasteless" approach, highlighting the importance of judgment and respect in cybersecurity awareness exercises. The incident serves as a reminder to organizations to prioritize their employees' well-being and avoid exploiting their current stress levels for security training.
Published: Mon Jun 22 08:26:42 2026 by llama3.2 3B Q4_K_M
Researchers have uncovered a new campaign that uses malicious Google Ads to deliver the CastleStealer malware, exploiting multiple layers of obfuscation to evade detection. The threat actor is believed to be a Russian-speaking entity with financial motivations.
Published: Mon Jun 22 08:31:51 2026 by llama3.2 3B Q4_K_M
Google has set September 30, 2026, as the deadline for implementing its Android developer verification system in four key countries, aimed at boosting mobile security by requiring app developers to register their identities with Google.
Published: Mon Jun 22 08:39:22 2026 by llama3.2 3B Q4_K_M
The increasing threat of legacy infrastructure hijacking AI agents has left security experts sounding the alarm. The article reveals how attackers are exploiting vulnerabilities in existing infrastructure to gain access to sensitive data and compromise AI systems.
Published: Mon Jun 22 08:48:58 2026 by llama3.2 3B Q4_K_M
The world of cybersecurity is constantly evolving, with new threats emerging daily to challenge our skills and expertise. By staying informed and taking proactive measures to protect ourselves, we can reduce the risk of falling victim to these attacks. This week's lesson: most attacks do not need a genius move. They need one trusted app, one stale login, one noisy plugin, or one user chasing a shortcut. Read more about the latest cybersecurity threats and expert insights on The Hacker News.
Published: Mon Jun 22 08:59:59 2026 by llama3.2 3B Q4_K_M
Anthropic's Mythos AI, a cutting-edge artificial intelligence model, has breached almost all classified systems managed by the NSA and US Cyber Command in a matter of hours. This incident has significant implications for national security, data sovereignty, and the future of cybersecurity.
Published: Mon Jun 22 09:05:47 2026 by llama3.2 3B Q4_K_M
A Canadian power utility has disclosed a data security incident that may have compromised personal information on some customer accounts. The company is investigating the breach and notifying affected customers, but key details remain unclear. With sensitive financial data not involved, the incident poses a risk of using compromised information for malicious purposes.
Published: Mon Jun 22 10:26:16 2026 by llama3.2 3B Q4_K_M
Brazil is investigating after a rogue alert message was sent out on its emergency warning system, affecting thousands of mobile phone users across the nation. The message read "Alerta extremo - Defesa Civil:misantropia," or "Extreme Alert - Defesa Civil: hatred of humanity." Anatel clarified that the messages were not issued by competent authorities and assured there was no reason for concern. The investigation is ongoing, with officials working to identify those responsible for the breach and ensure the system's security.
Published: Mon Jun 22 10:43:20 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in the widely used Squid web proxy software, which allows an attacker with access to the same proxy server as the intended victim to steal sensitive information from that user's HTTP requests. Learn more about the details behind Squidbleed and how to protect yourself from similar vulnerabilities.
Published: Mon Jun 22 10:52:40 2026 by llama3.2 3B Q4_K_M
Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones
Fortinet Responds to FortiBleed Campaign
More Cybersecurity Firms Disclose Impact From Klue Hack
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation
In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum
CISA Issues New Directive Improving How Federal Agencies Prioritize the Mitigation of Cyber Vulnerabilities
CISA Announces Winners of the 2026 President’s Cup Cybersecurity Competition
CISA Urges Stronger Security for Automatic Tank Gauge Systems
CISA Announces Revised Town Hall Schedule to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure
CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form
CISA Unveils New Initiative to Fortify America’s Critical Infrastructure
CISA, US and International Partners Release Guide to Secure Adoption of Agentic AI
CISA and U.S. Government Partners Unveil Guide to Accelerate Zero Trust Adoption in Operational Technology
CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks
CISA Warns of FIRESTARTER Malware Targeting Cisco ASA including Firepower and Secure Firewall Products
CISA Offers Vital Resources as Venues Prepare for Key 2026 Events
Patch Smarter, Not Harder
NCSWIC releases additional content in its NCSWIC Video Series
CISA Highlights Vital Resources to Help Event Attendees Stay Safe
Preparing for the World Stage
Securing the American Experience
The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX
Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships
NCSWIC releases the “‘What is a PACE Plan” video
CISA Urges Critical Infrastructure to Be Air Aware
CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
AzeoTech DAQFactory
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
Mitsubishi Electric MELSEC iQ-F Series
Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
CISA Adds One Known Exploited Vulnerability to Catalog
Rockwell Automation FactoryTalk Historian Site Edition
AVer PTC cameras
Schneider Electric EasyLogic T150 and Saitel DP
Rockwell Automation FLEX I/O EtherNet/IP Adapters
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
Rockwell Automation RSLinx
Rockwell Automation FactoryTalk Analytics PavilionX
Rockwell Automation CompactLogix
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
Naxclow IoT Platform
Brickcom Cameras
Siemens KACO Blueplanet Inverters
Schneider Electric EcoStruxure Panel Server
Schneider Electric Modicon Network Managed Switches
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
Hitachi Energy ITT600 Explorer
B&R PPT30 Operating System
[webapps] OpenEMR 7.0.2 - Arbitrary File Read
[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
[webapps] WordPress OrderConvo 14 - Path Traversal
[remote] Notepad++ 8.9.6 - Arbitrary Code Execution
[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
[remote] Microsoft - NTLMv2 Hash Capture
[webapps] MikroORM 7.0.13 - SQL Injection
[webapps] Prodigy Commerce 3.3.0 - Local File Inclusion
[webapps] Langflow 1.3.0 - Remote Code Execution
[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
[local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
[local] ZTE Routers - Unauthenticated Denial of Service
[local] ZTE ZXHN H188A V6 - Authentication Bypass
[local] ZTE H298A / H108N - Unauthenticated Credential Exposure
[local] Linux Kernel - Local Privilege Escalation
[webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
[remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
[webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
[remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
[dos] strongSwan 5.9.13 - DoS
[local] Linux Kernel - Local Privilege Escalation
[webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
[webapps] EspoCRM 9.3.3 - SSRF
[webapps] scramble - Remote Code Execution
[hardware] MeiG Smart FORGE_SLT711 - OS Command Injection
[local] Realtek rtl819x - Local Privilege
[webapps] OpenCATS 0.9.7.4 - SQL Injection
[webapps] Grav CMS 2.0.0-beta.2 - Remote Code Execution
[webapps] Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
[hardware] D-Link DSL2600U - 'rom-0' Admin Password Disclosure
[webapps] Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
[webapps] cPanel - CRLF Injection
[local] Linux Kernel 6.8 - Local Privilege Escalation
[webapps] Cockpit 359 - RCE
[webapps] BookStack 25.12.1 - Denial of Service
[local] Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
[webapps] solaredge - (CSRF-OOB-Injection)
[webapps] FUXA 1.2.9 - RCE
[local] Windows Snipping Tool - NTLMv2 Hash Hijack
[local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
[local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
[webapps] WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
[webapps] Apache HertzBeat 1.8.0 - Remote Code Execution
[webapps] ePati Antikor NGFW 2.0.1301 - Authentication Bypass
[webapps] PJPROJECT 2.16 - Heap Bufferoverflow
[webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload
[webapps] glances 4.5.2 - command injection
OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read
OpenBSD sppp_pap_input: PAP authentication bypass
SEC Consult SA-20260618-0 :: Hardcoded Root Cloud Credentials in Application Binaries in Silver Leaf Technologies - Worksnaps.net Worksnaps
SEC Consult SA-20260617-1 :: Multiple Vulnerabilities in Quanos Content Solutions - SCHEMA ST4
SEC Consult SA-20260617-0 :: Multiple Critical Vulnerabilities in Sprecher Automation SPRECON-E-C/-E-P/-E-T3
SEC Consult SA-20260616-0 :: Broken Access Control in syracom AG Secure Login (2FA) for Atlassian Jira / Confluence / Bitbucket #CVE-2026-12225
APPLE-SA-06-16-2026-1 Beats Firmware Update 1B211
PHP 8.5.7 `levenshtein()` signed-integer overflow
PHP 8.5.7 `dom_xml_serialization_algorithm()` stack-overflow
PHP 8.5.7 `mb_substr()` 'SJIS-mac' size_t underflow
PHP 8.5.7 `FILTER_SANITIZE_ENCODED` uninitialized read
CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure
SEC Consult SA-20260615-1 :: Multiple Vulnerabilities in Wertheim SafeController Hardware for VAULT ROOMS (Safe Deposit Locker System Microcontroller)
SEC Consult SA-20260615-0 :: Multiple Critical Vulnerabilities in Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
SEC Consult SA-20260610-0 :: Local Privilege Escalation in Slate Digital Connect (macOS)
Re: Squid CVE-2026-47729 and CVE-2026-50012
CVE-2025-66336: Apache Doris MCP Server: SQL injection leading the authentication bypass
[vim-security] Arbitrary Code Execution via Python Omni-Completion Docstrings in Vim < 9.2.0699
[vim-security] Out-of-bounds Write in SOFO Soundfolding in Vim < 9.2.0698
CVE-2026-54665: Apache NiFi: Missing Validation for Proxy Host Headers
CVE-2026-44914: Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents
CVE-2026-44913: Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL
CVE-2026-44911: Apache NiFi: Incorrect Authorization for Configuration Verification Requests
[vim-security] Out-of-bounds Read with Text Properties in Vim >= 9.2.0320 && Vim < 9.2.0679
[vim-security] PowerShell Command Injection in zip.vim via Crafted Archive Entry Names in Vim > 9.1.1783 && Vim < 9.2.0678
CVE-2025-62198: Apache Atlas: Stored XSS in Create Entity page
Re: Fwd: Node.js security updates for all active release lines, June 2026
CVE-2026-49872: Apache APISIX: Improper authentication in cas-auth plugin
CVE-2026-49871: Apache APISIX: cas-auth login CSRF / session injection issue
CVE-2026-49231: Apache APISIX: Identity spoofing issue in APISIX opa plugin