Security Articles

Stay ahead of emerging threats with expert analysis from 137 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Tuesday, June 9, 2026, the most urgent items for production stacks: the "Miasma" worm has detonated across 73 Microsoft-owned GitHub repositories in an npm supply-chain cascade — a software supply-chain attack means malicious code is planted in a trusted package your developers already install, so it spreads automatically into everything that depends on it — making any team that pulls JavaScript packages from npm a potential downstream victim; audit your dependencies and pin trusted versions now. The Cisco Catalyst SD-WAN Manager zero-day CVE-2026-20245 remains under active exploitation with no patch available yet — restrict management-interface access and watch Cisco's advisory for the fix. Cisco Unified Communications Manager flaw CVE-2026-20230 hands attackers root through a server-side request forgery (SSRF) bug — a server tricked into making attacker-controlled requests — and a working proof-of-concept exploit is already public, so patch now. The Mirasvit Cache Warmer bug CVE-2026-45247 is being used for active remote code execution (RCE — running attacker code on your server) against Magento e-commerce stores. Still carrying forward: the HTTP/2 "Bomb" CVE-2026-49975 lets a single home connection knock NGINX, Apache, IIS, and Cloudflare web servers offline; Palo Alto GlobalProtect authentication-bypass CVE-2026-0257 remains on the CISA Known Exploited Vulnerabilities (KEV) catalog under active exploitation; and the WP Maps Pro WordPress flaw CVE-2026-8732 is still spawning rogue administrator accounts across roughly 15,000 sites. If your business pulls npm packages, or runs Cisco SD-WAN or Unified CM, Magento, a public web server, Palo Alto GlobalProtect, or WordPress with WP Maps Pro, these advisories require action now — start with the article-level remediation steps below.

All Articles AdvisoryCyber AttackData BreachExploitMalwareThreat ActorVulnerability
Severity: All Critical High Medium Low
41 articles found
Featured Story
critical
Jun 12, 2026
criticalCVE AdvisoryVulnerability

CRITICAL: Oracle PeopleSoft Zero-Day CVE-2026-35273 Powers ShinyHunters Spree Across 100+ Universities

ShinyHunters weaponized an unauthenticated 9.8 CVSS RCE in Oracle PeopleSoft PeopleTools (CVE-2026-35273) as a zero-day from May 27 through June 9, breaching the University of Nottingham and over a hundred mostly higher-education organizations before Oracle issued an out-of-band advisory on June 10.

By Danny MercerRead Full Article
critical
CVE AdvisoryVulnerabilityJun 5, 2026

CRITICAL: Cisco Unified CM SSRF Flaw CVE-2026-20230 Hands Attackers Root, PoC Already Public

Cisco patched CVE-2026-20230, an unauthenticated SSRF in the Unified Communications Manager WebDialer Web Service that lets remote attackers write arbitrary files and escalate to root. Public proof-of-concept code is already circulating. CVSS 8.6 with a Critical Security Impact Rating from Cisco PSIRT. Version 14SU6 is fixed, but the 15 train waits until September 2026 for 15SU5 with only an interim COP patch available now.

Read more
critical
CVE AdvisoryVulnerabilityJun 4, 2026

CRITICAL: Active Exploitation Hits Magento Stores via Mirasvit Cache Warmer Bug (CVE-2026-45247)

CISA added CVE-2026-45247, a CVSS 9.8 PHP object deserialization flaw in the Mirasvit Full Page Cache Warmer extension for Adobe Commerce and Magento, to its Known Exploited Vulnerabilities catalog after Imperva confirmed active unauthenticated RCE attacks against gaming and business storefronts in the US, UK, France, and Australia. Patch to version 1.11.12 or disable the extension immediately.

Read more
critical
CVE AdvisoryVulnerabilityJun 1, 2026

CRITICAL: WP Maps Pro Bug (CVE-2026-8732) Spawns Admin Accounts on 15,000 WordPress Sites

A CVSS 9.8 unauthenticated admin account creation flaw in the WP Maps Pro WordPress plugin (CVE-2026-8732) is under active mass exploitation. Wordfence blocked 2,858 attempts and Defiant blocked more than 3,600 within a single 24 hour window. The bug abuses a vendor-support shortcut to mint administrator accounts via an unauthenticated AJAX endpoint. All versions through 6.1.0 are vulnerable. Patch to 6.1.1 and hunt for rogue admins emailed support@flippercode.com.

Read more
critical
CVE AdvisoryVulnerabilityMay 22, 2026

CRITICAL: Cisco Secure Workload Hit With CVSS 10.0 REST API Flaw That Hands Over Site Admin

Cisco disclosed CVE-2026-20223, a maximum severity CVSS 10.0 flaw in Secure Workload that allows unauthenticated remote attackers to gain Site Admin privileges by sending crafted requests to internal REST API endpoints. The vulnerability crosses tenant boundaries on both SaaS and on-premises deployments, has no workarounds, and is fixed in releases 3.10.8.3 and 4.0.3.17.

Read more
critical
CVE AdvisoryVulnerabilityMay 18, 2026

CRITICAL: 18-Year-Old NGINX Rewrite Module Flaw Hits Active Exploitation in Days

A heap buffer overflow lurking in NGINX's ngx_http_rewrite_module since 2008 went from coordinated disclosure to active in-the-wild exploitation in roughly seventy-two hours. CVE-2026-42945 affects every release from 0.6.27 through 1.30.0 across both Open Source and Plus, can crash worker processes trivially, and can reach remote code execution on hosts where ASLR is disabled. Patches are available in NGINX 1.30.1 and 1.31.0.

Read more
critical
CVE AdvisoryVulnerabilityMay 17, 2026

CRITICAL: Cisco Catalyst SD-WAN CVE-2026-20182 Hits CVSS 10.0 with Active Exploitation by UAT-8616

Cisco patched CVE-2026-20182, a CVSS 10.0 authentication bypass in Catalyst SD-WAN Controller and Manager that lets an unauthenticated remote attacker gain administrative access via the vdaemon peering service on UDP/12346. CISA added the flaw to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of May 17, 2026. Threat cluster UAT-8616 is actively exploiting it. No workarounds, only patches.

Read more
critical
CVE AdvisoryVulnerabilityMay 12, 2026

CRITICAL: cPanel WHM Authentication Bypass CVE-2026-41940 Exploited for Two Months Before Patch

cPanel and WHM are bleeding root through CVE-2026-41940, a CVSS 9.8 CRLF-injection authentication bypass that has been exploited in the wild since late February 2026. The April 28 patch is available now, but attackers running automated campaigns from over 2,000 source IPs have been deploying a cross-platform Go backdoor on compromised hosts for two months. Patch immediately and assume breach on any internet-exposed unpatched server.

Read more
critical
CVE AdvisoryVulnerabilityMay 6, 2026

CRITICAL: Palo Alto PAN-OS Zero-Day Hands Attackers Root on Internet-Facing Firewalls (CVE-2026-0300)

CVE-2026-0300 is an unauthenticated buffer overflow in the PAN-OS User-ID Authentication Portal that grants root code execution on PA-Series and VM-Series firewalls. Palo Alto has confirmed limited in-the-wild exploitation against internet-exposed portals. CVSS scores 9.3 for internet-exposed deployments, 8.7 for trusted-network only. Patches roll out from May 13 through May 28, 2026.

Read more
critical
CVE AdvisoryVulnerabilityMay 2, 2026

CRITICAL: Google Patches CVSS 10 Gemini CLI Flaw That Turned CI Workspaces Into Free RCE

A maximum severity CVSS 10.0 flaw in Google Gemini CLI headless mode let any attacker who could drop a .gemini directory into a CI workspace execute code on the runner host. Tracked as GHSA-wpqr-6v78-jr5g, it is fixed in @google/gemini-cli 0.39.1 and 0.40.0-preview.3, plus run-gemini-cli action 0.1.22. Patch immediately and rotate any secrets reachable from affected pipelines.

Read more

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen TestingMSP Partner Program
Page 1 of 3Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.