Stay ahead of emerging threats with expert analysis from 137 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Tuesday, June 9, 2026, the most urgent items for production stacks: the "Miasma" worm has detonated across 73 Microsoft-owned GitHub repositories in an npm supply-chain cascade — a software supply-chain attack means malicious code is planted in a trusted package your developers already install, so it spreads automatically into everything that depends on it — making any team that pulls JavaScript packages from npm a potential downstream victim; audit your dependencies and pin trusted versions now. The Cisco Catalyst SD-WAN Manager zero-day CVE-2026-20245 remains under active exploitation with no patch available yet — restrict management-interface access and watch Cisco's advisory for the fix. Cisco Unified Communications Manager flaw CVE-2026-20230 hands attackers root through a server-side request forgery (SSRF) bug — a server tricked into making attacker-controlled requests — and a working proof-of-concept exploit is already public, so patch now. The Mirasvit Cache Warmer bug CVE-2026-45247 is being used for active remote code execution (RCE — running attacker code on your server) against Magento e-commerce stores. Still carrying forward: the HTTP/2 "Bomb" CVE-2026-49975 lets a single home connection knock NGINX, Apache, IIS, and Cloudflare web servers offline; Palo Alto GlobalProtect authentication-bypass CVE-2026-0257 remains on the CISA Known Exploited Vulnerabilities (KEV) catalog under active exploitation; and the WP Maps Pro WordPress flaw CVE-2026-8732 is still spawning rogue administrator accounts across roughly 15,000 sites. If your business pulls npm packages, or runs Cisco SD-WAN or Unified CM, Magento, a public web server, Palo Alto GlobalProtect, or WordPress with WP Maps Pro, these advisories require action now — start with the article-level remediation steps below.
A second supply chain attack on Trivy compromised 75 GitHub Actions tags and spawned a credential-stealing worm across 47 npm packages. Check your CI pipeline.
Critical authentication bypass in Veeam Backup & Replication allows attackers to delete backup repositories without credentials.
Read moreCritical VMware ESXi flaw lets attackers escape guest VMs and execute code on the hypervisor. If you run ESXi, this needs immediate patching.
Read moreSophisticated iOS exploit kit chains six vulnerabilities including three zero-days to achieve complete device takeover. Multiple threat actors including Russian espionage groups and commercial surveillance vendors observed using DarkSword against targets in Ukraine, Saudi Arabia, and Turkey.
Read moreNine critical vulnerabilities in budget IP KVM switches from GL-iNet, Angeet, Sipeed, and JetKVM allow unauthenticated code execution and hardware-level access.
Read moreCISA added CVE-2025-47813 (info disclosure) to KEV, used to enhance CVE-2025-47812 (CVSS 10.0 RCE) exploitation. Attackers chain both flaws for reliable remote access. Wing FTP patches available since May 2025. Federal deadline: March 30.
Read moreGoogle patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 implementation flaw), both actively exploited. Third Chrome zero-day emergency in 2026. Update to 146.0.7680.75/76 immediately.
Read moreCVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure.
Read moreA critical arbitrary file read vulnerability in Jenkins allows attackers to extract credentials, API keys, and secrets from CI/CD pipelines.
Read moreA critical authentication bypass in Citrix NetScaler Gateway and ADC allows attackers to access protected resources without valid credentials.
Read moreSonicWall discloses a critical pre-authentication RCE vulnerability affecting SMA and SonicOS products.
Read moreA critical RCE vulnerability in Atlassian Confluence is being mass-exploited by multiple threat actors.
Read moreIvanti discloses another actively exploited zero-day chain in Connect Secure VPN appliances. CVE-2026-0778 and CVE-2026-0779 allow unauthenticated attackers ...
Read moreA critical vulnerability in Microsoft Teams allows attackers to deliver malware through specially crafted meeting invitations.
Read moreNation-state attackers are actively exploiting a critical zero-day in Palo Alto GlobalProtect VPN to breach defense contractors. If you run GlobalProtect, apply the emergency patch now or isolate affected systems from the network immediately.
Read moreQualys discovered nine vulnerabilities in AppArmor affecting 12.6 million Linux servers. CrackArmor enables unprivileged users to achieve root via confused deputy attacks, bypass container isolation, defeat KASLR, and manipulate security policies. All kernels since 4.11 affected.
Read moreCISA added CVE-2025-68613 to KEV after confirming active exploitation of n8n automation platform. Five critical RCE vulnerabilities (CVSS 9.4-9.5) allow credential theft via encryption key extraction. 24,700 instances exposed. Federal deadline: March 25, 2026.
Read moreSentinelOne documents campaign targeting FortiGate appliances to extract AD/LDAP credentials. Attackers exploit CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858, decrypt config files, and harvest NTDS.dit. Healthcare, government, and MSPs are primary targets.
Read moreJFrog discovered malicious npm package @openclaw-ai/openclawai deploying GhostLoader RAT on macOS. The 11,700-line infostealer harvests Keychain, browser credentials, crypto wallets, SSH keys, cloud creds, and enables browser session cloning. 178 developers compromised.
Read moreIranian APT MuddyWater deploys Dindoor backdoor against US banks, airports, and defense contractors using Deno JavaScript runtime. Detect and defend.
Read moreOur CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.
Subscribe to our newsletter and get the latest security insights delivered to your inbox.
