Risk
-
Cisco patches critical SD-WAN Controller flaw after limited exploitation
Cisco said a critical authentication bypass in Catalyst SD-WAN Controller, CVE-2026-20182, was exploited in limited attacks. The flaw can let a remote attacker gain administrative access and alter SD-WAN network settings.
-
Malicious node-ipc versions found stealing cloud and developer secrets
Three malicious node-ipc npm versions were found stealing developer and cloud secrets, according to a technical analysis by Socket. The code targets dozens of credential types and uses a direct exfiltration path to a fake Azure domain.
-
Ghostwriter targets Ukrainian government entities in fresh phishing campaign
Ghostwriter has been tied to new attacks on Ukrainian government entities since March 2026, using malicious PDFs, geofencing checks and a JavaScript version of PicassoLoader to deliver Cobalt Strike, according to an ESET technical analysis.
-
PraisonAI flaw was probed within hours of public disclosure
PraisonAI was probed within hours of a disclosed authentication bypass, according to Sysdig. The flaw affects versions 2.5.6 through 4.6.33 and was patched in 4.6.34.
-
Two new Windows zero-days expose BitLocker and CTFMON flaws
A technical disclosure says two new Windows zero-days can bypass BitLocker in recovery mode and may enable privilege escalation in CTFMON, adding to a recent run of Microsoft security issues.
-
New Fragnesia Linux flaw can grant root access, researchers say
Fragnesia is a new Linux kernel local privilege escalation flaw that can grant root access, according to a technical analysis. The issue affects the XFRM ESP-in-TCP subsystem and has prompted advisories from multiple Linux distributions.
-
NGINX flaw left hidden for 18 years could allow remote code execution
A critical NGINX rewrite module flaw hidden for 18 years can let a remote attacker trigger code execution or denial of service with crafted requests, according to a technical analysis and vendor advisory.
-
MuddyWater hackers targeted South Korean electronics maker in broad espionage campaign
MuddyWater targeted at least nine organizations in a cyberespionage campaign that included a major South Korean electronics maker, government agencies and an airport, according to Symantec. The group used DLL sideloading, PowerShell and other legitimate tools.
-
Critical Exim flaw can let remote attackers run code on affected servers
A critical Exim flaw fixed in version 4.99.3 could let unauthenticated attackers execute code on affected mail servers. The bug affects some GnuTLS-based builds before 4.99.3 and is triggered during TLS shutdown with chunked SMTP traffic.
-
Researchers say GemStuffer abused more than 150 RubyGems to store scraped council data
Researchers said GemStuffer abused more than 150 RubyGems packages to store scraped data from U.K. council portals, using the registry as an exfiltration channel and raising questions about package registry abuse.
