Vendors
-
Malicious npm package targets OpenAI Codex users and steals authentication tokens
Researchers say a malicious npm package and related Android apps targeted OpenAI Codex users, stealing local authentication tokens and sending them to an attacker-controlled server, with the package drawing more than 29,000 weekly downloads.
-
WordPress WP Maps Pro flaw under active attack, 2,858 attempts blocked
A critical WP Maps Pro flaw is being actively exploited to create WordPress administrator accounts, with Wordfence blocking 2,858 attacks in 24 hours. The issue affects versions through 6.1.0 and was fixed in 6.1.1.
-
Palo Alto PAN-OS flaw under active exploitation as limited attacks reported
Palo Alto Networks said an authentication bypass in PAN-OS and Prisma Access is under active exploitation, with limited attempts seen against unpatched devices. The flaw can let attackers establish unauthorized VPN connections.
-
Google Chrome rolls out cookie theft protection for all users
Google said Chrome’s Device Bound Session Credentials feature is now generally available and rolling out to all users. The change is designed to bind session cookies to a device and make stolen cookies harder to reuse for account takeovers.
-
Microsoft urges coordinated disclosure after public zero-day releases
Microsoft said public disclosure of six Windows zero-days without prior notice put customers at risk, after exploit details surfaced over the past month and three of the flaws were later used in active attacks.
-
Microsoft patches SharePoint flaw that could let authenticated attackers run code
Microsoft has patched a SharePoint remote code execution flaw tracked as CVE-2026-45659, saying an authenticated attacker with Site Member access could exploit it. The update covers several SharePoint Server versions.
-
KnowledgeDeliver flaw used in zero-day attacks to deploy Godzilla web shell
A zero-day flaw in Digital Knowledge’s KnowledgeDeliver learning management system was used to deploy the Godzilla web shell and later Cobalt Strike Beacon. The issue stemmed from hard-coded ASP.NET machine keys and affected deployments before Feb. 24, 2026.
-
CISA adds exploited Langflow and Trend Micro flaws to vulnerability catalog
CISA added exploited flaws in Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities catalog on Thursday, citing active attacks. Federal civilian agencies must patch the issues by June 4, 2026.
-
Cisco patches maximum-severity flaw in Secure Workload
Cisco has patched a CVSS 10.0 flaw in Secure Workload that could let an unauthenticated remote attacker read sensitive data and make configuration changes. The company said it found the bug during internal testing and has seen no signs of abuse.
-
Microsoft says two Defender flaws are under active exploitation
Microsoft said two Defender vulnerabilities, including one that could lead to SYSTEM privileges, are under active exploitation. CISA has added both flaws to its known exploited list and set a June 3 deadline for federal agencies.
