Vulnerabilities
-
CISA warns of actively exploited Joomla editor flaw rated maximum severity
CISA added a maximum-severity Joomla content editor flaw to its known exploited vulnerabilities list, citing active abuse. The bug affects JCE versions up to 2.9.99.4 and was fixed in June 2026.
-
Google Vertex AI SDK flaw let attackers hijack model uploads and run code
A flaw in Google’s Vertex AI SDK for Python let attackers hijack model uploads through a predictable bucket name and run code in Google’s serving environment. Google patched the issue, and researchers said they saw no exploitation in the wild.
-
CISA flags LiteSpeed cPanel plugin flaw in Known Exploited Vulnerabilities catalog
CISA has added a LiteSpeed cPanel Plugin privilege escalation flaw to its Known Exploited Vulnerabilities catalog and set a June 18 deadline for federal agencies to patch. The issue can let a user with FTP or web shell access gain root on some shared hosting servers.
-
SimpleHelp bug lets attackers create rogue technician accounts
A critical SimpleHelp flaw lets unauthenticated attackers create privileged technician accounts on OIDC-enabled servers. The bug affects version 5.5.15 and older, along with 6.0 pre-release builds, and was fixed on June 9.
-
Microsoft 365 Copilot flaw could expose emails and files with one click
Researchers said a single click on a Microsoft link could expose emails, calendar data and indexed files from Microsoft 365 Copilot Enterprise Search through a three-bug chain called SearchLeak.
-
Malicious WordPress scripts in three popular plugins exposed more than 1.2 million sites
Malicious JavaScript in WordPress plugins PushEngage, OptinMonster and TrustPulse exposed more than 1.2 million sites to possible takeover when a logged-in administrator loaded the script, according to a Sansec technical analysis.
-
Palo Alto says PAN-OS flaw is under active exploitation
Palo Alto Networks said it has seen active exploitation of a PAN-OS authentication bypass flaw, CVE-2026-0257, in limited attacks against GlobalProtect portals. The company published indicators and urged customers to review logs for signs of abuse.
-
China-linked JDY botnet grows to more than 1,500 devices, researchers say
Researchers say the China-linked JDY botnet has grown to more than 1,500 compromised SOHO and IoT devices and is being used to scan exposed services and collect reconnaissance data for follow-on targeting.
-
Unpatched Langflow flaw under active exploitation, researchers say
An unpatched Langflow flaw tracked as CVE-2026-5027 is being actively exploited, researchers say. The bug can allow arbitrary file writes, and about 7,000 instances are exposed online.
-
ServiceNow says flaw was exploited to query customer instance tables
ServiceNow said a flaw in its platform was exploited to query tables in a subset of customer instances. The company applied a security update on June 5, 2026, and said impacted customers were notified.
