Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
CISA Confirms Active RCE Exploits Targeting PTC Windchill and FlexPLM
On June 25, 2026, CISA added vulnerability CVE-2026-12569 (CVSS 9.3) to the Known Exploited Vulnerabilities catalog, confirming active exploitation in ...
CVE-2026-20245: Zero-Day Attack on Cisco Catalyst SD-WAN Analyzed
The CVE-2026-20245 (CVSS 7.8) vulnerability in Cisco Catalyst SD-WAN was exploited by an unknown attacker at least two months before ...
DirtyClone Linux Kernel Vulnerability Enables Stealthy Root Escalation
The CVE-2026-43503 vulnerability (CVSS 8.8), dubbed DirtyClone, allows a local user to corrupt file contents in the Linux kernel page ...
Mini Shai-Hulud/Miasma npm campaign expands to Go and CI/CD secrets
Security researchers from several companies have recorded a new wave of supply chain attacks linked to the Mini Shai-Hulud, Miasma, ...
Node.js TonRAT campaign abusing Calendly in hotel phishing
Since April 2026, an active phishing campaign has been targeting hotel organizations in Europe and Asia, using archives with “photos” ...
Lantronix EDS5000 and Ubiquiti UniFi OS Exploited, CISA Warns
On June 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to the Known Exploited Vulnerabilities ...
CVE-2026-20230 in Cisco Unified CM: SSRF to Root Exploit
A critical vulnerability CVE-2026-20230 (CVSS 8.6) has been discovered in Cisco Unified Communications Manager and Unified CM Session Management Edition. ...
How a Fake Skill Bypassed Scanners in AI Agent Marketplaces
The company AIR Security conducted an experiment that demonstrated a structural vulnerability in the skill ecosystem for AI agents: a ...
CSIS allowed to remotely clean Canadian routers and IoT botnets
The Federal Court of Canada has published a redacted version of a ruling confirming that the Canadian intelligence service CSIS ...
JFrog uncovers PostCSS npm typosquats installing a modular Windows RAT
JFrog researchers discovered three malicious npm packages — aes-decode-runner-pro, postcss-minify-selector and postcss-minify-selector-parser — that masquerade as legitimate build tools and ...