9:18 pm – June 15, 2026 The cybersecurity landscape continues to be a battleground of innovation and exploitation, with attackers consistently finding new ways to leverage existing vulnerabilities and emerging technologies. This week’s recap highlights a series of concerning trends, from actively exploited zero-days in widely used software to the sophisticated abuse of phishing kits and…
Palo Alto Networks VPN vulnerability, identified as CVE-2026-0257, is being actively exploited by an unknown threat actor to gain unauthorized access to GlobalProtect portals. The critical authentication bypass flaw, which affects the portal and gateway components of PAN-OS software, carries a CVSS score of 7.8 and allows malicious actors to…
Splunk has issued critical security updates to address CVE-2026-20253, a severe vulnerability in Splunk Enterprise that allows unauthenticated users to perform arbitrary file operations and potentially achieve remote code execution. Rated 9.8 on the CVSS scoring system, the flaw presents a significant risk to enterprise environments utilizing the affected software.…
U.S. law enforcement agencies, in collaboration with international partners, have seized multiple internet domains alleged to have hosted nonconsensual AI-generated pornography. The operation targeted websites that specialized in creating and distributing digitally altered images and videos of women without their consent. The domains, CFAKE.com and SOCFAKE.com, are accused of publishing…
Cybersecurity researchers have unveiled a novel attack technique, dubbed “Agentjacking,” that subverts artificial intelligence (AI) coding agents, compelling them to execute arbitrary code on developer workstations. This groundbreaking vulnerability exploits a fundamental architectural weakness at the intersection of error tracking platforms and AI agents, potentially granting attackers unfettered access to…
The cybercriminal group ShinyHunters has been actively exploiting a critical vulnerability in Oracle PeopleSoft, a widely used enterprise resource planning (ERP) system. This zero-day exploit, identified as CVE-2026-35273, allows attackers to gain unauthorized access, exfiltrate sensitive data, and then demand ransom payments to prevent its public release. The campaign has…
Research & Analysis
More Articles
A critical command injection vulnerability affecting Array Networks AG Series secure access gateways has been actively exploited in the wild since August 2025. The exploitation targets the DesktopDirect feature, a remote desktop access solution, allowing malicious actors to execute arbitrary commands on compromised systems. This widespread exploitation poses a significant…
The Gulf Cooperation Council (GCC) is nearing a significant agreement to establish a unified civil aviation authority. This move aims to standardize regulations and enhance cooperation across the region’s rapidly expanding aviation sector, paving the way for greater efficiency and safety. The proposed authority is expected to address emerging challenges…
China-nexus threat groups are actively exploiting a newly disclosed vulnerability in React Server Components, dubbed “React2Shell,” just hours after its public release. The critical flaw, identified as CVE-2025-55182, allows unauthenticated attackers to execute arbitrary code on the server-side of web applications. Early observations indicate widespread scanning of internet-facing React and…
Sen. Mark Kelly, D-Ariz., is advocating for robust safeguards and ethical considerations in artificial intelligence development, emphasizing that U.S. AI systems must embody American values. Speaking Thursday at the Center for American Progress think tank, Kelly stressed the need for significant investment in AI infrastructure, including data centers, water, and…
Intellexa remotely accessed customer systems with Predator spyware, investigation reveals.
By News RoomLeaked training materials suggest that Intellexa maintained the ability to remotely access systems of clients using its Predator spyware, raising significant human rights concerns, according to an investigation published Thursday. This revelation comes amidst a cascade of new research shedding light on the spyware vendor’s operations. The findings about Intellexa’s…
Officials warn of ongoing, expansive Chinese espionage threat utilizing Brickstorm malware
By News RoomCybersecurity authorities revealed Thursday details about the sophisticated Brickstorm campaign, a suspected China state-sponsored espionage operation that has been active since at least 2022. Google previously flagged the campaign in September, and a joint analysis from the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency, and the Canadian…
A sophisticated new iOS zero-day exploit chain has been identified, leveraging multiple previously unknown vulnerabilities. This chain, attributed to the mercenary spyware vendor Intellexa, enables discreet device surveillance of high-risk individuals, including civil society members and political targets. The operation highlights the ongoing use of advanced exploitation techniques, particularly browser…
A sophisticated phishing operation, impersonating India’s Income Tax Department, has been actively targeting Indian companies since November 2025. This campaign leverages highly convincing government communication templates, bilingual messaging in Hindi and English, and references to the Income Tax Act to instill a sense of legitimacy and urgency. The emails falsely…
Cybercriminals are exploiting the popular Foxit PDF Reader in a new campaign, dubbed ValleyRAT, to gain system control and steal sensitive data. Threat actors are disguising malicious files as legitimate recruitment documents, targeting job seekers through deceptive email messages containing fake job offers. This sophisticated social engineering tactic leverages the…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued five critical Industrial Control Systems (ICS) advisories, highlighting significant security threats affecting operational technology networks worldwide. Released on December 2, 2025, these advisories detail vulnerabilities and active exploits within systems crucial for manufacturing, power generation, and medical device operations, underscoring the…
Threat actors are actively exploiting a critical remote code execution vulnerability in the Sneeit Framework WordPress plugin, putting thousands of websites at immediate risk. The vulnerability, identified as CVE-2025-6389, carries a severe CVSS score of 9.8 and affects versions 8.3 and earlier of the plugin, which is used in approximately…
Sophisticated hackers are increasingly weaponizing legitimate security tools for malicious purposes, a trend highlighted by the exploitation of Velociraptor, a popular Digital Forensics and Incident Response (DFIR) tool. Attackers are leveraging Velociraptor to establish stealthy Command and Control (C2) channels, allowing them to execute commands and maintain persistent access within…