3:43 pm – June 18, 2026 CISA issues alert on actively exploited Joomla JCE vulnerability enabling PHP code execution
By News RoomCISA Adds Critical Joomla Vulnerability to Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog. This move, announced on Tuesday, June 17, 2026, signifies that…
Threat actors are actively exploiting multiple security vulnerabilities within Fortinet FortiSandbox appliances, according to a recent advisory from cybersecurity firm Defused Cyber. The firm reported observing exploitation attempts for three specific vulnerabilities, CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, within a 24-hour period, highlighting an urgent need for organizations using these Fortinet products…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog. This designation mandates that Federal Civilian Executive Branch (FCEB) agencies must implement the necessary patches by June 18, 2026, to mitigate the risk…
Cisco has issued urgent security updates for a critical vulnerability affecting its Catalyst SD-WAN Manager, a widely used network management platform. This medium-severity flaw, identified as CVE-2026-20262, has been observed under active exploitation in the wild, prompting immediate action from affected organizations and government agencies. The vulnerability, which carries a…
Researchers at Obsidian Security have disclosed a critical vulnerability chain (CVSS 9.9) in LiteLLM, an open-source AI gateway, that allows a low-privilege account to achieve full server takeover and execute arbitrary code. This severe flaw, impacting how LiteLLM handles virtual API keys and custom guardrails, exposes sensitive provider keys, encrypted…
A critical vulnerability in Microsoft 365 Copilot Enterprise Search, dubbed “SearchLeak” by researchers, allowed attackers to potentially exfiltrate sensitive user data, including emails and calendar details, with a single click. This discovery highlights a new attack vector chaining together existing web vulnerabilities with an AI-specific weakness. Varonis Threat Labs researchers…
Research & Analysis
More Articles
A severe security flaw dubbed “Brash” has been discovered in the Chromium rendering engine, capable of crashing numerous popular Chromium-based browsers within seconds. Security researcher Jose Pino disclosed the details of this vulnerability, highlighting its potential to disrupt user experience and impact browser stability across a wide range of applications.…
Darktrace has announced the establishment of a new legal entity and a forthcoming office in Riyadh, Saudi Arabia, to bolster its presence in the Middle East and North Africa (MENA) cybersecurity market. This expansion signifies a strategic move to enhance its service capabilities and customer engagement within the Kingdom and…
A new high-severity security flaw affecting Broadcom VMware Tools and VMware Aria Operations has been officially added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog. This comes after reports emerged of the vulnerability, cataloged as CVE-2025-41244, being actively exploited in the wild by malicious…
A sophisticated new phishing campaign is actively targeting iPhone owners who have unfortunately lost their devices, leveraging their hope of recovery to steal valuable Apple ID credentials. The National Cyber Security Centre (NCSC) has reported multiple instances where victims receive alarming text messages claiming their lost or stolen iPhones have…
The Kingdom of Saudi Arabia has formally signed the UN Convention against Cybercrime (CAC), joining 64 other countries in endorsing the first global crime-fighting treaty focused on cyber offences. This strategic move aims to bolster international cooperation and enhance the Kingdom’s defence against evolving digital threats. The signing ceremony saw…
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
By News RoomCybersecurity researchers are highlighting a sophisticated new wave of credential phishing campaigns that leverage real-time validation to ensure stolen credentials belong to active, high-value online accounts. This precision-validating phishing approach significantly boosts the effectiveness of cyberattacks compared to traditional bulk distribution methods, as it focuses efforts on verified targets. This…
U.S. cybersecurity agencies, alongside international partners, have issued urgent guidance to bolster the defenses of on-premise Microsoft Exchange Server instances against escalating cyber threats. This proactive measure aims to prevent exploitation of vulnerabilities that have been actively targeted by malicious actors, particularly those organizations still operating older or misconfigured Exchange…
Muscat is significantly strengthening its cybersecurity defenses within the aviation sector through a new awareness campaign. This initiative aims to equip aviation professionals with the knowledge and tools to combat escalating cyber threats, ensuring the continued safety and integrity of air travel operations. The comprehensive campaign targets various levels within…
The cybersecurity landscape remains a volatile frontier, with advanced threats constantly challenging defenses. This past week has seen sophisticated cyberattacks leveraging an array of tactics, from exploiting zero-day vulnerabilities mere hours after discovery to employing deceptive social engineering schemes. Attackers demonstrated an alarming ability to infiltrate seemingly secure systems, bypass…
The U.K. Cyber Monitoring Centre (CMC) has officially classified the April 2025 cyber attacks that disrupted major retailers Marks & Spencer (M&S) and Co-op as a “single combined cyber event.” This designation, the first of its kind by the independent, non-profit body, underscores the sophisticated nature of the breaches and…
China-linked threat group exploits Lanscope zero-day vulnerability to compromise corporate systems
By News RoomA sophisticated cyber espionage group, identified as **Tick**, is actively exploiting a critical security flaw in Motex Lanscope Endpoint Manager. This vulnerability, tracked as CVE-2025-61932, allows attackers to execute arbitrary commands with SYSTEM privileges on affected on-premise installations. The exploitation has been confirmed by researchers, who have observed the group…
A Chinese national has been sentenced to over 11 years in prison for her role in one of the largest cryptocurrency fraud schemes to date. Zhimin Qian, 47, received an 11-year and eight-month sentence for possessing and transferring criminal property, stemming from a fraud investigation that impacted over 128,000 victims…