6:00 pm – June 18, 2026 A recent cyber intrusion into a small French automotive business has highlighted a critical vulnerability in typical cybersecurity remediation strategies. French-speaking attacker known as “Poisson” employed a sophisticated tactic of establishing a secondary, covert access channel before his primary command-and-control (C2) server was taken offline. This ensured continued access to…
CISA issues alert on actively exploited Joomla JCE vulnerability enabling PHP code execution
By News RoomCISA Adds Critical Joomla Vulnerability to Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog. This move, announced on Tuesday, June 17, 2026, signifies that…
Threat actors are actively exploiting multiple security vulnerabilities within Fortinet FortiSandbox appliances, according to a recent advisory from cybersecurity firm Defused Cyber. The firm reported observing exploitation attempts for three specific vulnerabilities, CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, within a 24-hour period, highlighting an urgent need for organizations using these Fortinet products…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog. This designation mandates that Federal Civilian Executive Branch (FCEB) agencies must implement the necessary patches by June 18, 2026, to mitigate the risk…
Cisco has issued urgent security updates for a critical vulnerability affecting its Catalyst SD-WAN Manager, a widely used network management platform. This medium-severity flaw, identified as CVE-2026-20262, has been observed under active exploitation in the wild, prompting immediate action from affected organizations and government agencies. The vulnerability, which carries a…
Researchers at Obsidian Security have disclosed a critical vulnerability chain (CVSS 9.9) in LiteLLM, an open-source AI gateway, that allows a low-privilege account to achieve full server takeover and execute arbitrary code. This severe flaw, impacting how LiteLLM handles virtual API keys and custom guardrails, exposes sensitive provider keys, encrypted…
Research & Analysis
More Articles
As policymakers in the United States deliberate on the responsible development of artificial intelligence (AI) amidst global competition, major tech firms are actively expanding their AI capabilities in data centers worldwide. Microsoft has secured U.S. government approval to export advanced Nvidia AI chips to the United Arab Emirates (UAE), positioning…
A newly identified Visual Basic Script (VB Script) malware, dubbed PROMPTFLUX, has emerged, utilizing Google’s Gemini artificial intelligence (AI) model API to generate its own source code. Found by Google Threat Intelligence Group (GTIG), this experimental malware represents a significant development in the ongoing battle against sophisticated cyber threats that…
A pro-Iranian hacktivist group, Cyber Fattah, has allegedly published thousands of personal records online believed to be linked to athletes and visitors of the Saudi Games. The breach, announced on Telegram on June 22, 2025, reportedly involved the unauthorized access and exfiltration of sensitive data, including IT staff credentials, government…
Google’s AI cybersecurity tool, Big Sleep, has been instrumental in discovering five critical security vulnerabilities within Apple’s WebKit component, which powers the Safari web browser. These flaws, if exploited, could have led to significant security breaches including browser crashes and memory corruption. Apple has since released patches for these vulnerabilities…
Ferocious Kitten, an advanced persistent threat (APT) group linked to Iran, has been actively engaged in cyber-espionage since at least 2015, with a specific focus on targeting Persian-speaking individuals within Iran. This sophisticated group employs politically themed decoy documents to lure unsuspecting victims into executing malicious files, a tactic that…
SonicWall has officially confirmed that state-sponsored threat actors were responsible for a September security breach that resulted in the unauthorized exposure of their firewall configuration backup files. This revelation brings to light the sophistication of attacks targeting cybersecurity firms, underscoring the critical need for robust cloud security measures. SonicWall Confirms…
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
By News RoomFinancial organizations across Africa have been the target of sophisticated cyber attacks since at least July 2023, employing a blend of readily available and open-source tools for persistent access. Palo Alto Networks’ Unit 42 is tracking this campaign, known as CL-CRI-1014, and suggests the primary objective is to gain initial…
Cybersecurity researchers have uncovered four significant security vulnerabilities within Microsoft Teams that could have left users susceptible to severe impersonation and social engineering attacks. These flaws allowed attackers to manipulate conversations, impersonate colleagues, and exploit notification systems, potentially undermining the trust inherent in the widely used collaboration platform. Microsoft has…
A large-scale phishing attack targeting Meta’s Business Suite has compromised the login credentials of thousands of small and medium-sized businesses globally. Security researchers at Check Point identified approximately 40,000 malicious emails distributed to over 5,000 customers, primarily impacting sectors such as automotive, education, real estate, hospitality, and finance across the…
IDIS has announced the launch of its new Edge AI Plus PTZ cameras, significantly enhancing real-time surveillance and security capabilities for critical applications. These advanced cameras bring sophisticated artificial intelligence directly to the edge, promising improved detection and response in challenging environments, particularly within the Middle East security sector. The…
A potent new threat to Android users has emerged with the discovery of the KomeX Android RAT, advertised on underground hacker forums. This sophisticated piece of malware, built upon the notorious BTMOB RAT, offers a disturbing array of spying and device control capabilities, raising significant alarm within the cybersecurity community.…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant security flaws affecting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog. This action signals that these vulnerabilities are not just theoretical but are actively being exploited by malicious actors in the wild, posing…