The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the
What is the Vulnerability? A critical vulnerability, CVE-2026-41089, affecting the Windows Netlogon service is now being actively exploited in the wild. The vulnerability was patched by Microsoft during the May 2026 Patch Tuesday release and was recently highlighted by the Centre for Cybersecurity Belgium (CCB) after observing active exploitation attempts targeting unpatched systems. Netlogon is…
What is the Vulnerability? Cisco has disclosed a critical security vulnerability, CVE-2026-20245, affecting Cisco Catalyst SD-WAN Manager and confirmed that it is being actively exploited in the wild. The vulnerability resides in the platform’s command-line interface (CLI) and allows an authenticated attacker with netadmin privileges to execute arbitrary commands as root on the underlying operating…
The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users. “They tried to trick people into clicking on…
The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker…
Monday again. The weekend was meant to be quiet. It wasn’t. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone…