Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and… Read More »China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities… Read More »CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.… Read More »Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet… Read More »Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the… Read More »Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer… Read More »Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products,… Read More »Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. “On June 5, 2026, ServiceNow applied a… Read More »ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. “The exploit is a… Read More »Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE)… Read More »Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS