Cybersecurity News
Today
Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. [...]
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]
China-linked JDY botnet expands targeting of U.S. military networks
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]
The 5 Best Practices for Secure Identity Verification
Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security. [...]
Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]
Microsoft: Some Windows PCs fail to install latest monthly updates
Microsoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. [...]
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. [...]
Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. [...]
Anthropic rolls out Claude Fable 5, but it's available for a limited time
Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...]
Yesterday
Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
[...]
ServiceNow discloses security incident exposing customer data
ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]
OpenClaw AI agent found falling for phishing attacks, spills user data
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]
SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]
Microsoft releases Windows 10 KB5094127 extended security update
Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...]
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...]
Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day vulnerabilities and one actively exploited in attacks. [...]
Windows 11 KB5094126 & KB5093998 cumulative updates released
Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
XBOW tests Anthropic's Mythos Preview for offensive security
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...]