24h | 7d | 30d

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

22 May 2026
Published
02 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
3.22%

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 8 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

📰 CISA Adds Actively Exploited SharePoint RCE Flaw to KEV Catalog, Mandates Urgent Patching

⚠️ CISA adds high-severity SharePoint RCE flaw (CVE-2026-45659) to its KEV catalog due to active exploitation! Authenticated attackers can execute code. Federal agencies must patch by July 4. #SharePoint #CyberSecurity #PatchNow

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 1
  • 22h ago
Profile picture fallback

DHS Confirms HSIN Breach: Inside the Hack That Hit America’s Homeland Security Coordination Platform Weeks Before the World Cup Final

DHS confirms a breach of HSIN, its SharePoint-linked intelligence network. Technical analysis of CVE-2026-45659, World Cup exposure, and the 2023 precedent

thecybersecguru.com/news/hsin-

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback

OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
CVE-2026-45659 SharePoint RCE was omitted from May Patch Tuesday bulletin and is being exploited, requiring verification and urgent patching for pre-May 21, 2026 on-prem systems.
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
CISA says CVE-2026-45659 is being actively exploited in Microsoft SharePoint, enabling remote code execution on unpatched servers. Microsoft has released fixes, and the flaw is now in CISA's Known Exploited Vulnerabilities Catalog. #CISA #SharePoint
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
🛡️ CVE-2026-45659 | #CISA ordena parche urgente para Microsoft #SharePoint: #Vulnerabilidad de Ejecución Remota de Código Falla crítica de ejecución remota de código en explotación activa. ¡Actualiza #urgente! www.newstecnicas.com/2026/07/cisa...
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Today’s threat brief 2026-07-03: The immediate action item is SharePoint CVE-2026-45659. CISA KEV deadline is July 4. Treat exposed/on-prem SharePoint as a compromise-assessment job, not just a patch ticket. #Cybersecurity #ThreatIntel #AI
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • NetScaler
  • ADC

30 Jun 2026
Published
30 Jun 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.50%

KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

Statistics

  • 4 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Citrix NetScaler vulnerability CVE-2026-8451 is exploited in the wild after a public PoC exposed a pre-auth memory overread. Patch now.

securityonline.info/citrix-net

  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback

📰 CitrixBleed-Like Flaw (CVE-2026-8451) Exploited Within 24 Hours

New CitrixBleed-like flaw CVE-2026-8451 in NetScaler is being exploited in the wild less than 24 hours after disclosure! The bug can leak sensitive memory. Patch and terminate all sessions NOW. 🚨 #Citrix #NetScaler #CyberSecurity #CVE

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ne

  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback

This Week in Security: Windows 10 Gets Another Year, SmartTV Botnets, Hiding Payloads, and LastPass Customer Leak

Unsurprisingly to many of us, app stores for smart televisions are also trash. Perhaps even more full of trash than other app stores due to the smaller ecosystem and fewer reviewers.

Spur analyzed the LG smart TV app store, and found that almost half of the apps available contain proxy software, turning your TV into a node in their proxy network. Are these apps malware? Many of the analyzed apps provided a thin veneer of user consent: they offer you the tradeoff of seeing an ad every 15 seconds, or allowing their “occasional web indexing” to run permanently in the background. Watch the fishtank app for five minutes, join their proxy network for life.

Spur notes that the proxy SDK in use appears to block connections to private network ranges (internal IP ranges like 192.168.x.x and 10.x.x.x), but that the SDK restricting access to those ranges is the only protection against accessing whatever network the TV is connected to.

Amazon and Roku ban proxy apps on their devices. Samsung and LG do not.

Win 10 Security Updates Extended


Microsoft has added another year of security updates to Windows 10. Despite trying to kill the platform, so many users remain on Windows 10 that Microsoft likely has no choice.

The extended support program was previously due to end in October 2026 but has now been pushed to October 2027. The security updates will be available for free in the UI, but users in other regions must activate OneDrive and sync system settings, or pay 1000 Microsoft credits (about $30).

The death of Windows 10 is near, but for those unwilling or unable to let go, it shuffles along.

Signal Phishing Attempts


Bleeping Computer has an article about increased phishing attempts from hacker groups in Russia targeting Signal users.

The phishing messages target politicians, government officials, military, and other high-profile intelligence targets, and claim that Signal is introducing mandatory two-factor authentication, before prompting the target to enable remote Signal backups. A second follow-up phishing attempt then prompts the user to copy the backup authentication tokens from Signal and provide them to the attacker.

Signal remote backups are a relatively recent addition to the messenger, making a backup on the Signal servers of a users messages and images, encrypted with a key known only to the user. While convenient, and likely fundamentally secure given the track record of the Signal team, this phishing campaign highlights a major weakness: once private content is accessible somewhere else, an attacker simply needs to obtain the keys to access it, which is significantly simpler than obtaining the message content directly from the victims phone.

Payloads in WiFi and LoRa


Sasha Romijn presented an excellent talk at OrangeCon on embedding attack payloads in unusual places.

Sasha found poor input handling of content from DNS servers, TLS certificates, server headers, DHCP host names, LoRa Mesh node names, WiFi network names, and more. In many cases, it seems to be as simple as embedding JavaScript or CSS inside a string; many sites and utilities don’t sanitize against escaped HTML, and the standards allow it.

They then go on to demonstrate more serious impacts, such as compromising the management accounts of two Europe-based hosting providers by injecting content into TLS certificates, and gaining root on some OpenWRT devices via a WiFi SSID which loads a hostile JavaScript into the LUCI web management interface, which then uses the web management system to install a backdoor root shell.

Sasha continues the tour-de-exploits by demonstrating multiple cross-site scripting injections into the Ripe NCC database which then allow browser manipulation of users on the RIPE website. This has enormous implications, because Ripe NCC is the Internet allocation organization for Europe and the Middle East: the company who assigns and manages IP address blocks.

Be sure to check out the full presentation, and let this be a lesson to always treat all data as hostile, even from what would seem to be your own services!

Collecting Boot Console Info


One of the first steps in getting access to an embedded device is to look for a serial port, or serial port test points. Often this can give an idea what sort of code is running on the system, and in some cases, give direct access via the boot loader or a Linux login console.

Boot Intel is a web-based tool to automate scraping boot messages from embedded devices, looking for exposed logins and vulnerable services. Boot Intel can take pasted boot logs, or directly connect to the device via WebSerial.

While Boot Intel is a paid service, there is a free version for hackers to explore devices.

CitrixBleed, again


watchTowr Labs is back with another excellent write-up on CitrixBleed, continuing the trend of memory leaks in Citrix Netscaler devices.

This collection of vulnerabilities allow leaking internal memory from the Citrix servers, which can expose logs, customer data, encryption keys, or anything else found in server memory. Netscaler devices offer SSL offloading, application acceleration, VPN and remote access, and load balancing; all installations where leaking memory is likely very bad.

The watchTower write-up maintains their trend of providing entertaining reads about highly technical topics. Do yourself a favor and be sure to give it a look!

Bits and Bytes


LastPass marketing partner Klue was compromised this week, impacting the customer data of multiple companies. Customer data such as email, phone numbers, addresses, and support tickets were exposed, however the LastPass vaults themselves were not impacted. While LastPass has revoked access to the impacted partner, the stolen data could assist phishing attacks against customers.

The open source self-hosted video sharing platform PeerTube has released an emergency update which addresses multiple vulnerabilities. While the release notes quote “medium to high severity” vulnerabilities, there are no specific details. If you run a PeerTube server, upgrade now!

Both Apple AirDrop and Google Quick Share have new vulnerabilities reported this week, with fixes coming soon. Both protocols are designed to allow file sharing to nearby devices, and accordingly, the issues found on them can be triggered on nearby devices. Researchers were able to find six vulnerabilities in macOS, iOS, Windows, and Android implementations of the sharing protocols. All of the discovered vulnerabilities led to crashes, but not full exploit and code execution. Sustained denial of service attacks were possible however, with nearby attackers able to keep the services unreachable and unusable for the duration.

hackaday.com/2026/07/03/this-w…

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Citrix NetScaler ADC and Gateway: CVE-2026-8451 and HTTP/2 DoS Vulnerabilities https://www.securityweek.com/citrix-patches-netscaler-vulnerabilities-including-new-http-2-bomb-attack https://flagthis.com/newsletter/2026/07/02/tldr/4628 ##Citrix ##NetScaler ##ZeroDay ##DoS ##Vulnerability
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • langflow-ai
  • langflow

07 Apr 2025
Published
23 Jun 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
99.97%

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Statistics

  • 3 Posts
  • 4 Interactions

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Un agent d'IA va encadenar sol tota una campanya d'extorsió -accés via Langflow (CVE-2025-3248), robatori de credencials, moviment lateral- i va xifrar/esborrar dades de configuració sense guardar la clau per desencriptar-les. Un autèntic agent del caos. www.sysdig.com/blog/jadepuf...
  • 0
  • 4
  • 0
  • 9h ago
Profile picture fallback
Sysdig researchers identified what they describe as the first observed agentic ransomware attack, in which the AI-powered malware JadePuffer exploited a Langflow RCE vulnerability (CVE-2025-3248) to compromise a production server, steal credentials, and encrypt 1,342 Nacos configuration entries.
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
JadePuffer exploited CVE-2025-3248 in Langflow to use an LLM for recon, secret theft, and persistence, then pivoted to a production server, abusing Nacos before encrypting config data and dropping an extortion note. #Langflow #Nacos #Ransomware
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Oracle Corporation
  • Oracle Payments

28 May 2026
Published
29 May 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.68%

KEV

Description

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 3 Posts

Last activity: 8 hours ago

Fediverse

Profile picture fallback

Oracle E-Business Suite under attack via critical flaw before exploit code emerged

1ban.news/oracle-ebs-attack-cv
#1ban #oracle #ebs #attack #cve #tech

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture fallback
Critical Unauthenticated Remote Takeover in Oracle E-Business Suite CVE-2026-46817 https://www.cybersecuritydive.com/news/critical-flaw-oracle-e-business-suite-threat/824230 https://flagthis.com/newsletter/2026/07/02/tldr/4497 ##Oracle ##ZeroDay ##ERP ##DataBreach ##VulnerabilityAnalysis
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
950 Oracle E-Business Suite Instances Exposed as CVE-2026-46817 Attacks Observed in the Wild https://gbhackers.com/950-oracle-e-business-suite-instances-exposed/
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • KongHQ
  • mcp-konnect

03 Jul 2026
Published
03 Jul 2026
Updated

CVSS v3.1
HIGH (7.4)
EPSS
Pending

KEV

Description

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

CVE-2026-13341 - Unauthorized access in Kong Konnect MCP server. Indirect prompt injection could lead to unintended API requests. CVSS 7.4. No patch yet. Monitor and mitigate immediately. #CVE #Kong #infosec

valtersit.com/cve/CVE-2026-133

  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback

KongHQ mcp-konnect (<1.0.0) has a HIGH severity flaw (CVE-2026-13341, CVSS 7.4) allowing remote prompt injection with risk to confidentiality. No patch — monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • WatchGuard
  • Fireware OS

02 Jul 2026
Published
02 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
Pending

KEV

Description

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that have a Mobile VPN with IKEv2 configured to use an external LDAP authentication server. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture fallback

CVE-2026-13368 (CRITICAL, CVSS 9.2): WatchGuard Fireware OS LDAP auth flaw in Mobile VPN with IKEv2 allows remote code execution (iked process). Disable affected configs or restrict access until patch. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback

WatchGuard Firebox vulnerabilities include a critical unauthenticated RCE (CVE-2026-13368, CVSS 9.2) plus six more Fireware OS flaws. Patch now.

securityonline.info/watchguard

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • NetScaler
  • ADC

17 Jun 2025
Published
26 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
99.90%

Description

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Statistics

  • 2 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Anubis affiliates gained initial access by exploiting Citrix Bleed 2 (CVE-2025-5777) and then used legitimate remote tools for lateral movement and control.
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • cursor
  • cursor

25 Jun 2026
Published
25 Jun 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.64%

KEV

Description

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which could cause the sandbox to include writable paths outside the intended workspace. A malicious agent could set working_directory to a sensitive location and write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Fediverse

Profile picture fallback

DuneSlide (CVE-2026-50548/50549): CRITICAL zero-click RCE in Cursor AI editor <3.0. Flaws in sandbox & symlink handling enable attackers to escape IDE, compromise OS. Upgrade to v3.0+ now. radar.offseq.com/threat/critic

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture fallback
Critical Cursor AI editor flaws, CVE-2026-50548 and CVE-2026-50549, can trigger OS-level remote code execution outside the IDE sandbox. Patched in Cursor 3.0. #Cursor #CatoNetworks #DuneSlide
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • wolfSSL
  • wolfSSL

25 Jun 2026
Published
26 Jun 2026
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
0.13%

KEV

Description

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating party could fail to detect a manipulated ciphertext and proceed without the standard's required implicit rejection.

Statistics

  • 2 Posts
  • 16 Interactions

Last activity: 21 hours ago

Fediverse

Profile picture fallback

24 June 2026: IETF TLS WG chairs call another vote on allowing ECC to be dropped from ECC+ML-KEM. cve.org/CVERecord?id=CVE-2026- is dated 25 June 2026. Nothing to see here, that's the last ML-KEM bug ever, just bad timing, move along now.

  • 4
  • 6
  • 0
  • 21h ago
Profile picture fallback

Wasn't someone saying a moment ago that ML-KEM is super-easy to implement correctly? How do we explain cve.org/CVERecord?id=CVE-2026-, then? Offhand I'd think this one isn't exploitable, but we'll see more and more ML-KEM bugs, and some of them will be severe vulnerabilities.

  • 3
  • 3
  • 0
  • 21h ago

Overview

  • Adobe
  • ColdFusion

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
1.02%

KEV

Description

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Statistics

  • 2 Posts

Last activity: 12 hours ago

Fediverse

Profile picture fallback

A critical CVSS 10 ColdFusion arbitrary code execution flaw (CVE-2026-48282) is actively exploited in the wild. Update immediately to prevent attacks.

securityonline.info/coldfusion

  • 0
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
~Watchtowr~ Adobe ColdFusion APSB26-68 patches 11 CVEs including multiple RCE and arbitrary file read/write via RDS and CKEditor path traversal. - IOCs: CVE-2026-48282, CVE-2026-48276, CVE-2026-48313 - #CVE #ColdFusion #RCE #ThreatIntel
  • 0
  • 0
  • 0
  • 20h ago
Showing 1 to 10 of 45 CVEs