Neue Woche, neues #Zero-Day Sicherheitsloch bei Cisco

Wie langweilig - oder sicher - wäre doch das Leben ohne Cisco! Die letzte Entdeckung ist gerade mal eine Woche her, da kommt der US-Hersteller Cisco mit der nächsten Sicherheitslücke CVE-2026-20262 um die Ecke, die bereits ausgenutzt wird! Wieder steckt sie im Catalyst SD-WAN Manager, wieder ist die Ursache "the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request...". Wenn es aussieht wie eine Ente, quakt wie eine Ente und watschelt wie eine Ente, ist es? Ja, auch diese Lücke stinkt nach

https://www.pc-fluesterer.info/wordpress/2026/06/16/neue-woche-neues-zero-day-sicherheitsloch-bei-cisco/

#0day #backdoor #closedsource #cybercrime #exploits #hersteller #sicherheit #UnplugTrump #usa #wissen

Cisco has confirmed that CVE-2026-20262, an arbitrary file write vulnerability in Cisco Catalyst SD-WAN Manager, is currently under active exploitation. CISA has added this flaw to its Known Exploited Vulnerabilities catalog and urges users to apply available security patches to prevent potential privilege escalation.
https://securityaffairs.com/193693/security/cve-2026-20262-cisco-catalyst-sd-wan-flaw-under-active-targeted-exploitation.html

🚨 CRITICAL: Cisco Catalyst SD-WAN Manager zero-day (CVE-2026-20262) exploited in the wild. Attackers w/ write access can escalate to root via crafted HTTP requests. Patch now & review access controls! https://radar.offseq.com/threat/cisco-patches-another-sd-wan-zero-day-exploited-in-e2c68ff5 #OffSeq #Cisco #ZeroDay #Vuln

CSUITE CRITICAL: Cisco Catalyst SD-WAN Manager CVE-2026-20262 is under active exploitation. Path traversal flaw allows unauthorized file access. Review our full forensic intelligence brief to secure your SD-WAN perimeter and prevent persistence. Act now. https://thecybermind.co/8bs2

#CiscoSecurity #CVE202620262 #CyberMindCo

CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager: insufficient file upload validation allows authenticated attackers to write arbitrary files and escalate privileges to root. Impacts all deployment models. Watch logs for...

https://captechgroup.com/about-us/threat-intelligence-center/cisco-sd-wan-flaw-cve-2026-20262-exploited-in-acti-323865?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=cisco-sd-wan-flaw-cve-2026-20262-exploited-in-active-attacks

Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. https://www.securityweek.com/cisco-patches-another-sd-wan-zero-day-exploited-in-attacks/

Active exploitation verified by CISA: CVE-2026-54420 exposes LiteSpeed cPanel environments to critical symlink privilege escalation. Threat actors are actively breaching shared hosting isolation. Read the full high-authority C-Suite briefing from The Cyber Mind Co. to harden your perimeter right now. https://thecybermind.co/ez9o

Stop symlink privilege escalation in its tracks. The Cyber Mind Co. has deployed the T-Suite Defense Playbook for CVE-2026-54420, featuring kernel overrides and FIM rules to protect LiteSpeed cPanel environments. Lock down your shared hosting infrastructure now: https://thecybermind.co/q7ni

"CISA warns of another cPanel plugin flaw exploited in attacks"

"[...] government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. The U.S."

https://www.bleepingcomputer.com/news/security/cisa-warns-of-another-actively-exploited-cpanel-plugin-flaw/

#Cybersecurity

The most interesting thing about the new SearchLeak attack on Microsoft 365 Copilot isn't any single bug. It's that none of the three pieces was dangerous on its own. Varonis combined a prompt injection via a URL parameter, an HTML rendering race condition, and a server-side request forgery in Bing's image search. Each of these is a common bug that security teams usually consider minor. But when you put them together with a Copilot that can access your mailbox, OneDrive, and SharePoint, they create a critical flaw. Microsoft has since patched this issue (CVE-2026-42824).

This is how the attack worked:

* The victim clicks a link. That's the whole interaction. They type nothing.

* The link instructs Copilot to search the mailbox, find sensitive information such as access codes, and place it into an image URL.

* Bing retrieves that image, which sends the stolen data to the attacker's server. Bing serves as the delivery service, allowing the attack to bypass the content security policy intended to stop it.

From the user's perspective, Copilot just pauses for a moment. There is no visible sign that any data has been taken.

In the past, we've spent years rating bugs by their severity on their own. An SSRF here, an HTML injection there—each seemed minor. But when an AI assistant can follow instructions from untrusted input and access your real data, those minor bugs become much more serious. Old types of vulnerabilities become important again in this new context.

If your company uses Copilot or any AI assistant that can access company data, it is important to ask your team how they are rating bugs that affect it. The way we judge what is low risk has changed.

https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/

#AI #Cybersecurity #InfoSec #security #privacy #cloud #AttackChain

SearchLeak：Microsoft 365 Copilotのワンクリック脆弱性により機微なデータの窃取が可能に（CVE-2026-42824） | Codebook｜Security News https://www.yayafa.com/2823631/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #Copilot #Microsoft #MicrosoftAI #MicrosoftCopilot #エージェント型AI #人工知能 #汎用人工知能

Critical SimpleHelp Zero-Day CVE-2026-48558 Enables MFA Bypass While Google Uncovers UNC6508 Espionage Campaign Hidden Since 2023 + Video

Breaking Security Landscape Overview The cybersecurity ecosystem has been shaken by two parallel revelations that expose how fragile modern digital infrastructure remains. On one side, a severe vulnerability in SimpleHelp remote support software allows attackers to bypass authentication protections and create privileged technician…

https://undercodenews.com/critical-simplehelp-zero-day-cve-2026-48558-enables-mfa-bypass-while-google-uncovers-unc6508-espionage-campaign-hidden-since-2023-video/?utm_source=mastodon&utm_medium=jetpack_social

For anyone here who is using Google Chrome, update your Chrome to 149.0.7827.102/103 (Windows/Mac) and 149.0.7827.102 (Linux).

Google patches actively exploited vulnerability and 73 others. The actively exploited in the wild is tracked as CVE-2026-11645, the one which “Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.”

The vulnerability allows malicious website to execute arbitrary code in the Chrome sandbox. Just because your browser is in a sandbox, it only limits the severity of an attack, as any attempts of cyber attack usually need to chain multiple vulnerabilities to achieve serious compromise.

https://www.malwarebytes.com/blog/bugs/2026/06/update-chrome-google-patches-actively-exploited-vulnerability-and-73-others

#cybersecurity #tech #google #googlechrome #chrome #browser

🚨 CVE-2026-53435, a high severity (CVSS 8.8) deserialization vulnerability in Jenkins is now seeing active exploitation as per Defused

Scan your infrastructure: https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-53435.yaml

Patches are available per the vendor advisory: https://jenkins.io/security/advisory/2026-06-10/

The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad actors to set up VPN connections. https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html

Active Directory Under Siege and EtherRAT Surge Across Malicious Infrastructure Signals a New Wave of Enterprise Exploitation + Video

Introduction: A Growing Shadow Over Identity and Infrastructure Security Enterprise environments are once again under pressure as two separate but equally alarming cybersecurity developments surface from recent threat intelligence reports. On one side, a critical Active Directory vulnerability identified as CVE-2026-25177 reveals how…

https://undercodenews.com/active-directory-under-siege-and-etherrat-surge-across-malicious-infrastructure-signals-a-new-wave-of-enterprise-exploitation-video/?utm_source=mastodon&utm_medium=jetpack_social