Your Daily Dose of Cybersecurity News

AI/ML Security

Is OpenAI Lockdown Mode an Admission of Risk? Enough?

As AI-powered chatbots expand across customer service, technical support, and enterprise workflows, they become increasingly attractive targets for attackers seeking to extract sensitive data.

Jun 8, 2026 · SecurityXP Intelligence Desk

Data Breaches

Meta AI Flaw Exposes 20K Instagram Accounts

This incident is a clear example of the ongoing risks associated with AI-powered support systems. The vulnerability allowed attackers to reset passwords without verifying email addresses associated wi...

Jun 8, 2026 · SecurityXP Intelligence Desk

Vulnerabilities & Exploits

CISA Flags SolarWinds Serv-U Flaw as Exploited

Over 12,000 SolarWinds Serv-U file transfer servers sit exposed to the internet. Attackers are already knocking them offline.

Jun 6, 2026 · SecurityXP Intelligence Desk

Latest News

Vulnerabilities & ExploitsJun 6, 2026·2 min read

Cisco SD-WAN Manager Under Attack, No Patch Yet

Cisco has confirmed active exploitation of a high-severity vulnerability in Catalyst SD-WAN Manager. The flaw, CVE-2026-20245, scores 7.8 on the CVSS scale.

Vulnerabilities & ExploitsJun 6, 2026·2 min read

Everest Forms Pro RCE: WordPress Sites at Risk

Hackers are actively exploiting a critical vulnerability in the Everest Forms Pro WordPress plugin right now. The flaw, tracked as CVE-2026-3300, allows unauthenticated attackers to execute arbitrary ...

Vulnerabilities & ExploitsJun 6, 2026·2 min read

Ubiquiti UniFi OS Auth Bypass Enables Root RCE

Ubiquiti disclosed three critical vulnerabilities in UniFi OS Server on May 21, 2026. Each scores a perfect 10.0 on the CVSS scale.

Security OperationsJun 5, 2026·2 min read

71% of SOCs Say AI Is Underdelivering: Report

Eighteen months ago, the AI SOC was a marketing line. Today it is a budget item.

Data BreachesJun 5, 2026·2 min read

AI Chatbot Trust Weaponized to Mine Crypto

Microsoft has spotted something new. Attackers are manipulating SEO rankings and AI chatbot recommendations to push fake utilities onto users who trust what the AI tells them.

Threat IntelligenceJun 5, 2026·2 min read

Gulf Executives Face WhatsApp Impersonation

It starts with a message. A senior executive at a Dubai energy firm opens WhatsApp and sees what looks like a text from their CEO.

Vulnerabilities & ExploitsJun 4, 2026·2 min read

Acer Addresses Zero-Day in Wave 7 Routers

The vulnerability allows unauthenticated attackers to access sensitive credentials from log archives. It's a broken access control flaw, which enables attackers to obtain plaintext credentials.

Vulnerabilities & ExploitsJun 4, 2026·3 min read

B&R PPT30 Operating System

This operating system is widely used in industrial automation worldwide. The issue affects versions prior to 1.8.0.

Vulnerabilities & ExploitsJun 4, 2026·2 min read

ELI5: YellowKey (CVE-2026-45585) BitLocker Bypass that survived the Great Global CrowdStrike Outage of 24)

The vulnerability, identified as CVE-2026-45585, has significant implications for organizations using Windows PE, versions 10 and 11, and CrowdStrike, versions 6.0 and later.

Vulnerabilities & ExploitsJun 4, 2026·2 min read

CISA Adds Magento RCE CVE-2026-45247 to KEV

This vulnerability, tracked as CVE-2026-45247, has a CVSS score of 9.8. Cybersecurity and Infrastructure Security Agency added this flaw to its Known Exploited Vulnerabilities catalog.

Vulnerabilities & ExploitsJun 4, 2026·2 min read

Cisco Unified Comms Manager Vuln & PoC Released Code

This vulnerability, identified as CVE-2026-20230, has a CVSS score of 8.6. That's a significant threat.

Vulnerabilities & ExploitsJun 4, 2026·4 min read

Hitachi Energy ITT600 Explorer

The vulnerability, identified as CVE-2024-8176, can be exploited to carry out a Denial of Service attack on the product, potentially disrupting essential services in the energy sector.

TechnologyJun 4, 2026·6 min read

ICANN Sets October 2026 DNS Trust Anchor Rollover

The Domain Name System, or DNS, is getting a major update to its security protocol. This update, scheduled for October 2026, affects the DNS Security Extensions root zone Key Signing Key, a crucial co...

Identity & Access ManagementJun 4, 2026·4 min read

Offroad Emerges From Stealth With $7... Risk

The company just landed $7 million in seed funding, led by Ibex Investors and Skywell Capital, which is a big deal. This investment is a significant milestone for Offroad, marking a new chapter in its...

Commentary / OpinionJun 3, 2026·2 min read

Code is cheap

It's counterintuitive, given the significant cost of producing code, including salaries and headcount. But there's a crucial distinction between production costs and the value of the code itself.

Vulnerabilities & ExploitsJun 3, 2026·2 min read

Google Patches Android Zero-Day CVE-2025-48595

One flaw, CVE-2025-48595, is particularly alarming. This vulnerability has a CVSS score of 8.4.

AI/ML SecurityJun 3, 2026·2 min read

Hackers Used Meta AI Bot to Steal Instagrams

High-profile Instagram profiles, including those of former US President Barack Obama, the U.S. Space Force, and Sephora, were compromised after attackers social engineered Meta's AI-powered support assistant.

TechnologyJun 3, 2026·3 min read

Old Oracle WebLogic Flaw Now Under Active Exploit

This was patched by Oracle in July 2024. The vulnerability allows an unauthenticated attacker with network access to take control of susceptible Oracle WebLogic Server instances.

Vulnerabilities & ExploitsJun 3, 2026·2 min read

CISA Adds Android & Linux Kernel Flaws to KEV catalog

Cybersecurity and Infrastructure Security Agency, CISA, has just added two significant vulnerabilities to its Known Exploited Vulnerabilities catalog.

TechnologyJun 2, 2026·2 min read

Google fixes one actively exploited Android...

One of them, a high-severity zero-day flaw in the Android Framework component, is tracked as CVE-2025-48595. This vulnerability is serious.

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

SecurityXP — Cybersecurity News, Threat Intelligence & Infosec Utilities

Is OpenAI Lockdown Mode an Admission of Risk? Enough?

Meta AI Flaw Exposes 20K Instagram Accounts

CISA Flags SolarWinds Serv-U Flaw as Exploited

Latest News

Cisco SD-WAN Manager Under Attack, No Patch Yet

Everest Forms Pro RCE: WordPress Sites at Risk

Ubiquiti UniFi OS Auth Bypass Enables Root RCE

71% of SOCs Say AI Is Underdelivering: Report

AI Chatbot Trust Weaponized to Mine Crypto

Gulf Executives Face WhatsApp Impersonation

Acer Addresses Zero-Day in Wave 7 Routers

B&R PPT30 Operating System

ELI5: YellowKey (CVE-2026-45585) BitLocker Bypass that survived the Great Global CrowdStrike Outage of 24)

CISA Adds Magento RCE CVE-2026-45247 to KEV

Cisco Unified Comms Manager Vuln & PoC Released Code

Hitachi Energy ITT600 Explorer

ICANN Sets October 2026 DNS Trust Anchor Rollover

Offroad Emerges From Stealth With $7... Risk

Code is cheap

Google Patches Android Zero-Day CVE-2025-48595

Hackers Used Meta AI Bot to Steal Instagrams

Old Oracle WebLogic Flaw Now Under Active Exploit

CISA Adds Android & Linux Kernel Flaws to KEV catalog

Google fixes one actively exploited Android...

Security Digest