Your Daily Dose of Cybersecurity News

Vulnerabilities & Exploits

CISA Flags SolarWinds Serv-U Flaw as Actively Exploited (CVE-2026-28318)

Over 12,000 SolarWinds Serv-U file transfer servers sit exposed to the internet. Attackers are already knocking them offline.

Jun 6, 2026 · SecurityXP Intelligence Desk

Vulnerabilities & Exploits

Cisco SD-WAN Manager Under Active Attack With No Patch (CVE-2026-20245)

Cisco has confirmed active exploitation of a high-severity vulnerability in Catalyst SD-WAN Manager. The flaw, CVE-2026-20245, scores 7.8 on the CVSS scale.

Jun 6, 2026 · SecurityXP Intelligence Desk

Vulnerabilities & Exploits

Everest Forms Pro Plugin RCE Lets Attackers Own WordPress (CVE-2026-3300)

Hackers are actively exploiting a critical vulnerability in the Everest Forms Pro WordPress plugin right now. The flaw, tracked as CVE-2026-3300, allows unauthenticated attackers to execute arbitrary ...

Jun 6, 2026 · SecurityXP Intelligence Desk

Latest News

Vulnerabilities & ExploitsJun 6, 2026·2 min read

Ubiquiti UniFi OS Critical Auth Bypass Enables Root RCE (CVE-2026-34908)

Ubiquiti disclosed three critical vulnerabilities in UniFi OS Server on May 21, 2026. Each scores a perfect 10.0 on the CVSS scale.

Vulnerabilities & ExploitsNO IMAGE

Security OperationsJun 5, 2026·2 min read

71% of SOCs Report AI Is Underdelivering. The Second Wave Must Fix It.

Eighteen months ago, the AI SOC was a marketing line. Today it is a budget item.

Security OperationsNO IMAGE

Data BreachesJun 5, 2026·2 min read

Attackers Weaponize AI Chatbot Trust to Hijack GPUs and Mine Crypto

Microsoft has spotted something new. Attackers are manipulating SEO rankings and AI chatbot recommendations to push fake utilities onto users who trust what the AI tells them.

Data BreachesNO IMAGE

Threat IntelligenceJun 5, 2026·2 min read

Gulf Executives Face Surge in WhatsApp Impersonation Attacks

It starts with a message. A senior executive at a Dubai energy firm opens WhatsApp and sees what looks like a text from their CEO.

Threat IntelligenceNO IMAGE

Vulnerabilities & ExploitsJun 4, 2026·2 min read Breaking

Acer addresses critical zero-day vulnerabilities in Wave 7 routers

The vulnerability allows unauthenticated attackers to access sensitive credentials from log archives. It's a broken access control flaw, which enables attackers to obtain plaintext credentials.

Vulnerabilities & ExploitsNO IMAGE

Vulnerabilities & ExploitsJun 4, 2026·3 min read

B&R PPT30 Operating System

This operating system is widely used in industrial automation worldwide. The issue affects versions prior to 1.8.0.

Vulnerabilities & ExploitsNO IMAGE

Vulnerabilities & ExploitsJun 4, 2026·2 min read

Can Someone Please ELI5 - "YellowKey" (CVE-2026-45585) to me? (an IT admin that survived the Great Global CrowdStrike Outage of 24)

The vulnerability, identified as CVE-2026-45585, has significant implications for organizations using Windows PE, versions 10 and 11, and CrowdStrike, versions 6.0 and later.

Vulnerabilities & ExploitsNO IMAGE

Vulnerabilities & ExploitsJun 4, 2026·2 min read

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

This vulnerability, tracked as CVE-2026-45247, has a CVSS score of 9.8. Cybersecurity and Infrastructure Security Agency added this flaw to its Known Exploited Vulnerabilities catalog.

Vulnerabilities & ExploitsNO IMAGE

Vulnerabilities & ExploitsJun 4, 2026·2 min read

Cisco Unified Communications Manager Vulnerability Exposed Along With PoC Exploit Code

This vulnerability, identified as CVE-2026-20230, has a CVSS score of 8.6. That's a significant threat.

Vulnerabilities & ExploitsNO IMAGE

Vulnerabilities & ExploitsJun 4, 2026·4 min read

Hitachi Energy ITT600 Explorer

The vulnerability, identified as CVE-2024-8176, can be exploited to carry out a Denial of Service attack on the product, potentially disrupting essential services in the energy sector.

Vulnerabilities & ExploitsNO IMAGE

TechnologyJun 4, 2026·6 min read

ICANN sets the October 2026 DNS trust anchor rollover

The Domain Name System, or DNS, is getting a major update to its security protocol. This update, scheduled for October 2026, affects the DNS Security Extensions root zone Key Signing Key, a crucial co...

TechnologyNO IMAGE

Identity & Access ManagementJun 4, 2026·4 min read

Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk

The company just landed $7 million in seed funding, led by Ibex Investors and Skywell Capital, which is a big deal. This investment is a significant milestone for Offroad, marking a new chapter in its...

Identity & Access ManagementNO IMAGE

Commentary / OpinionJun 3, 2026·2 min read

Code is cheap

It's counterintuitive, given the significant cost of producing code, including salaries and headcount. But there's a crucial distinction between production costs and the value of the code itself.

Commentary / OpinionNO IMAGE

Vulnerabilities & ExploitsJun 3, 2026·2 min read Breaking

Google Patches Android Zero-Day CVE-2025-48595 Exploited in Targeted Attacks

One flaw, CVE-2025-48595, is particularly alarming. This vulnerability has a CVSS score of 8.4.

Vulnerabilities & ExploitsNO IMAGE

AI/ML SecurityJun 3, 2026·2 min read Breaking

Hackers Used Meta's AI Support Bot to Seize Instagram Accounts

High-profile Instagram profiles, including those of former US President Barack Obama, the U.S. Space Force, and Sephora, were compromised after attackers social engineered Meta's AI-powered support assistant.

AI/ML SecurityNO IMAGE

TechnologyJun 3, 2026·3 min read

Two-year old Oracle WebLogic Server vulnerability is being exploited

This was patched by Oracle in July 2024. The vulnerability allows an unauthenticated attacker with network access to take control of susceptible Oracle WebLogic Server instances.

TechnologyNO IMAGE

Vulnerabilities & ExploitsJun 3, 2026·2 min read

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Cybersecurity and Infrastructure Security Agency, CISA, has just added two significant vulnerabilities to its Known Exploited Vulnerabilities catalog.

Vulnerabilities & ExploitsNO IMAGE

TechnologyJun 2, 2026·2 min read

Google fixes one actively exploited Android zero-day, 124 flaws

One of them, a high-severity zero-day flaw in the Android Framework component, is tracked as CVE-2025-48595. This vulnerability is serious.

TechnologyNO IMAGE

TechnologyJun 2, 2026·2 min read

Infected Red Hat npm packages expose developer credentials

This malware is a new variant of the Shai-Hulud credential-stealing malware. It's designed to steal developer credentials, cloud secrets, SSH keys, CI/CD tokens, and other sensitive information.

TechnologyNO IMAGE

TechnologyJun 1, 2026·3 min read

Critical Windows Netlogon RCE flaw now exploited in attacks

This vulnerability, tracked as CVE-2026-41089, has a CVSS score of 9.8. It's a stack-based buffer overflow issue that could be exploited via crafted network requests.

TechnologyNO IMAGE

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

SecurityXP — Cybersecurity News, Threat Intelligence & Infosec Utilities

CISA Flags SolarWinds Serv-U Flaw as Actively Exploited (CVE-2026-28318)

Cisco SD-WAN Manager Under Active Attack With No Patch (CVE-2026-20245)

Everest Forms Pro Plugin RCE Lets Attackers Own WordPress (CVE-2026-3300)

Latest News

Ubiquiti UniFi OS Critical Auth Bypass Enables Root RCE (CVE-2026-34908)

71% of SOCs Report AI Is Underdelivering. The Second Wave Must Fix It.

Attackers Weaponize AI Chatbot Trust to Hijack GPUs and Mine Crypto

Gulf Executives Face Surge in WhatsApp Impersonation Attacks

Acer addresses critical zero-day vulnerabilities in Wave 7 routers

B&R PPT30 Operating System

Can Someone Please ELI5 - "YellowKey" (CVE-2026-45585) to me? (an IT admin that survived the Great Global CrowdStrike Outage of 24)

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

Cisco Unified Communications Manager Vulnerability Exposed Along With PoC Exploit Code

Hitachi Energy ITT600 Explorer

ICANN sets the October 2026 DNS trust anchor rollover

Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk

Code is cheap

Google Patches Android Zero-Day CVE-2025-48595 Exploited in Targeted Attacks

Hackers Used Meta's AI Support Bot to Seize Instagram Accounts

Two-year old Oracle WebLogic Server vulnerability is being exploited

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Google fixes one actively exploited Android zero-day, 124 flaws

Infected Red Hat npm packages expose developer credentials

Critical Windows Netlogon RCE flaw now exploited in attacks

Security Digest