radar.cysentrix

Security Radar

Page 1 of 10 · 994 stories from the last 30 days across 19 trusted sources.

Actively exploited 24 actively exploited CVEs in current coverage
View all CVEs →
  • CVE-2025-5777

    Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

    1storyEPSS 100%
  • CVE-2026-10520

    An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

    1storyEPSS 99%
  • CVE-2026-33017

    Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

    1storyEPSS 98%
  • CVE-2026-35273

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

    2storiesEPSS 92%
  • CVE-2026-20253

    In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

    6storiesEPSS 88%
  • CVE-2026-48907

    A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

    1storyEPSS 80%
The Hacker News

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individ...

malwareapt
Security Affairs

JADEPUFFER: First End-to-End AI-Driven Ransomware Operation

Sysdig reports an AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans. Sysdig’s Threat Research Team has documented what it assesses to be the first ransomware operation driven end-to-end by a...

ransomware
Schneier on Security

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation: Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags. Flock calls it a “Vehicle Fingerprint” and it’s touted as a way for law enforcement officials to ge...

SecurityWeek

Agentic AI Used to Conduct Ransomware Attack via Langflow

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek.

ransomware
SecurityWeek

Medtronic Data Breach Impacts 3.8 Million People

Medical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach. The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s cor...

data breach
SecurityWeek · CyberScoop · Help Net Security · BleepingComputer · Security Affairs · The Hacker News6 stories

19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges

AIAlleged Scattered Spider member Peter Stokes, 19, was extradited from Finland to the US to face charges for hacking, fraud, and extortion linked to major cyberattacks.

Open narrative →
ransomwaredata breach
Show all coverage
Security Affairs · SecurityWeek · The Hacker News3 stories

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

AIGoogle and FBI disrupted the NetNut residential proxy network, which routed malicious traffic through two million compromised home devices.

Open narrative →
apt
Show all coverage
The Hacker News

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file imper...

malware
Security Affairs

Government and Healthcare Are the Weakest Links in Global Email Security

Government and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks. Comparitech analyzed live DNS records for 5,849 domains across 13 sectors and scored each one out of 8 points based on four stand...

phishing
SecurityWeek · The Hacker News2 stories

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

AICritical DuneSlide flaws in Cursor AI editor enable zero-click prompt injection to escape its sandbox and execute arbitrary commands on the OS.

Open narrative →
vulnerability
Show all coverage
Help Net Security

Intezer helps SOC teams automate custom security tasks

Intezer has announced Custom Agents, a new capability that lets security teams build their own AI agents directly inside the Intezer platform. The launch builds on Intezer’s core approach, that lets autonomous agents do the security work and humans supervise it. Security teams...

Help Net Security

Non-interactive SSH attacks dominate after login

Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from addresses all over the world. The common picture of what comes next has an attacker landing a shell, lookin...

Help Net Security

Geopolitical cyber threats are turning HR into a security front line

In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that would never have targeted you...

CyberScoop

Someone infected a spyware probe overseer with spyware

Citizen Lab says the phone of a member of Europe’s PEGA Committee was infected twice with Pegasus, the NSO Group spyware that gave the panel its name. The post Someone infected a spyware probe overseer with spyware appeared first on CyberScoop.