Dark Reading
Iran, Russia, China Target Water Systems for Sabotage
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
malwaredata breachapt
Security Radar
Page 1 of 10 · 744 stories from the last 30 days across 19 trusted sources.
Actively exploited 20 actively exploited CVEs in current coverage
View all CVEs →- CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
1storyEPSS 99% - CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
2storiesEPSS 92% - CVE-2026-20253
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
6storiesEPSS 88% - CVE-2026-48907
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
1storyEPSS 80% - CVE-2026-50751
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
1storyEPSS 71% - CVE-2024-40766
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
1storyEPSS 16%
The Record
Justices rule that cellphone location histories are protected by the Fourth Amendment
Police must get a warrant to request geofence data involving individual cellphones, the U.S. Supreme Court ruled in what represents a victory for privacy advocates.
The Hacker News
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to re...
microsoft
BleepingComputer · The Hacker News2 stories
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
AIWhatsApp rolls out optional usernames, allowing users to hide their phone numbers when connecting with others on the platform.
Open narrative →Show all coverage
CyberScoop
Supreme Court approves mail-in ballots that arrive after Election Day
The ruling is a victory for election advocates who say the evidence overwhelmingly shows that voter fraud is rare and not tied to mail voting in general. The post Supreme Court approves mail-in ballots that arrive after Election Day appeared first on CyberScoop.
CyberScoop
Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling
Dissenting justices who criticized the ruling said it would have “seismic” implications for the Fourth Amendment. The post Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling appeared first on CyberScoop.
BleepingComputer
Microsoft extends Windows Server 2022 hotpatching until October 2027
Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...]
microsoft
The Record · BleepingComputer2 stories
US seizes hundreds of FIFA World Cup illegal streaming domains
AIUS DOJ seized nearly 400 domains used for illegally streaming FIFA World Cup matches, aided by FIFA and NBC Universal.
Open narrative →Show all coverage
Microsoft Security
Chromium extension uses AI‑related branding to redirect browser search
A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium extension uses AI‑related branding to redirect browser search appeared first on Micros...
Help Net Security · The Hacker News · Security Affairs · SecurityWeek · Dark Reading · CISA Alerts · BleepingComputer11 stories
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
AICISA added exploited PTC Windchill RCE and Cisco Unified CM SSRF flaws to its KEV catalog amid ongoing web shell attacks.
Open narrative →vulnerabilityzero day
Actively exploited · EPSS 42%
Show all coverage
- Help Net SecurityJSP webshells being dropped on unpatched PTC Windchill instances
- The Hacker NewsCISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
- Security AffairsU.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog
- SecurityWeekFirst-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild
- Dark ReadingIn Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
- CISA AlertsCISA Adds Two Known Exploited Vulnerabilities to Catalog
- Security AffairsCisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild
- Help Net SecurityCisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)
- The Hacker NewsCisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
- SecurityWeekHackers Exploiting Cisco Unified CM Vulnerability
- BleepingComputerCisco Unified CM flaw CVE-2026-20230 now exploited in attacks
Schneier on Security
Factoring RSA Keys with Many Zeros
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massi...
vulnerabilityzero day
SecurityWeek
WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy
An optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users. The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appeared first on SecurityWeek.
The Record
US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp
Russia-linked hacking groups tracked as UNC5792 and UNC4221 have socially engineered their way into the messaging accounts of government officials.
BleepingComputer
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...]
The Hacker News
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside In...
malwareaptcloud
The Hacker News
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more ...
vulnerabilitymalware
SecurityWeek
New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines
Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. The post New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines appeared first on SecurityWeek.
SecurityWeek
Straiker Raises $64 Million for AI Security Platform
The startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks. The post Straiker Raises $64 Million for AI Security Platform appeared first on SecurityWeek.
BleepingComputer
Agentic AI Has an Identity Problem and Attackers Know It
AI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise security. [...]
BleepingComputer
Critical SimpleHelp flaw exploited to deploy new stealer malware
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]
vulnerabilitymalwaremicrosoft
Actively exploitedCVE-2026-48558 · EPSS <1%