radar.cysentrix

Security Radar

Page 1 of 10 · 398 stories from the last 30 days across 20 trusted sources.

Actively exploited 11 actively exploited CVEs in current coverage
View all CVEs →
  • CVE-2026-20253

    AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.

    5storiesEPSS 10%
  • CVE-2026-20262

    CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day Leads to Root

    2storiesEPSS 1%
  • CVE-2026-0257

    Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

    2storiesEPSS 19%
  • CVE-2025-8088

    Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

    1storyEPSS 81%
  • CVE-2026-42271

    CISA Adds Two Known Exploited Vulnerabilities to Catalog

    1storyEPSS 54%
  • CVE-2026-50751

    CISA Adds Two Known Exploited Vulnerabilities to Catalog

    1storyEPSS 41%
Help Net Security

Phishing hides in routine Microsoft 365 workflows

Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow. A user may see what look...

phishingmicrosoft
Security Affairs · The Hacker News2 stories

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

AIThe Squidbleed vulnerability, a 29-year-old heap over-read in Squid Proxy, exposes cleartext HTTP requests, including credentials and tokens, to other proxy users.

Open narrative →
vulnerability
Show all coverage
SecurityWeek

Xsolis Data Breach Affects 1.4 Million Individuals

Threat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.4 Million Individuals appeared first on SecurityWeek.

data breach
Help Net Security

Residential proxy SDKs are hiding in LG and Samsung smart TV apps

Smart TVs in living rooms run small apps that show fish tanks, clocks, solitaire games, and slideshows of puppies. A share of those apps can also send other people’s internet traffic out through the home connection. Spur Intelligence scanned 6,038 apps across LG webOS and Sams...

Help Net Security

Free, no-signup World Cup streams serve scams instead of football

Researchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors through a chain of advertising pages designed to generate revenue for their operators. Fake World Cup stre...

Help Net Security

Only 7% of companies are ready for the AI agents they deployed

Most organizations now run or pilot AI agents that operate on company data with limited human direction at each step, a share that reaches 88% in Veeam Software’s Data and AI Trust Gap report. The systems that are supposed to keep an eye on them have not caught up. That gap is...

The Hacker News

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping pa...

vulnerability
CyberScoop

Court rules SAVE database illegal, orders it dismantled

A judge said the administration’s database violates the Privacy Act, the Social Security Act and the Administrative Procedures Act. The post Court rules SAVE database illegal, orders it dismantled appeared first on CyberScoop.

BleepingComputer

JaredFromSubway MEV bot hacked in $15 million crypto theft

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...]

BleepingComputer

FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. [...]

Security Affairs

WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools

WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a re...

malware
Microsoft Security

Guarding AI memory

What happens when threat actors target what AI remembers? Microsoft breaks down the risks and the defenses. The post Guarding AI memory appeared first on Microsoft Security Blog.

microsoft