radar.cysentrix

Security Radar

Page 1 of 10 · 700 stories from the last 30 days across 19 trusted sources.

Actively exploited 19 actively exploited CVEs in current coverage
View all CVEs →
  • CVE-2026-10520

    An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

    1storyEPSS 99%
  • CVE-2026-35273

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

    2storiesEPSS 90%
  • CVE-2026-20253

    In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

    6storiesEPSS 88%
  • CVE-2026-48907

    A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

    1storyEPSS 80%
  • CVE-2026-50751

    A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

    1storyEPSS 71%
  • CVE-2024-40766

    An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

    1storyEPSS 16%
SecurityWeek · The Hacker News2 stories

OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards

AIOpenAI previewed GPT-5.6 Sol with restricted access and stronger cyber safeguards, releasing three versions in a limited preview for select companies and the U.S. government.

Open narrative →
Show all coverage
The Hacker News

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every releas...

vulnerability
The Hacker News

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecy...

malwaremicrosoftsupply chain
Help Net Security

DarkMoon: Open-source AI pentesting platform

Penetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tester. Automation promises ...

Help Net Security

Sycophantic chatbots and the harms that build over many chats

People use AI chatbots for company, advice, and emotional support, and these systems answer in ways meant to hold their attention. Researchers describe the resulting risks as affective safety, a class of harm that exists because humans are emotional beings and because the syst...

Help Net Security

Most teams accept higher risk for faster AI database work

Database professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the database itself. The use of AI in database management has almost tripled in a year, climbing from 15% ...

Security Affairs · BleepingComputer2 stories

Data breach exposes up to 14.2 million email logins at six ISPs

AIUp to 14.2 million email accounts were exposed in a KDDI breach affecting six Japanese ISPs, after attackers exploited a third-party software vulnerability.

Open narrative →
data breachvulnerability
Show all coverage
Security Affairs

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers A VBScript campaign ...

malware
Security Affairs · BleepingComputer · The Hacker News3 stories

FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys

AIFBI and CISA warn Russian intelligence phishing campaign now targets Signal Backup Recovery Keys, enabling attackers to restore accounts and access historical messages.

Open narrative →
phishing
Show all coverage
Security Affairs

Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails

Microsoft warns of a phishing campaign targeting the hospitality sector with fake guest emails that install TonRAT using resilient persistence. Microsoft Threat Intelligence published a detailed analysis on an ongoing hacking campaign against hospitality organizations that has...

phishingmicrosoft
SecurityWeek

Chinese Framework Powers 200,000 Scam Sites

Threat actors are selling investment scam templates created using the legitimate DCloud Uni-App toolkit. The post Chinese Framework Powers 200,000 Scam Sites appeared first on SecurityWeek.

Security Affairs · The Hacker News2 stories

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

AIDirtyClone (CVE-2026-43503, CVSS 8.8) is a Linux kernel privilege escalation via cloned packets, allowing local users to gain root. JFrog published a working exploit walkthrough on June 25.

Open narrative →
vulnerability
Show all coverage