BleepingComputer · SecurityWeek2 stories
DraftKings hacker 'Snoopy' sentenced to 18 months in prison
AIDraftKings hacker 'Snoopy' (Nathan Austad) sentenced to 18 months in prison and ordered to pay $1.8 million in restitution.
Open narrative →Security Radar
Page 1 of 10 · 530 stories from the last 30 days across 19 trusted sources.
Actively exploited 17 actively exploited CVEs in current coverage
View all CVEs →- CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
1storyEPSS 99% - CVE-2026-20253
AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.
5storiesEPSS 92% - CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
2storiesEPSS 90% - CVE-2026-50751
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
1storyEPSS 71% - CVE-2024-40766
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
1storyEPSS 16% - CVE-2026-34908
AICISA added max-severity Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities catalog, warning they are actively exploited.
1storyEPSS 2%
BleepingComputer
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. [...]
vulnerabilityzero day
Actively exploitedCVE-2026-20245 · EPSS 10%
Dark Reading
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
BleepingComputer
Malicious Edge extension abuses Native Messaging as bridge to malware
A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...]
ransomwaremalwaremicrosoft
Dark Reading
2026 FIFA World Cup Faces Surge in Cyber Threats
Persistent cybercrime, social engineering, and infrastructure threats continue to plague the FIFA 2026 World Cup across the US, Canada, and Mexico.
phishing
The Record
Three ‘cybercrime as a service’ operations undercut by Microsoft, law enforcement
Microsoft touted its latest action against malware infrastructure as a new approach aimed at the full cybercrime "supply chain." Europol said more than 300 servers were targeted.
malwaremicrosoftsupply chain
Dark Reading
Do CISOs Need a Code of Ethics?
Kickbacks, no-show jobs, "dirty" VCs, and shelf ware — industry expert Robert "RSnake" Hansen explains why he thinks its time for a CISO code of ethics to ensure cybersecurity bosses aren't engaged in self-dealing that could risk enterprise, and even national, security.
CyberScoop
Malicious hackers exploit Cisco zero-day for highest access level at communications service provider
Mandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s internal traffic. The post Malicious hackers exploit Cisco zero-day for highest access level at communications service provi...
zero day
Security Affairs · Help Net Security · BleepingComputer3 stories
Amadey, StealC malware operations disrupted in Operation Endgame action
AIOperation Endgame disrupted Amadey and StealC malware infrastructure in a global law enforcement action involving Microsoft and Europol.
Open narrative →ransomwaremalwaremicrosoft
Show all coverage
Microsoft Security
CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms
Learn how CNAPP platforms are helping organizations prioritize exploitable risks, reduce exposure, and operationalize security across the application lifecycle. The post CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms appeared first on Micros...
microsoftcloud
SecurityWeek
When Information Becomes the Attack Surface – Understanding AI Agent Traps
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek.
The Hacker News
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The v...
zero day
Dark Reading
More Malicious OpenClaw Skills Threaten AI Supply Chain
OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats.
supply chain
The Hacker News
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly l...
malwaremicrosoft
SecurityWeek
Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware
Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies. The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek.
malwaremicrosoft
BleepingComputer · Security Affairs · CISA Alerts3 stories
CISA warns of max severity Ubiquiti flaws exploited in attacks
AICISA added max-severity Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities catalog, warning they are actively exploited.
Open narrative →vulnerability
Actively exploited · EPSS 2%
Show all coverage
SecurityWeek
Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven environments. The post Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and R...
vulnerabilitysupply chain
The Record
German rail services resume after wireless communications outage
Deutsche Bahn said a nationwide disruption of railway services was tied to a malfunction in its 2G-based GSM-R communications system.
Help Net Security · CyberScoop · SecurityWeek3 stories
Algerian national accused of running cybercrime marketplaces extradited to US
AIAlgerian national Abdellah Belmili extradited to US for allegedly running marketplaces Market0Day and Spoxy that sold phishing kits and stolen credentials.
Open narrative →phishing
Show all coverage
BleepingComputer
Securing the service desk: Why social engineering attacks keep succeeding
Service desks have become a favored target for attackers seeking password resets, MFA changes, and access to corporate accounts. Specops Software breaks down how service desk social engineering attacks work and how organizations can defend against them. [...]
phishing