radar.cysentrix

Security Radar

Page 1 of 10 · 371 stories from the last 30 days across 20 trusted sources.

Actively exploited 10 actively exploited CVEs in current coverage
View all CVEs →
  • CVE-2025-8088

    Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

    1storyEPSS 81%
  • CVE-2026-0257

    Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

    2storiesEPSS 19%
  • CVE-2026-20253

    AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.

    5storiesEPSS 10%
  • CVE-2026-20262

    AICisco released updates for an actively exploited medium-severity flaw in Catalyst SD-WAN Manager, tracked as CVE-2026-20262 with a CVSS score of 6.5.

    2storiesEPSS 1%
  • CVE-2026-35273

    ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

    1storyEPSS 8%
  • CVE-2026-42271

    CISA Adds Two Known Exploited Vulnerabilities to Catalog

    1storyEPSS 54%
The Hacker News

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Sq...

SANS Internet Storm Center

Webshells Remain Popular, (Mon, Jun 22nd)

Webshells have been popular for a long time. We already covered this topic across multiple diaries[1][2]. I spent some time to track them[3] and slighly paid less attention to them but today I found another one. It seems to be a new player (pushed on Github two months ago).

Security Affairs

Anthropic’s Mythos AI broke into almost all NSA classified systems in hours

Senate testimony claims Anthropic’s Mythos AI breached NSA and Cyber Command systems in hours, prompting a U.S.-ordered shutdown. On June 12, the Trump administration directed Anthropic to restrict access to Fable 5 and Mythos 5, its two most capable models, exclusively to US ...

The Hacker News

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute ...

malware
The Hacker News

Stop Your Legacy Infrastructure from Hijacking Your AI Agents

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving ...

SecurityWeek · The Hacker News · BleepingComputer3 stories

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

AIHackers exploit unauthenticated info disclosure bug (CVE-2026-4020) in Gravity SMTP WordPress plugin on 100k sites, exposing API keys.

Open narrative →
vulnerability EPSS 3%
Show all coverage
SecurityWeek · BleepingComputer2 stories

Microsoft links Mastra AI supply chain attack to North Korean hackers

AIMicrosoft attributes a Mastra AI supply chain attack compromising 140+ npm packages to North Korean group Sapphire Sleet, with malware targeting cryptocurrency extensions.

Open narrative →
supply chainmicrosoft
Show all coverage
Schneier on Security

Professional Athletes and Wearables

I haven’t thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a profes...

SecurityWeek

What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks

Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. The post What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks appeared first on SecurityWeek.

zero daymalware
SecurityWeek

Fortinet Responds to FortiBleed Campaign

A database of over 86,000 confirmed working credentials was created during the credential-harvesting campaign. The post Fortinet Responds to FortiBleed Campaign appeared first on SecurityWeek.

SecurityWeek

More Cybersecurity Firms Disclose Impact From Klue Hack

HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium are among the affected Klue customers. The post More Cybersecurity Firms Disclose Impact From Klue Hack appeared first on SecurityWeek.