Exploited Zero-Day Flaw in Cisco UC Could Affect Millions
Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.
Swipe, Plug-in, Pwned: Researchers Find New Ways to Hack Vehicles
Security researchers exploited dozens of vulnerabilities in vehicle infotainment systems and EV chargers during the latest Pwn2Own contest at Automotive World 2026.
Microsoft Rushes Emergency Patch for Office Zero-Day
To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious Office file.
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little fric
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from versi
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit w
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 (CVSS score
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wil
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The exten
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation
Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in M
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable expos
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related