Check Point VPN Flaw: Passwords Optional, Apparently Check Point warned that CVE-2026-50751, a critical flaw affecting Remote Access VPN and Mobile Access deployments using deprecated IKEv1, is being actively exploited. The logic flaw in certificate validation allows unauthenticated attackers to bypass password requirements and establish VPN sessions under specific configurations. Exploitation requires remote access or […]
Linux Kernel Bug: One Character, Root Access, Big Headache Researchers published working exploit details for CVE-2026-23111, a Linux kernel use-after-free in nf_tables that can let an unprivileged local user escalate to root and escape containers. The flaw was patched upstream in February 2026 and resulted from a one-character logic error. Exploits have been demonstrated across […]
LiteLLM Flaw Turns AI Gateway Into an Attack Gateway CISA added LiteLLM CVE-2026-42271 to its Known Exploited Vulnerabilities catalogue after evidence of active exploitation. The flaw is a command injection vulnerability affecting LiteLLM versions 1.74.2 through before 1.83.7, allowing authenticated users to execute arbitrary commands on the host. Researchers also showed it could be chained […]
Chrome Zero-Day: Update Before Your Browser Gets Ideas Google released Chrome security updates fixing 74 vulnerabilities, including CVE-2026-11645, a high-severity V8 zero-day exploited in the wild. The issue is an out-of-bounds memory access flaw in Chrome’s JavaScript and WebAssembly engine that could allow remote code execution inside the browser sandbox via a crafted HTML page. […]
Veeam RCE: Because Attackers Love Backups Too Veeam patched a critical remote code execution vulnerability in Backup & Replication, tracked as CVE-2026-44963 with a CVSS score of 9.4. The flaw allows an authenticated domain user to execute remote code on the backup server. It affects Veeam Backup & Replication 12.3.2.4465 and earlier version 12 builds, […]
RoguePlanet: When Microsoft Defender Needs Defending A researcher known as Chaotic Eclipse released proof-of-concept exploit code for a Microsoft Defender zero-day named RoguePlanet. The flaw is described as a race condition that can grant SYSTEM-level privileges when successfully exploited. It was reportedly tested on fully updated Windows 10 and Windows 11 systems after June 2026 […]
Microsoft Patch Tuesday Breaks Records, and Probably Some Weekend Plans Microsoft’s June 2026 Patch Tuesday fixed a record 206 vulnerabilities, including 39 critical issues and three publicly disclosed zero-days. The updates cover privilege escalation, remote code execution, information disclosure, spoofing, security bypass and denial-of-service flaws. Major issues include a Windows Kernel remote code execution vulnerability, […]
Ivanti, Fortinet and SAP Critical Patches Ivanti, Fortinet and SAP released fixes for multiple critical vulnerabilities affecting enterprise products. Fortinet patched a FortiSandbox command injection flaw. Ivanti fixed two critical Ivanti Sentry issues, including unauthenticated root-level remote code execution and authentication bypass allowing arbitrary admin account creation. SAP also addressed critical flaws across NetWeaver, ABAP […]
Cisco Secure Workload Gets the Full CVSS 10.0 Treatment Cisco has patched a critical CVSS 10.0 vulnerability affecting Secure Workload environments. The flaw could allow unauthenticated remote attackers to compromise affected systems completely. Cisco confirmed the issue impacts certain management components and urged organisations to apply updates immediately. The vulnerability highlights the continued risks associated […]
