Collecting Cyber-News from over 60 sources

Tag: vulnerability

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Jun 2, 2026 9:42 PM

Tags: access, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, oracle, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was First seen on…
Google Patches Android Zero-Day Vulnerability in June 2026 Security Update

Jun 2, 2026 7:42 PM

Tags: android, exploit, flaw, framework, google, update, vulnerability, zero-day

Google’s June 2026 Android update fixes dozens of flaws, including a potentially exploited Framework vulnerability and critical system bugs. The post Google Patches Android Zero-Day Vulnerability in June 2026 Security Update appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-june-2026-android-security-update/
U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

Jun 2, 2026 6:42 PM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, oracle, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic…
Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators

Jun 2, 2026 5:42 PM

Tags: ai, infrastructure, open-source, vulnerability

The AI firm also said it’s exploring how to help open-source developers deal with a flood of vulnerability reports. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-anthropic-claude-mythos-project-glasswing-expand/821714/
Anthropic scales Claude Mythos to critical infrastructure in 15+ countries

Jun 2, 2026 5:42 PM

Tags: access, communications, cyberattack, healthcare, infrastructure, vulnerability

Anthropic is expanding Project Glasswing, its security vulnerability program, and access to Mythos to 150 organizations across 15 countries, targeting critical infrastructure in power, water, healthcare, and communications where a cyberattack could affect 100 million people. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/02/anthropic-scales-claude-mythos-to-critical-infrastructure-in-15-countries/
For CISOs, dawn of OpenAI Daybreak brings good and bad news

Jun 2, 2026 5:42 PM

Tags: ai, ciso, openai, tool, vulnerability

OpenAI Daybreak shows how AI reshapes vulnerability discovery. But AI-driven security tools raise accountability questions and fuel the AI arms race between defenders and attackers. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366643546/For-CISOs-dawn-of-OpenAI-Daybreak-brings-good-and-bad-news
CISA flags two-year-old Oracle flaw as actively exploited in attacks

Jun 2, 2026 3:42 PM

Tags: attack, cisa, exploit, flaw, government, oracle, vulnerability

CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-weblogic-flaw/
Google fixes actively exploited Android vulnerability (CVE-2025-48595)

Jun 2, 2026 2:42 PM

Tags: android, exploit, google, update, vulnerability

Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/android-vulnerability-exploited-cve-2025-48595/
Critical KMW CCTV Flaw Allows Unauthorised Access to Surveillance Feeds

Jun 2, 2026 2:42 PM

Tags: access, advisory, cctv, cve, cyber, cybersecurity, flaw, infrastructure, vulnerability

A critical security vulnerability in KMW CCTV security cameras could allow attackers to gain full, unauthorised access to live surveillance feeds and device settings, raising serious concerns for organisations that rely on these systems in sensitive environments. The issue, tracked as CVE-2026-5386 and disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) under advisory…
Claude Code GitHub Actions Flaw Exposes Repositories to Full Compromise

Jun 2, 2026 2:42 PM

Tags: control, cyber, flaw, github, malicious, supply-chain, vulnerability

A critical supply chain vulnerability in Anthropic’s Claude Code GitHub Actions workflow has been disclosed, exposing thousands of repositories to potential full compromise through a single malicious GitHub issue. Security researcher Ryota K from GMO Flat Security identified multiple flaws in the Claude Code integration that allowed attackers to bypass permission controls and inject untrusted…
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

Jun 2, 2026 2:42 PM

Tags: ai, exploit, Internet, vulnerability

AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days.The industry’s…
Google fixes one actively exploited Android zero-day, 124 flaws

Jun 2, 2026 1:42 PM

Tags: android, exploit, flaw, google, vulnerability, zero-day

Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-one-actively-exploited-android-zero-day-124-flaws/
CISA Warns of Active Exploitation of Palo Alto Networks PAN-OS Vulnerability

Jun 2, 2026 1:42 PM

Tags: access, authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, infrastructure, network, threat, unauthorized, vpn, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert warning that threat actors are actively exploiting a critical vulnerability in Palo Alto Networks PAN-OS, tracked as CVE-2026-0257. The flaw, categorized as an authentication bypass issue, allows attackers to bypass standard security controls and establish unauthorized VPN connections, potentially granting them access…
Age verification tech could put children at greater risk, says think tank

Jun 2, 2026 11:44 AM

Tags: group, risk, service, vulnerability

UK proposals for mandatory age verification will not mitigate children’s exposure to harmful content and ‘addictive’ app design, and risks excluding vulnerable groups from online services, says Foundation for Information Policy Research First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643835/Age-verification-tech-could-put-children-at-greater-risk-says-think-tank
CISA Issues Alert on Oracle WebLogic Server Flaw Under Active Exploitation

Jun 2, 2026 11:44 AM

Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, oracle, risk, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle WebLogic Server vulnerability, tracked as CVE-2024-21182, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively exploited in the wild. The alert, published on June 1, 2026, highlights the urgent risk to organizations that rely on Oracle WebLogic for…
Threat Actors Target Critical Windows Netlogon Flaw CVE-2026-41089

Jun 2, 2026 10:43 AM

Tags: cve, exploit, flaw, remote-code-execution, threat, vulnerability, windows

A critical Windows Netlogon vulnerability, tracked as CVE-2026-41089, has emerged as a significant security concern after authorities warned that threat actors are actively attempting to exploit the flaw to gain remote code execution capabilities on vulnerable systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-41089-windows-netlogon-vulnerability/
Android Zero-Day Vulnerability Actively Exploited in Device Takeover Attacks

Jun 2, 2026 10:43 AM

Tags: android, attack, cve, cyber, exploit, google, risk, vulnerability, zero-day

Google has disclosed a critical Android zero-day vulnerability that is reportedly being actively exploited in targeted attacks, raising serious concerns about the risk of large-scale device compromise. The issue, tracked as CVE-2025-48595, was highlighted in the Android Security Bulletin for June 2026, released on June 1. Android Zero-Day Vulnerability According to Google, the vulnerability resides…
Critical StrongDM Flaw Exposes Users to Authentication Token Theft and Reuse

Jun 2, 2026 9:42 AM

Tags: access, authentication, cve, cyber, flaw, risk, theft, unauthorized, vulnerability

A critical security vulnerability tracked as CVE-2026-4387 has been disclosed in StrongDM, allowing attackers to steal and reuse authentication tokens to gain unauthorized access to infrastructure. The issue, discovered by SpecterOps researcher Hope Walker, affects StrongDM desktop and CLI environments before the patched versions and poses significant risks to enterprise environments that rely on centralized…
TP-Link Router Security Bug Enables Remote Command Execution Attacks

Jun 2, 2026 8:42 AM

Tags: attack, cve, cvss, cyber, flaw, network, office, risk, router, vulnerability

TP-Link has disclosed a high-severity security flaw in its Archer BE450 and Archer BE7200 Wi”‘Fi routers that could allow remote command execution once an attacker gains admin access. The vulnerability, tracked as CVE-2026-5509, is rated 8.5 (High) under CVSS v4.0, highlighting the serious risk it poses to both home and small-office networks that rely on…
Meta’s AI Bot Misused by Hackers to Take Over Instagram Accounts

Jun 2, 2026 7:42 AM

Tags: ai, authentication, cyber, exploit, flaw, hacker, mfa, password, phishing, vulnerability

Attackers have exploited a critical vulnerability in Meta’s AI-powered Instagram support chatbot to hijack user accounts without needing passwords, phishing, or malware. Instead of bypassing security through technical exploits, hackers simply manipulated the chatbot via natural-language requests. Meta’s AI Bot Misused by Hackers The flaw allowed attackers to bypass two-factor authentication (2FA) effectively. By interacting…
Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

Jun 2, 2026 1:42 AM

Tags: exploit, network, threat, vulnerability

The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. First seen on cyberscoop.com Jump to article: cyberscoop.com/palo-alto-networks-cve-2026-0257-exploited-vulnerability/
Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

Jun 2, 2026 1:42 AM

Tags: exploit, network, threat, vulnerability

The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. First seen on cyberscoop.com Jump to article: cyberscoop.com/palo-alto-networks-cve-2026-0257-exploited-vulnerability/
Inspector general finds NIST mistakes have made vulnerability database ineffective

Jun 1, 2026 11:42 PM

Tags: nist, nvd, vulnerability

NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust,” according to an inspector general report. First seen on therecord.media Jump to article: therecord.media/nist-mistakes-vulnerability-database-inspector-general
Europe Edges Closer to Claude Mythos Access

Jun 1, 2026 11:42 PM

Tags: access, ai, cybersecurity, vulnerability

Anthropic Offers ENISA a Place in Project Glasswing. Anthropic offered the European Union’s cybersecurity agency ENISA entry to Project Glasswing, its arrangement for giving organizations controlled early access to its vulnerability-finding Mythos AI model. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/europe-edges-closer-to-claude-mythos-access-a-31827
AI agents help Cato slash ‘timeprotect’ from new CVEs

Jun 1, 2026 8:42 PM

Tags: ai, cve, mitigation, vulnerability, vulnerability-management

The application of agentic AI to vulnerability management workflows has slashed mitigation times in experimental conditions, claims Sase specialist Cato Networks. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643833/AI-agents-help-Cato-slash-time-to-protect-from-new-CVEs
CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation

Jun 1, 2026 6:42 PM

Tags: cisa, exploit, firewall, flaw, kev, network, risk, technology, vulnerability

The vulnerability in a vital defensive technology creates serious risks for federal networks, CISA said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/palo-alto-networks-firewall-flaw-exploitation-cisa-kev/821598/
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit

Jun 1, 2026 5:42 PM

Tags: attack, exploit, update, vpn, vulnerability

Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/patch-palo-alto-auth-bypass-bug-exploit
Race Against Time: Why Faster Vulnerability Alerts Matter

Jun 1, 2026 4:42 PM

Tags: exploit, update, vulnerability

Attackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/
Microsoft Defender Vulnerability Management gets a smarter exposure score

Jun 1, 2026 3:42 PM

Tags: microsoft, risk, vulnerability, vulnerability-management

Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/microsoft-defender-exposure-score-update/
Critical Windows Netlogon RCE flaw now exploited in attacks

Jun 1, 2026 3:42 PM

Tags: attack, country, cybersecurity, exploit, flaw, rce, remote-code-execution, threat, vulnerability, windows

The Centre for Cybersecurity Belgium (CCB), the country’s national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/