Active Exploitation of Critical Zero-Days in Microsoft Exchange and Cisco SD-WAN; Windows Flaws Exposed by Public PoCs

Fortinet Patches Critical RCE Flaws in FortiAuthenticator and FortiSandbox

Fortinet has released urgent security updates to address critical vulnerabilities in its FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083) products. The flaws, rated 9.8 and 9.1 respectively, could allow an unauthenticated, remote attacker...

Critical RCE Flaw in CloudNativePG for Kubernetes Allows Superuser Takeover

A critical vulnerability, CVE-2026-44477, has been discovered in CloudNativePG, a popular open-source operator for running PostgreSQL on Kubernetes. The flaw, rated 9.4 in severity, allows for privilege escalation to full 'postgres' superuser and subsequent re...

Russian APT Turla Evolves Kazuar Backdoor into Stealthy P2P Botnet

The Russian state-sponsored threat group Turla has significantly upgraded its Kazuar backdoor, transforming it into a sophisticated, modular peer-to-peer (P2P) botnet. According to Microsoft, this architectural shift is designed to enhance stealth and resilien...

Sandworm APT Evolves, Targeting Misconfigured Edge Devices for Direct OT Access

The Russian state-sponsored group Sandworm (APT44) is evolving its tactics, moving from traditional IT network intrusions to directly targeting misconfigured edge devices as an entry point into Operational Technology (OT) networks. This shift allows the APT to...

NIST Finalizes SP 800-172r3, Toughening Security Rules for Controlled Unclassified Information (CUI)

The U.S. National Institute of Standards and Technology (NIST) has finalized Special Publication (SP) 800-172r3, which outlines enhanced security requirements for protecting Controlled Unclassified Information (CUI). The updated guidance adds 80 new controls,...

AI-Powered Attacks on Maritime Industry Weaponize Flaws in Under 48 Hours

A new report from Cydome highlights the dramatic acceleration of cyber threats against the global maritime industry, driven by attackers using Artificial Intelligence (AI). Up to 60% of newly disclosed software vulnerabilities are now being weaponized within 4...

Cisco Scrambles to Patch Critical 10.0 CVSS Zero-Day in SD-WAN Under Active Attack

Update:The Canadian Centre for Cyber Security has confirmed active exploitation of CVE-2026-20182, noting attackers have successfully escalated privileges to root. This update also highlights that threat actors continue to exploit older SD-WAN vulnerabilities. Compre...

Microsoft Exchange Zero-Day Under Active Attack, Mitigations Deployed Automatically

Update:The actively exploited Exchange zero-day, CVE-2026-42897, has new technical details. Microsoft confirmed no patch in May 2026 Patch Tuesday. The vulnerability's impact is further detailed, including potential for credential theft, session hijacking, data exfil...

Belarus-Aligned APT 'FrostyNeighbor' Deploys New JavaScript Loader in Attacks on Poland & Ukraine

Update:The Belarus-aligned FrostyNeighbor (Ghostwriter) APT continues its campaign against Ukrainian government organizations, active since March 2026. ESET has now released specific Indicators of Compromise (IOCs) to aid defenders. The group's geofenced infrastructu...

Researcher Drops Two Windows Zero-Days, 'YellowKey' and 'GreenPlasma,' Exposing BitLocker and Escalating Privileges

Update:The new article provides additional context regarding the YellowKey and GreenPlasma zero-day exploits. It highlights that the PoCs were released immediately after Microsoft's May Patch Tuesday, emphasizing the lack of official patches. The affected server vers...

New 'Rex' Ransomware Emerges, Using Double Extortion and .rex48 Extension

Update:The latest analysis of Rex Ransomware provides explicit command-line usage for deleting Volume Shadow Copies (vssadmin.exe Delete Shadows /all /quiet), offering a more precise indicator for detection. Additionally, the report expands on MITRE ATT&CK techniques...