Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, now tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare… Read More "Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day"
Its main goal is to tackle the unique vulnerabilities that come with AI technologies such as attacks that tamper with training data, trick models through engineered prompts, or steal sensitive information. SAIF draws on Google’s own experiences developing and deploying… Read More "5 AI risk management frameworks for shoring up key gaps"
A lack of skilled staff is the top operational challenge faced by today’s security operations centers (SOCs), although practitioners and leaders have diverging perceptions of hiring needs, according to SANS Institute. The 2026 SANS SOC Survey was based on interviews… Read More "Staffing Is Top SOC Challenge Even as AI Proliferates, Says SANS"
Fresh Chrome and Firefox updates are now rolling out with fixes for over 70 vulnerabilities, including critical and high-severity memory safety bugs that could potentially lead to remote code execution (RCE). Chrome has been updated to versions 149.0.7827.155/.156 for Windows… Read More "Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities"
Ravie LakshmananJun 17, 2026Malware / Cryptocurrency As many as 144 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply… Read More "144 Mastra npm Packages Compromised via Hijacked Contributor Account"
A leading security vendor has warned customers that attackers are actively exploiting a high-severity CVE in one of its products that it patched last month. CVE-2026-0257 is an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto… Read More "Palo Alto Warns High-Severity Bug Is Being Actively Exploited"
Three recently patched Fortinet FortiSandbox vulnerabilities are being targeted in the wild, according to exploit intelligence company Defused. Defused’s honeypots have been seeing attempts to exploit CVE-2026-39808, CVE-2026-39813, and CVE-2026-25089. CVE-2026-39813 and CVE-2026-39808 were both rated ‘critical severity’ and patched… Read More "3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs"
Ravie LakshmananJun 17, 2026Vulnerability / Supply Chain Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of… Read More "CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution"
ESET researchers have discovered two as-yet undocumented Windows variants of SprySOCKS, a previously Linux-only backdoor reportedly used by FishMonger, the group believed to be operated by a Chinese contractor named I‑SOON. While we initially discovered the malware samples on VirusTotal,… Read More "FishMonger’s arsenal upgraded: SprySOCKS for Windows"
Threat actors are delivering malware from phishing pages hosted on legitimate ChatGPT domains, Push Security has warned. The vendor claimed that hackers are abusing ChatGPT’s code-rendering feature to build pages spoofing the brand. These redirect victims to a fake download page… Read More "Attackers Abuse Shared Content for ChatGPT Phishing Campaign"
