“To make the CISA KEV means that we’re seeing active exploitations,” agreed Tyler Reguly, Fortra’s associate director of security R&D. “Given that this CVE was patched by Oracle in the July 2024 Critical Patch Update (CPU), I would expect most… Read More "Two-year old Oracle WebLogic Server vulnerability is being exploited"
Vibe coding tools like Anthropic’s Claude Code are flooding software with new vulnerabilities, Georgia Tech researchers have warned. At least 35 new common vulnerabilities and exposures (CVE) entries were disclosed in March 2026 that were the direct result of AI-generated… Read More "Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code"
Threat actors compromised multiple high-profile Instagram accounts last week by simply asking Meta’s AI-powered account recovery assistant to hand them over. The attackers exploited a logic flaw in the AI assistant, a classic ‘confused deputy’ issue, to have their own… Read More "Meta AI Hands Over High-Profile Instagram Accounts to Hackers"
The UK government has sanctioned a network of individuals and organizations allegedly linked to scam compounds in Southeast Asia. Across Southeast Asia, scam centers are using sophisticated schemes, including romance scams, to defraud victims on an industrial scale. The latest action by the UK government,… Read More "UK Cracks Down on Chinese Crypto Marketplace for Funding Scam Hubs"
A critical-severity vulnerability in multiple HP Poly Voice VoIP phone models can be exploited for remote code execution (RCE) with root privileges, allowing attackers to gain a foothold in enterprise networks, Rapid7 warns. Tracked as CVE-2026-0826 (CVSS score of 9.2),… Read More "Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches"
Ravie LakshmananJun 02, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The… Read More "Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation"
ICE enables VoIP devices to establish peer-to-peer connections using the shortest available network path. The feature is not enabled by default on HP Poly devices, and the company advises administrators to disable it if it’s not needed. The flaw, rated… Read More "HP Poly VoIP vulnerability sets the stage for executive voice deepfakes"
A Birmingham-based provider of monitored alarms has been fined £100,000 ($132,000) by the Information Commissioner’s Office (ICO) after staff used false identities on marketing sales calls. TMAC made over 260,000 nuisance calls to numbers registered on the Telephone Preference Service… Read More "ICO Fines UK Nuisance Call Scammers £100,000"
President Donald Trump signed an executive order on oversight of artificial intelligence Tuesday, less than two weeks after postponing a White House ceremony over his concerns that a similar policy could dull America’s technological edge. The order establishes a framework… Read More "Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks"
Ravie LakshmananJun 02, 2026Vulnerability / Mobile Security Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active… Read More "Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited"
