Check Point has urged customers to patch a critical zero-day vulnerability in its Remote Access VPN and Mobile Access solutions that is being actively exploited. CVE-2026-50751 is an authentication bypass flaw that affects deployments configured to use the deprecated IKEv1 key… Read More "Check Point Warns Critical Auth Bypass Bug Exploited in the Wild"
AI is disruptive. Anthropic’s Claude Mythos model, and its successors, promise to be even more disruptive: they could threaten the existing bug bounty and/or in-house offensive security industries. AI has been widely adopted by both cybersecurity attackers and defenders. Attackers… Read More "Will AI Kill the Bug Bounty Industry?"
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You… Read More "New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing"
Google has released an emergency update to patch 74 Chrome vulnerabilities, including a high-severity flaw that has been exploited in the wild. This is the fifth Chrome zero-day vulnerability in 2026 that has been exploited before a patch has been… Read More "Google Releases Patch for Chrome Vulnerability Exploited in the Wild"
Check Point on Monday warned that a critical-severity authentication bypass vulnerability affecting its VPN and firewall products has been exploited in the wild as a zero-day. Tracked as CVE-2026-50751 (CVSS score of 9.3), the security defect is described as a… Read More "Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks"
“We discovered that it is possible to create an AI-driven computer worm, using only small, free AI models, that can autonomously identify each machine’s unique weak points (including vulnerabilities just reported by industry and misconfigurations such as reused passwords) and… Read More "AI worm prototype shows attackers don’t need Mythos to take over your network"
WhatsApp has asked a US court to hold a blacklisted spyware firm in contempt, after claiming it has violated a permanent injunction banning it from targeting users. The messaging giant said on June 8 that it “successfully disrupted” social engineering… Read More "WhatsApp Discovers NSO Group-Linked Spearphishing Attempts"
An APT group linked to the Iranian government pretended to be a Chaos ransomware affiliate in order to provide plausible deniability for geopolitical espionage and prepositioning, Rapid7 has claimed. The security vendor made the revelations in a new report published… Read More "Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign"
Google on Monday announced a Chrome 149 update that patches 74 vulnerabilities, including a zero-day that has been exploited in the wild. The exploited vulnerability is tracked as CVE-2026-11645. It has been described as a high-severity out-of-bounds read/write issue in… Read More "Google Patches 5th Chrome Zero-Day Exploited in 2026"
Ravie LakshmananJun 09, 2026Vulnerability / Artificial Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as… Read More "LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE"
