Get the daily digest
A compact daily briefing of the highest-signal cybersecurity stories, in your inbox. Email digest is coming soon.
Daily cybersecurity intelligence
The latest unpatched intel.
Raw, actionable daily security news for defenders tracking exploited vulnerabilities, ransomware, breaches, malware, cloud risk, supply-chain security, and practical detection guidance.
Critical Denial of Service Vulnerability Threatens Rockwell Automation Controllers; Urgent Mitigation Needed
A critical vulnerability in Rockwell Automation's CompactLogix and ControlLogix controllers could lead to denial of service attacks.
More top stories
Critical Joomla Content Editor Flaw Actively Exploited: Immediate Patch Urged by CISA
High-Severity DoS Vulnerability Exposes 1769 Rockwell Automation CompactLogix Controllers to Attack
Service Disruption Vulnerability in Rockwell Automation's RSLinx Classic Ethernet/IP Server Unveiled
Latest stories
/
AI Models Weaponized for Vulnerability Identification: Urgent Security Measures Needed
AI models have been weaponized to identify software vulnerabilities, posing significant risks. Organizations must adopt proactive measures to secure against these AI-driven threats.
CISA Catalogs Two Actively Exploited Vulnerabilities: Critical Patches Urged
Two critical vulnerabilities have been added to CISA's Known Exploited Vulnerabilities catalog: Cisco Catalyst SD-WAN Manager (CVE-2026-20262) and LiteSpeed cPanel Plugin (CVE-2026-54420).
Unauthenticated File Manipulation Flaw in Splunk Enterprise Exposes Critical Risk
A critical vulnerability in Splunk Enterprise allows unauthenticated users to create or truncate arbitrary files through the PostgreSQL sidecar service endpoint.
U.S. CISA Mandates Immediate Patching of Exploited Ivanti Sentry Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies patch an actively exploited Ivanti Sentry vulnerability within three days due to its severe risk of
Critical Oracle PeopleSoft Zero-Day Exploited by ShinyHunters: Over 100 Organizations at Risk
A critical vulnerability in Oracle's PeopleSoft Enterprise PeopleTools (CVE-2026-35273) has been actively exploited by the ShinyHunters group to execute remote code execution attacks.
GreatXML Exploit Bypasses BitLocker via Microsoft Defender's Offline Scan
A newly disclosed exploit named GreatXML allows attackers to bypass Windows BitLocker encryption by exploiting a vulnerability in Microsoft Defender's offline scan functionality.
Unauthorized Access Threat to Industrial Control Systems via Brickcom Camera Vulnerability
A recent advisory from CISA highlights a vulnerability in Brickcom Cameras that could allow unauthorized access to industrial control systems.
Unpatched Vulnerability Exposes Brickcom Cameras to Unauthorized Live Video Access
A significant vulnerability (CVE-2026-50245) has been identified in Brickcom's Cube cameras, allowing unauthenticated access to live video feeds via the `/ONVIF` endpoint.
Critical Path Traversal Flaw in Langflow Exploited, Immediate Upgrade Advised
A critical path traversal vulnerability in the AI development platform Langflow (CVE-2026-5027) is being actively exploited.
Exploited Ivanti Sentry Vulnerability Grants Root Access to Attackers
Attackers are exploiting a high-severity command injection vulnerability in Ivanti Sentry, allowing them to execute code with root privileges on exposed secure mobile gateways.
Microsoft Fixes Critical XSS Flaw in Exchange Server Actively Exploited by Threat Actors
Microsoft has patched an actively exploited vulnerability in Exchange Server that allows threat actors to execute arbitrary JavaScript code via cross-site scripting (XSS) attacks.
Microsoft Fixes Critical Zero-Days Allowing SYSTEM Privileges and BitLocker Bypass
Microsoft recently patched three zero-day vulnerabilities-GreenPlasma, MiniPlasma, and YellowKey-that could allow attackers to gain SYSTEM privileges or bypass BitLocker protection on Windows systems.