The Secure Truth - Page 5 of 13 - Covers cybersecurity news, incidents, vulnerabilities, and analysis

Breaking

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately

4021 CVEs This Month

15 Actively Exploited

0 Ransomware Activity

25 Breaches YTD

Threat Investigation Portal

Investigate an IOC in the live graph workspace.

Investigate IOC

Malicious Plugins on JetBrains Marketplace Target AI API Keys

Cybersecurity News | Exclusive

Malicious Plugins on JetBrains Marketplace Target AI API Keys

Thirumala Rao Padilam

Thirumala Rao Padilam June 17, 2026

ClickFix Campaigns Deliver Multiple Malware Loaders Through Fake Update Lures

Threat Intelligence

ClickFix Campaigns Deliver Multiple Malware Loaders Through Fake...

Google Vertex AI SDK Flaw Allowed Model Upload Hijacking via Bucket Squatting

Vulnerabilities

Google Vertex AI SDK Flaw Allowed Model Upload...

Latest Threats

View all ->

Attackers Exploit Multiple Vulnerabilities in Fortinet FortiSandbox Including Recently Patched Flaw

Threat Intelligence

Attackers Exploit Multiple Vulnerabilities in Fortinet FortiSandbox Including Recently Patched Flaw

Threat intelligence firm Defused Cyber reports active exploitation of three vulnerabilities in Fortinet FortiSandbox, including a critical path...

Thirumala Rao Padilam

Thirumala Rao Padilam

Survey Finds 94% of Security Incidents Involve Anonymized Infrastructure, Highlighting Reactive Posture

Threat Intelligence

Survey Finds 94% of Security Incidents Involve Anonymized Infrastructure, Highlighting Reactive Posture

A recent survey reveals that 94% of security incidents involve anonymized infrastructure, underscoring the difficulties teams face in...

Thirumala Rao Padilam

Thirumala Rao Padilam

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Threat Intelligence

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Security researchers have uncovered Rokarolla, a new Android banking trojan that targets over 200 banking and cryptocurrency apps,...

Thirumala Rao Padilam

Thirumala Rao Padilam

Vulnerability Watch

Top 10 CVEs This Week

Prioritized using CISA KEV, EPSS, CVSS, and recency.

Full watchlist ->

CVE-2026-20262 KEV CVSS 6.5 EPSS 0.0174

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

Known exploited vulnerability affecting Cisco Catalyst SD-WAN Manager with active defender relevance.

CVE-2026-9862 CVSS 9.8 EPSS 0.0084

Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

Critical severity issue in affected software published this week.

CVE-2026-50871 CVSS 9.8 EPSS 0.0067

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.

Critical severity issue in affected software published this week.

CVE-2018-25436 CVSS 9.8 EPSS 0.0066

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the upload handler, which moves files without validation to the plugin upload directory, enabling remote code execution.

Critical severity issue in affected software published this week.

CVE-2026-38065 CVSS 9.8 EPSS 0.0052

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.

Critical severity issue in affected software published this week.

Vulnerability Watch

Anthropic Launches Claude Fable 5 with Layered Cybersecurity Safeguards

AI Security

Anthropic Launches Claude Fable 5 with Layered Cybersecurity Safeguards

June 10, 2026 | Thirumala Rao Padilam

Microsoft Releases Patch Update for 206 Vulnerabilities Including Three Public Zero-Days

Vulnerabilities

Microsoft Releases Patch Update for 206 Vulnerabilities Including Three Public Zero-Days

June 10, 2026 | Thirumala Rao Padilam

Automated Pentesting Stability May Mask Persistent Security Risks, Experts Warn

Cybersecurity News

Automated Pentesting Stability May Mask Persistent Security Risks, Experts Warn

June 10, 2026 | Thirumala Rao Padilam

Over 30 Red Hat npm Packages Compromised to Distribute New Credential-Stealing Malware Variant

Cloud & Identity Security

Over 30 Red Hat npm Packages Compromised to Distribute New Credential-Stealing Malware Variant

June 2, 2026 | Thirumala Rao Padilam

Active Threat Index

LIVE

8.34

Google Chrome Zero-Day

Vulnerabilities

8.32

Ransomware Attacks Surge

Malware & Threats

8.28

European Commission Confirms

Malware & Threats

7.96

CISA and Partners

AI Security

7.8

Microsoft Suspends Developer

Cybersecurity News

error: Content is protected !!