[{"published": "2026-06-13 18:01", "relative_age": "11 min", "source": "Al Jazeera", "category": "world", "title": "Gaza post-‘ceasefire’ deaths hit 983 as Israeli attack targets refugee camp", "link": "https://www.aljazeera.com/news/2026/6/13/gaza-post-ceasefire-deaths-hit-983-as-israeli-attack-targets-refugee-camp?traffic_source=rss", "topic_tag": "attack", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Israeli attack kills one person in central Gaza's Bureij camp, as a disabled Palestinian is shot in occupied West Bank."}, {"published": "2026-06-12 14:04", "relative_age": "1 d", "source": "The Hacker News", "category": "security", "title": "Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code", "link": "https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html", "topic_tag": "agentjacking", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "analysis", "summary": "Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. \"The attack"}, {"published": "2026-06-12 12:05", "relative_age": "1 d", "source": "SVT Utrikes", "category": "world", "title": "Drönare över Mexiko – de söker efter försvunna anhöriga i Sinaloa", "link": "https://www.svt.se/nyheter/utrikes/dronare-over-mexiko-de-soker-efter-forsvunna-anhoriga-i-sinaloa", "topic_tag": "anhöriga", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "I Mexiko letar tusentals anhöriga efter sina försvunna familjemedlemmar. Och nu har drönare blivit ett viktigt redskap i arbetet med att hitta massgravar. – Jag tror att vi har hittat ungefär 150 kroppar med drönaren, säger María Isabel Cruz till SVT."}, {"published": "2026-06-12 02:58", "relative_age": "1 d", "source": "Dark Reading", "category": "security", "title": "Phishing Attack Volume Down 20%, But Risk Still Rising", "link": "https://www.darkreading.com/cybersecurity-analytics/phishing-volume-down-20-risk-rising", "topic_tag": "attack", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiply them."}, {"published": "2025-03-11 08:00", "relative_age": "459 d", "source": "Fortinet PSIRT", "category": "security", "title": "Pre-authentication Denial of Service attack in OpenSSH - CVE-2025-26466", "link": "https://fortiguard.fortinet.com/psirt/FG-IR-25-122", "topic_tag": "2025", "cves": ["CVE-2025-26466"], "vendor": "Cisco", "cvss": 3.0, "risk_level": "low", "item_type": "cve", "summary": "CVSSv3 Score: 5.9 CVE-2025-26466A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. Revised on 2026-05-25 00:00:00"}, {"published": "2022-08-30 18:00", "relative_age": "1383 d", "source": "Threatpost", "category": "security", "title": "Watering Hole Attacks Push ScanBox Keylogger", "link": "https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/", "topic_tag": "attacks", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool."}, {"published": "2022-08-23 15:19", "relative_age": "1390 d", "source": "Threatpost", "category": "security", "title": "Firewall Bug Under Active Attack Triggers CISA Warning", "link": "https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/", "topic_tag": "active", "cves": [], "vendor": "Palo Alto", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP."}, {"published": "2026-06-13 17:52", "relative_age": "19 min", "source": "SecurityWeek Vulnerabilities", "category": "security", "title": "NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks", "link": "https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/", "topic_tag": "attacks", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed. The post NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks appeared first on SecurityWeek."}, {"published": "2026-06-13 13:31", "relative_age": "4 h", "source": "The Next Web", "category": "tech", "title": "The FBI built a fake town to train agents for cyberattacks. It has a hospital, a power company, and 200 servers.", "link": "https://thenextweb.com/news/fbi-kinetic-cyber-range-replica-town-cyberattacks", "topic_tag": "agents", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "The FBI has revealed a 22,000 square-foot replica town on its Huntsville, Alabama, campus built to train law enforcement in simulating and investigating real-world cyberattacks. The Kinetic Cyber Range opened in February 2025 and has trained more than 1,400 students, including FBI personnel and partners from other federal and local agencies. The facility features fully […] This story continues at The Next Web"}, {"published": "2026-06-13 13:00", "relative_age": "5 h", "source": "TechCrunch", "category": "tech", "title": "The FBI built its own replica small town to simulate real-world cyberattacks", "link": "https://techcrunch.com/2026/06/13/the-fbi-built-its-own-replica-small-town-to-simulate-real-world-cyberattacks/", "topic_tag": "built", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Hidden inside a building in Alabama, the FBI has created its own small town as a dedicated cyber training ground for simulating cyberattacks."}, {"published": "2026-06-12 20:08", "relative_age": "22 h", "source": "The Guardian World", "category": "world", "title": "Canada police investigate whether Toronto police death linked to global terror attacks", "link": "https://www.theguardian.com/world/2026/jun/12/canada-police-investigate-toronto-police-death-global-terror-attacks", "topic_tag": "attacks", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Constable Marc Pinizzotto, 43, was killed while executing search warrants related to a shooting at US consulate Authorities in Canada are investigating whether the killing of a Toronto police officer while he was executing search warrants related to a shooting at the city’s US consulate is linked a broader series of global terror attacks. Constable Marc Pinizzotto, 43, a member of the emergency taskforce, was killed on Thursday during a dawn search of an apartment building in the west of the city. Continue reading..."}, {"published": "2026-06-12 13:00", "relative_age": "1 d", "source": "The Hacker News", "category": "security", "title": "Rethinking MDR as Attackers and Defenders Embrace AI", "link": "https://thehackernews.com/2026/06/rethinking-mdr-as-attackers-and.html", "topic_tag": "attackers", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more"}, {"published": "2026-06-12 06:31", "relative_age": "1 d", "source": "SVT Utrikes", "category": "world", "title": "Polisen i Nordirland ska ha varnats för ”attacklista”", "link": "https://www.svt.se/nyheter/utrikes/polisen-i-nordirland-ska-ha-varnats-for-attacklista", "topic_tag": "attacklista", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Bostäder har satts i brand och vandaliserats under veckans upplopp i Belfast. Polisen i Nordirland ska i flera månader ha varnats om att det i högerextrema kretsar spridits en ”attacklista”, rapporterar The Guardian. På listan finns adresser som blev måltavlor i upploppen."}, {"published": "2026-06-11 15:57", "relative_age": "2 d", "source": "SecurityWeek Vulnerabilities", "category": "security", "title": "Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks", "link": "https://www.securityweek.com/oracle-addresses-peoplesoft-vulnerability-amid-reports-of-zero-day-attacks/", "topic_tag": "addresses", "cves": ["CVE-2026-35273"], "vendor": "", "cvss": null, "risk_level": "medium", "item_type": "cve", "summary": "Oracle has released mitigations for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek."}, {"published": "2026-06-13 17:24", "relative_age": "48 min", "source": "BBC World", "category": "world", "title": "Woman seriously injured in shark attack at Sydney beach", "link": "https://www.bbc.com/news/articles/c3ryw807133o?at_medium=RSS&at_campaign=rss", "topic_tag": "attack", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "The woman, 35, was pulled from the water by members of the public and then airlifted to hospital, police say."}, {"published": "2026-06-13 08:06", "relative_age": "10 h", "source": "DW World", "category": "world", "title": "Woman critically injured in shark attack at Sydney beach", "link": "https://www.dw.com/en/woman-critically-injured-in-shark-attack-at-sydney-beach/a-77534097?maca=en-rss-en-all-1573-rdf", "topic_tag": "attack", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "A woman, believed to be in her 30s, sustained critical injuries after being bitten by a shark off Sydney's Coogee Beach."}, {"published": "2026-06-12 12:57", "relative_age": "1 d", "source": "Computer Sweden", "category": "tech", "title": "Tillslag mot tjänst som hjälpt ransomwaregäng tvätta pengar", "link": "https://computersweden.se/article/4184425/tillslag-mot-tjanst-som-hjalpt-ransomwaregang-tvatta-pengar.html", "topic_tag": "hjälpt", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Europol har i samarbete med polismyndigheter från elva länder gjort ett stort tillslag mot Audi A6, en kryptotjänst som hackare har använt för att tvätta pengar från kriminella aktiviteter. I samband med tillslaget har två personer gripits, 25 domäner stängts ner och kryptovalutor till ett värde av 8,5 miljoner svenska kronor säkrats. Dessutom har 80 fordon beslagtagits. Enligt uppgift förekommer Audi A6 i minst 15 utredningar rörande gisslanattacker som utförts mellan 2022 och 2025. Audi A6 har tagit ut en avgift på mellan 3 och 10 procent för pengatvätten, rapporterar Bleeping Computer."}, {"published": "2026-06-12 12:57", "relative_age": "1 d", "source": "IDG.se", "category": "tech", "title": "Tillslag mot tjänst som hjälpt ransomwaregäng tvätta pengar", "link": "https://computersweden.se/article/4184425/tillslag-mot-tjanst-som-hjalpt-ransomwaregang-tvatta-pengar.html", "topic_tag": "hjälpt", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Europol har i samarbete med polismyndigheter från elva länder gjort ett stort tillslag mot Audi A6, en kryptotjänst som hackare har använt för att tvätta pengar från kriminella aktiviteter. I samband med tillslaget har två personer gripits, 25 domäner stängts ner och kryptovalutor till ett värde av 8,5 miljoner svenska kronor säkrats. Dessutom har 80 fordon beslagtagits. Enligt uppgift förekommer Audi A6 i minst 15 utredningar rörande gisslanattacker som utförts mellan 2022 och 2025. Audi A6 har tagit ut en avgift på mellan 3 och 10 procent för pengatvätten, rapporterar Bleeping Computer."}, {"published": "2026-06-13 15:23", "relative_age": "2 h", "source": "The Hacker News", "category": "security", "title": "Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication", "link": "https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html", "topic_tag": "attackers", "cves": ["CVE-2026-20253"], "vendor": "", "cvss": 10.0, "risk_level": "medium", "item_type": "cve", "summary": "Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. \"In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary"}, {"published": "2022-08-26 18:44", "relative_age": "1386 d", "source": "Threatpost", "category": "security", "title": "Ransomware Attacks are on the Rise", "link": "https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/", "topic_tag": "attacks", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "malware", "summary": "Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group."}, {"published": "2026-06-13 17:34", "relative_age": "38 min", "source": "Al Jazeera", "category": "world", "title": "Thousands attend anti-racism rallies following unrest in Belfast", "link": "https://www.aljazeera.com/news/2026/6/13/thousands-attend-anti-racism-rallies-following-unrest-in-belfast?traffic_source=rss", "topic_tag": "anti", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "The rallies in Northern Ireland follow two nights of anti-immigrant violence provoked by a stabbing attack."}, {"published": "2026-06-13 16:47", "relative_age": "1 h", "source": "Dagens Industri", "category": "sweden", "title": "Investeraren: De vinner Europas drönarkrig", "link": "https://www.di.se/digital/investeraren-de-vinner-europas-dronarkrig/", "topic_tag": "drönarkrig", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Utslagning väntar på marknaden för militära drönare. Men kriget i Ukraina ger Europa en chans att hävda sig globalt. Det hävdar Ted Elvhage, vars fond har 1,5 miljarder kronor till startupbolag inom rymd och försvar. ”Största möjligheten ligger i samriskbolag med Ukraina”, säger han."}, {"published": "2026-06-13 16:23", "relative_age": "1 h", "source": "Dagens Nyheter", "category": "sweden", "title": "BMW:s ödesbil mot Kina – DN kör 60 mil för att se om Europa kan slå tillbaka", "link": "https://www.dn.se/ekonomi/bmws-odesbil-mot-kina-dn-kor-60-mil-for-att-se-om-europa-kan-sla-tillbaka/", "topic_tag": "europa", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Tysk bilindustri skakar. Över 100 000 jobb är borta, vinsterna rasar – och Kina går nu till attack mot BMW:s och Mercedes mest lönsamma modeller. DN kör bilen som ska visa om Europa kan slå tillbaka: nya BMW iX3. Blir den räddningen?"}, {"published": "2026-06-13 15:34", "relative_age": "2 h", "source": "France 24", "category": "world", "title": "NATO weighs options to defend Europe as the US plans for conflict elsewhere", "link": "https://www.france24.com/en/video/20260613-nato-weighs-options-to-defend-europe-as-the-us-plans-for-conflict-elsewhere", "topic_tag": "conflict", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "NATO's top military officer is weighing alternative plans to defend Europe should it come under attack from Russia, after the United States announced that it is cutting the number of aircraft and warships it would provide in a security crisis. We discuss it with our guest, André Loesekrug-Pietri, president of the Joint European Disruptive Initiative."}, {"published": "2026-06-13 14:00", "relative_age": "4 h", "source": "Medical Xpress (Health)", "category": "health_fitness", "title": "Sugar-coated CAR-T cells survive longer and shrink lymphoma tumors in mice", "link": "https://medicalxpress.com/news/2026-06-sugar-coated-car-cells-survive.html", "topic_tag": "cells", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Scientists at Florida International University may have found a way to make a powerful cancer treatment work even better. The treatment, called CAR-T therapy, uses a patient's own immune cells to fight cancer. Doctors remove special immune cells called T-cells from the body, genetically change them in a lab so they can recognize cancer, and then put them back into the patient to attack tumors. The therapy has already helped many people with serious blood cancers such as lymphoma and leukemia."}, {"published": "2026-06-13 14:00", "relative_age": "4 h", "source": "Feber", "category": "tech", "title": "12-åring brände 23 000 kronor i spel", "link": "https://feber.se/spel/12-aring-brande-23-000-kronor-i-spel/492963/?utm_source=rss&utm_medium=feed", "topic_tag": "brände", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Nu vill familjen få tillbaka pengarna En familj i Jönköping har hamnat i en störig situation efter att deras 12-årige son använt mammans bankkort för inköp i ett spel. Utan föräldrarnas tillåtelse lyckades pojken handla digitala föremål för nästan 23 000 kronor. När de oväntade utgifterna upptäcktes vände sig familjen till spelplattformen för att få pengarna tillbaka, men fick nej. Företaget hävdar att pojken har godkänt deras användarvillkor och att köpen därmed är juridiskt bindande. Familjen har nu tagit hjälp av Allmänna reklamationsnämnden (ARN) då de anser att ett barn i den åldern inte kan förväntas förstå innebörden av komplexa avtal eller de ekonomiska konsekvenserna av sina handlingar på nätet. Nu kräver familjen att köpen ogiltigförklaras och att de får tillbaka hela summan, eller åtminstone 80 procent av pengarna. Vilket spel det handlar om är oklart, men någon direkt högoddsare är det ju ej om det visar sig vara Roblox eller Ultimate Team eller något sådant. Läs vidare och kommentera: https://feber.se/spel/12-aring-brande-23-000-kronor-i-spel/492963/ Läs mer om Jönköping, ARN, Spel, Bankkort, Konsumenträtt"}, {"published": "2026-06-12 18:17", "relative_age": "23 h", "source": "SecurityWeek Vulnerabilities", "category": "security", "title": "In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine", "link": "https://www.securityweek.com/in-other-news-google-security-layoffs-audia6-takedown-400-million-coupang-fine/", "topic_tag": "audia6", "cves": [], "vendor": "Microsoft", "cvss": null, "risk_level": "low", "item_type": "incident", "summary": "Other noteworthy stories that might have slipped under the radar: ICS device exposure remains flat as attack surface widens, Microsoft issues incident response playbook for AI, IBM and AT&T accused of hack cover-ups. The post In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine appeared first on SecurityWeek."}, {"published": "2026-06-12 12:58", "relative_age": "1 d", "source": "Computer Sweden", "category": "tech", "title": "Oracle varnar för kritisk sårbarhet i Peoplesoft – över 100 företag redan drabbade", "link": "https://computersweden.se/article/4184397/oracle-varnar-for-kritisk-sarbarhet-i-peoplesoft-over-100-foretag-redan-drabbade.html", "topic_tag": "drabbade", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Oracle har upptäckt en kritisk sårbarhet i Peoplesoft, en mjukvara som bland annat används för att hantera personaluppgifter och löneutbetalningar. Enligt Oracle krävs det varken autentisering eller lösenord för att utnyttja den aktuella sårbarheten, något som gör situationen extra allvarlig. Den ökända hackargruppen Shiny Hunters uppger att man har använt sig av sårbarheten för att göra intrång hos mer än 100 företag, organisationer och universitet. Enligt Techcrunch säger sig hackarna bland annat ha kommit över uppgifter om hundratusentals studenter, vilket inkluderar namn, adresser, telefonnummer, mejladresser, födelsedatum, kön och etnicitet. Någon uppdatering som täpper till sårbarheten finns inte tillgänglig i skrivande stund, men förhoppningsvis skickas en sådan ut inom kort."}, {"published": "2026-06-12 12:58", "relative_age": "1 d", "source": "IDG.se", "category": "tech", "title": "Oracle varnar för kritisk sårbarhet i Peoplesoft – över 100 företag redan drabbade", "link": "https://computersweden.se/article/4184397/oracle-varnar-for-kritisk-sarbarhet-i-peoplesoft-over-100-foretag-redan-drabbade.html", "topic_tag": "drabbade", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Oracle har upptäckt en kritisk sårbarhet i Peoplesoft, en mjukvara som bland annat används för att hantera personaluppgifter och löneutbetalningar. Enligt Oracle krävs det varken autentisering eller lösenord för att utnyttja den aktuella sårbarheten, något som gör situationen extra allvarlig. Den ökända hackargruppen Shiny Hunters uppger att man har använt sig av sårbarheten för att göra intrång hos mer än 100 företag, organisationer och universitet. Enligt Techcrunch säger sig hackarna bland annat ha kommit över uppgifter om hundratusentals studenter, vilket inkluderar namn, adresser, telefonnummer, mejladresser, födelsedatum, kön och etnicitet. Någon uppdatering som täpper till sårbarheten finns inte tillgänglig i skrivande stund, men förhoppningsvis skickas en sådan ut inom kort."}, {"published": "2026-06-03 18:00", "relative_age": "10 d", "source": "Cisco PSIRT", "category": "security", "title": "Cisco Webex Meetings Cross-Site Scripting Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-jw3NeQzS?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Webex%20Meetings%20Cross-Site%20Scripting%20Vulnerability%26vs_k=1", "topic_tag": "cisco", "cves": ["CVE-2026-20233"], "vendor": "Cisco", "cvss": null, "risk_level": "medium", "item_type": "cve", "summary": "A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information. As mentioned, Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-jw3NeQzS Security Impact Rating: Medium CVE: CVE-2026-20233"}, {"published": "2022-08-19 17:25", "relative_age": "1394 d", "source": "Threatpost", "category": "security", "title": "iPhone Users Urged to Update to Patch 2 Zero-Days", "link": "https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/", "topic_tag": "days", "cves": [], "vendor": "", "cvss": null, "risk_level": "medium", "item_type": "exploit", "summary": "Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack."}, {"published": "2022-08-18 16:31", "relative_age": "1395 d", "source": "Threatpost", "category": "security", "title": "Google Patches Chrome’s Fifth Zero-Day of the Year", "link": "https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/", "topic_tag": "chrome", "cves": [], "vendor": "Google", "cvss": null, "risk_level": "medium", "item_type": "exploit", "summary": "An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack."}, {"published": "2026-06-13 14:21", "relative_age": "3 h", "source": "Expressen", "category": "sweden", "title": "Bilden visar handskrivna lappen till Dadgostar", "link": "https://www.expressen.se/nyheter/politik/bilden-visar-handskrivna-lappen-till-dadgostar/", "topic_tag": "bilden", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Här är attacken mot M-profilen – som Nooshi Dadgostar aldrig använde. Expressens fotograf fångade den handskrivna lappen på bild. – Det tar jag som en ära, säger måltavlan Lars Beckman (M)."}, {"published": "2026-06-12 22:36", "relative_age": "19 h", "source": "Cisco PSIRT", "category": "security", "title": "Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Controller,%20Catalyst%20SD-WAN%20Manager,%20and%20Catalyst%20SD-WAN%20Validator%20Authenticated%20Privilege%20Escalation%20Vulnerability%26vs_k=1", "topic_tag": "authenticated", "cves": ["CVE-2026-20127", "CVE-2026-20182", "CVE-2026-20245"], "vendor": "Cisco", "cvss": null, "risk_level": "low", "item_type": "cve", "summary": "A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the Catalyst SD-WAN Security Advisory that was published on May 14, 2026, and verify the configuration of the edge devices. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Important: To preserve possible indicators of compromise, customers should issue the request admin-tech command from each of the control components in the SD-WAN deployment before upgrading. After the admin-tech file has been collected, software should be upgraded at the earliest opportunity. Before upgrading an SD-WAN deployment to a fixed release, retain relevant logs. After upgrading, verify that the system has not been compromised by checking the logs for the indicators of compromise as documented in this advisory. If the logs show indicators of compromise and the system is confirmed to be compromised, applying the software update alone will not resolve the vulnerability. In such cases, follow the specific remediation steps that will be provided by the Cisco Technical Assistance Center (TAC) to help secure the system. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx Security Impact Rating: High CVE: CVE-2026-20245"}, {"published": "2026-06-12 21:33", "relative_age": "20 h", "source": "The Hacker News", "category": "security", "title": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit", "link": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html", "topic_tag": "arch", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "malware", "summary": "Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate"}, {"published": "2026-06-12 21:16", "relative_age": "20 h", "source": "DN Varlden", "category": "world", "title": "Kremls drag ska vända trenden – oroar Ukraina", "link": "https://www.dn.se/varlden/kremls-drag-ska-vanda-trenden-oroar-ukraina/", "topic_tag": "drag", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "Nötande luftangrepp, överbelastningsattacker och mer hjälp från Kina – tre faktorer som Ryssland hoppas ska vända trenden vid fronten. Men Ukrainas tekniska övertag gör att Kremls styrkor kör fast, enligt militärexperten Roger Djupsjö."}, {"published": "2026-06-12 11:44", "relative_age": "1 d", "source": "SecurityWeek Vulnerabilities", "category": "security", "title": "Ivanti Sentry Exploitation Attempts Hitting Honeypots", "link": "https://www.securityweek.com/ivanti-sentry-exploitation-attempts-hitting-honeypots/", "topic_tag": "attempts", "cves": [], "vendor": "Ivanti", "cvss": null, "risk_level": "low", "item_type": "exploit", "summary": "The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek."}, {"published": "2026-06-12 06:30", "relative_age": "1 d", "source": "Computer Sweden", "category": "tech", "title": "Cio:er hålls ansvariga för AI som de inte har kontroll över", "link": "https://computersweden.se/article/4183967/enligt-en-studie-fran-ibm-halls-it-chefer-ansvariga-for-ai-som-de-inte-har-full-kontroll-over.html", "topic_tag": "ansvariga", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "I takt med att företagen skyndar sig att införa AI inom olika affärsområden hamnar många it-chefer och teknikchefer i en situation där de hålls ansvariga för system som de kanske inte har full kontroll över, vilket skapar en ny utmaning när det gäller styrning för cheferna. En ny undersökning från IBM Institute for Business Value bland 2 000 teknikchefer visar att två tredjedelar av cio:er och cto:er hålls ansvariga för AI-system som de inte har full kontroll över. Undersökningen visade också att 70 procent av de tillfrågade uppgav att tekniken implementeras i verksamheten snabbare än vad it-avdelningen hinner med, medan 77 procent uppgav att införandet av AI redan överstiger styrningskapaciteten. De tillfrågade cheferna förväntar sig att antalet AI-agenter som implementeras inom deras organisationer kommer att öka med 38 procent fram till 2027, men endast 11 procent uppgav att de är fullt förberedda för den omfattning av AI-agentimplementering som de förväntar sig under det kommande året. Enligt IBM rapporterade 80 procent av de tillfrågade också att vd:n har gett i uppdrag att påskynda AI-omvandlingen. ”För cio:er och cto:er är utmaningen nu att skala upp AI-system som fungerar kontinuerligt och autonomt, ofta inom styrningsmodeller och arkitekturer som är utformade för en betydligt långsammare och mer förutsägbar miljö”, säger Matt Lyteson, cio på IBM, i ett uttalande. Ansvarsskyldigheten följer inte kontrollen Resultaten får genklang hos analytiker som säger att det ansvarsgap som IBM lyfter fram blir allt vanligare i takt med att AI-användningen expanderar över olika affärsfunktioner. – AI-kapacitet är nu inbäddad i SaaS, molnet och affärsdrivna projekt, så införandet sker i organisationens ytterkanter medan ansvaret kvarstår på toppen, säger Deepika Giri, analytiker på IDC Asia/Pacific. IDC:s forskning visar att endast cirka 16 procent av organisationerna har en enhetlig AI-styrningsmodell, vilket innebär att cio:n bär risken för system som de inte direkt driver. – Företagen har decentraliserat experimenteringen mycket snabbare än de har decentraliserat ansvaret, säger Sanchit Vir Gogia, chefsanalytiker på Greyhound Research. Kontrollen blir delad i det ögonblick AI berör flera plattformar samtidigt. Ansvaret följer inte med. Enligt analytiker integreras AI i allt högre grad i företagsapplikationer, SaaS-plattformar, molntjänster, utvecklingsverktyg och affärsflöden som ligger utanför traditionella it-styrningsstrukturer. – Införandet av AI är affärsdrivet, integrerat i SaaS, molnplattformar och utvecklingsverktyg, och kringgår den centrala it-avdelningen med växande skugg-AI, säger Charlie Dai, chefsanalytiker på Forrester. – Cio:er behåller ansvaret för risker och kostnader men saknar kontroll på grund av federerade modeller och hyperscaler-ledd abstraktion. Resultatet är att teknikledare ofta förblir ansvariga för risker, efterlevnad och affärsresultat även när kritiska aspekter av implementeringen ligger utanför deras direkta kontroll. Rajesh Ranjan, managing partner på Everest Group, säger att många organisationer nu förväntar sig att cio:er ska leverera AI-drivna affärsresultat, även om framgång ofta beror på omformning av processer, förändringar i personalstyrkan och skift i verksamhetsmodeller som sträcker sig bortom it-avdelningens direkta ansvarsområde. Ranjan säger att införandet av AI går snabbare än företagens förmåga att etablera ramverk för styrning och ansvarsskyldighet, vilket skapar ”en växande klyfta mellan ansvar och kontroll”. Skugg-AI höjer insatserna Analytikerna sa att utmaningen med ansvarsskyldighet blir mer akut i takt med att införandet av AI sprider sig genom verktyg och tjänster som affärsteamen kan komma åt utan betydande it-involvering. – Traditionell skugg-it introducerade ohanterad programvara. Skugg-AI introducerar ohanterat omdöme, säger Gogia. Företag kan nu få tillgång till AI-funktioner genom inbyggd SaaS-funktionalitet, externa verktyg, API:er, copilots och agentramverk med liten inblandning från it, säger analytikerna, vilket utvidgar utmaningen bortom traditionell teknikstyrning. Dai säger att riskerna sträcker sig bortom säkerhet och efterlevnad till att omfatta okontrollerade kostnader, regleringsrisker, snabba injektionsattacker och sårbarheter på agentnivå. Utmaningen växer ytterligare när organisationer går från AI-assistenter till AI-agenter som kan fatta beslut, använda verktyg, interagera med företagssystem och utföra flerstegsuppgifter med begränsat mänskligt ingripande. – Agentbaserad AI introducerar dynamiskt, icke-deterministiskt beteende och externa interaktioner, vilket bryter mot traditionella styrningsmodeller, säger Dai. – Företag saknar spårbarhet i realtid när det gäller beslut, vilket skapar en obalans mellan ansvarsskyldighet och faktiskt systembeteende. AI-agenter medför nya operativa risker Undersökningen tyder på att dessa styrningsutmaningar redan får operativa konsekvenser. ”Fram till 2027 räknar företagen med att implementera i genomsnitt 1 661 AI-agenter – en ökning med 38 procent jämfört med idag”, står det i rapporten. ”I den takten står teknikchefer inför uppgiften att hantera hundratusentals autonoma beslut dagligen. Och manuell styrning kan inte hålla jämna steg med den matematiken.” De tillfrågade organisationerna rapporterade i genomsnitt 54 incidenter med AI-agenter under det senaste året som krävde mänsklig inblandning eller korrigering. Sjutton procent av dessa incidenter klassificerades som mycket allvarliga. Bland incidenterna med hög allvarlighetsgrad resulterade 37 procent i dataläckage eller säkerhetsöverträdelser, 33 procent orsakade kedjereaktioner av systemfel och 17 procent utlöste efterlevnadsproblem, enligt IBM. Studien visade också att 59 procent av de tillfrågade ser säkerhets- och efterlevnadsproblem som några av de största hindren för att skala upp AI-agenter. Organisationer som integrerar styrning direkt i AI-system rapporterade 25 procent färre AI-relaterade incidenter än de som främst förlitar sig på manuell övervakning. – Det är därför synlighet nu är viktigare än auktoritet, säger Gogia. Teknikledare behöver inte godkänna varje implementering. De behöver veta vad som körs, vad det kan nå och hur man stoppar det. Att bygga in styrning i AI-verksamheten Analytikerna menar att företag kommer att behöva gå bortom styrningsmodeller som är utformade för periodiska granskningar och traditionella mjukvaruimplementeringar. – När AI blir en integrerad del av kärnverksamhetens processer kan styrning inte längre vara en periodisk granskningsövning; det måste bli en operativ förmåga, säger Ranjan. Dai säger att företag också bör prioritera centraliserad observerbarhet, policykontroller, styrd decentralisering och starkare data- och kontextstyrning i takt med att AI-användningen ökar."}, {"published": "2026-06-12 06:30", "relative_age": "1 d", "source": "IDG.se", "category": "tech", "title": "Cio:er hålls ansvariga för AI som de inte har kontroll över", "link": "https://computersweden.se/article/4183967/enligt-en-studie-fran-ibm-halls-it-chefer-ansvariga-for-ai-som-de-inte-har-full-kontroll-over.html", "topic_tag": "ansvariga", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "I takt med att företagen skyndar sig att införa AI inom olika affärsområden hamnar många it-chefer och teknikchefer i en situation där de hålls ansvariga för system som de kanske inte har full kontroll över, vilket skapar en ny utmaning när det gäller styrning för cheferna. En ny undersökning från IBM Institute for Business Value bland 2 000 teknikchefer visar att två tredjedelar av cio:er och cto:er hålls ansvariga för AI-system som de inte har full kontroll över. Undersökningen visade också att 70 procent av de tillfrågade uppgav att tekniken implementeras i verksamheten snabbare än vad it-avdelningen hinner med, medan 77 procent uppgav att införandet av AI redan överstiger styrningskapaciteten. De tillfrågade cheferna förväntar sig att antalet AI-agenter som implementeras inom deras organisationer kommer att öka med 38 procent fram till 2027, men endast 11 procent uppgav att de är fullt förberedda för den omfattning av AI-agentimplementering som de förväntar sig under det kommande året. Enligt IBM rapporterade 80 procent av de tillfrågade också att vd:n har gett i uppdrag att påskynda AI-omvandlingen. ”För cio:er och cto:er är utmaningen nu att skala upp AI-system som fungerar kontinuerligt och autonomt, ofta inom styrningsmodeller och arkitekturer som är utformade för en betydligt långsammare och mer förutsägbar miljö”, säger Matt Lyteson, cio på IBM, i ett uttalande. Ansvarsskyldigheten följer inte kontrollen Resultaten får genklang hos analytiker som säger att det ansvarsgap som IBM lyfter fram blir allt vanligare i takt med att AI-användningen expanderar över olika affärsfunktioner. – AI-kapacitet är nu inbäddad i SaaS, molnet och affärsdrivna projekt, så införandet sker i organisationens ytterkanter medan ansvaret kvarstår på toppen, säger Deepika Giri, analytiker på IDC Asia/Pacific. IDC:s forskning visar att endast cirka 16 procent av organisationerna har en enhetlig AI-styrningsmodell, vilket innebär att cio:n bär risken för system som de inte direkt driver. – Företagen har decentraliserat experimenteringen mycket snabbare än de har decentraliserat ansvaret, säger Sanchit Vir Gogia, chefsanalytiker på Greyhound Research. Kontrollen blir delad i det ögonblick AI berör flera plattformar samtidigt. Ansvaret följer inte med. Enligt analytiker integreras AI i allt högre grad i företagsapplikationer, SaaS-plattformar, molntjänster, utvecklingsverktyg och affärsflöden som ligger utanför traditionella it-styrningsstrukturer. – Införandet av AI är affärsdrivet, integrerat i SaaS, molnplattformar och utvecklingsverktyg, och kringgår den centrala it-avdelningen med växande skugg-AI, säger Charlie Dai, chefsanalytiker på Forrester. – Cio:er behåller ansvaret för risker och kostnader men saknar kontroll på grund av federerade modeller och hyperscaler-ledd abstraktion. Resultatet är att teknikledare ofta förblir ansvariga för risker, efterlevnad och affärsresultat även när kritiska aspekter av implementeringen ligger utanför deras direkta kontroll. Rajesh Ranjan, managing partner på Everest Group, säger att många organisationer nu förväntar sig att cio:er ska leverera AI-drivna affärsresultat, även om framgång ofta beror på omformning av processer, förändringar i personalstyrkan och skift i verksamhetsmodeller som sträcker sig bortom it-avdelningens direkta ansvarsområde. Ranjan säger att införandet av AI går snabbare än företagens förmåga att etablera ramverk för styrning och ansvarsskyldighet, vilket skapar ”en växande klyfta mellan ansvar och kontroll”. Skugg-AI höjer insatserna Analytikerna sa att utmaningen med ansvarsskyldighet blir mer akut i takt med att införandet av AI sprider sig genom verktyg och tjänster som affärsteamen kan komma åt utan betydande it-involvering. – Traditionell skugg-it introducerade ohanterad programvara. Skugg-AI introducerar ohanterat omdöme, säger Gogia. Företag kan nu få tillgång till AI-funktioner genom inbyggd SaaS-funktionalitet, externa verktyg, API:er, copilots och agentramverk med liten inblandning från it, säger analytikerna, vilket utvidgar utmaningen bortom traditionell teknikstyrning. Dai säger att riskerna sträcker sig bortom säkerhet och efterlevnad till att omfatta okontrollerade kostnader, regleringsrisker, snabba injektionsattacker och sårbarheter på agentnivå. Utmaningen växer ytterligare när organisationer går från AI-assistenter till AI-agenter som kan fatta beslut, använda verktyg, interagera med företagssystem och utföra flerstegsuppgifter med begränsat mänskligt ingripande. – Agentbaserad AI introducerar dynamiskt, icke-deterministiskt beteende och externa interaktioner, vilket bryter mot traditionella styrningsmodeller, säger Dai. – Företag saknar spårbarhet i realtid när det gäller beslut, vilket skapar en obalans mellan ansvarsskyldighet och faktiskt systembeteende. AI-agenter medför nya operativa risker Undersökningen tyder på att dessa styrningsutmaningar redan får operativa konsekvenser. ”Fram till 2027 räknar företagen med att implementera i genomsnitt 1 661 AI-agenter – en ökning med 38 procent jämfört med idag”, står det i rapporten. ”I den takten står teknikchefer inför uppgiften att hantera hundratusentals autonoma beslut dagligen. Och manuell styrning kan inte hålla jämna steg med den matematiken.” De tillfrågade organisationerna rapporterade i genomsnitt 54 incidenter med AI-agenter under det senaste året som krävde mänsklig inblandning eller korrigering. Sjutton procent av dessa incidenter klassificerades som mycket allvarliga. Bland incidenterna med hög allvarlighetsgrad resulterade 37 procent i dataläckage eller säkerhetsöverträdelser, 33 procent orsakade kedjereaktioner av systemfel och 17 procent utlöste efterlevnadsproblem, enligt IBM. Studien visade också att 59 procent av de tillfrågade ser säkerhets- och efterlevnadsproblem som några av de största hindren för att skala upp AI-agenter. Organisationer som integrerar styrning direkt i AI-system rapporterade 25 procent färre AI-relaterade incidenter än de som främst förlitar sig på manuell övervakning. – Det är därför synlighet nu är viktigare än auktoritet, säger Gogia. Teknikledare behöver inte godkänna varje implementering. De behöver veta vad som körs, vad det kan nå och hur man stoppar det. Att bygga in styrning i AI-verksamheten Analytikerna menar att företag kommer att behöva gå bortom styrningsmodeller som är utformade för periodiska granskningar och traditionella mjukvaruimplementeringar. – När AI blir en integrerad del av kärnverksamhetens processer kan styrning inte längre vara en periodisk granskningsövning; det måste bli en operativ förmåga, säger Ranjan. Dai säger att företag också bör prioritera centraliserad observerbarhet, policykontroller, styrd decentralisering och starkare data- och kontextstyrning i takt med att AI-användningen ökar."}, {"published": "2026-06-12 02:00", "relative_age": "1 d", "source": "CISA KEV-katalog", "category": "security", "title": "CVE-2026-35273 – Oracle PeopleSoft Enterprise PeopleTools", "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-35273", "topic_tag": "2026", "cves": ["CVE-2026-35273"], "vendor": "", "cvss": null, "risk_level": "medium", "item_type": "cve", "summary": "Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. | Åtgärd: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Deadline: 2026-06-15"}, {"published": "2026-06-11 20:43", "relative_age": "1 d", "source": "Dark Reading", "category": "security", "title": "Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure", "link": "https://www.darkreading.com/vulnerabilities-threats/max-severity-ivanti-sentry-flaw-exploited-24-hours", "topic_tag": "disclosure", "cves": [], "vendor": "Ivanti", "cvss": null, "risk_level": "medium", "item_type": "exploit", "summary": "Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public."}, {"published": "2026-06-09 09:00", "relative_age": "4 d", "source": "Fortinet PSIRT", "category": "security", "title": "Improper access control in API endpoints", "link": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140", "topic_tag": "access", "cves": [], "vendor": "Cisco", "cvss": 3.0, "risk_level": "low", "item_type": "advisory", "summary": "CVSSv3 Score: 6.2 An improper access control vulnerability [CWE-284] in FortiPortal API endpoints may allow a remote privileged attacker with organization user role to obtain sensitive network configuration data via crafted HTTP requests. Revised on 2026-06-09 00:00:00"}, {"published": "2026-06-09 09:00", "relative_age": "4 d", "source": "Fortinet PSIRT", "category": "security", "title": "Second-Order OS Command Injection via JSON Input on start vnc feature", "link": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141", "topic_tag": "command", "cves": [], "vendor": "Cisco", "cvss": 3.0, "risk_level": "low", "item_type": "advisory", "summary": "CVSSv3 Score: 9.1 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. Revised on 2026-06-09 00:00:00"}, {"published": "2026-06-09 02:00", "relative_age": "4 d", "source": "CISA KEV-katalog", "category": "security", "title": "CVE-2026-11645 – Google Chromium V8", "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-11645", "topic_tag": "11645", "cves": ["CVE-2026-11645"], "vendor": "Microsoft", "cvss": null, "risk_level": "medium", "item_type": "cve", "summary": "Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Deadline: 2026-06-23"}, {"published": "2026-06-09 02:00", "relative_age": "4 d", "source": "CISA KEV-katalog", "category": "security", "title": "CVE-2026-20245 – Cisco Catalyst SD-WAN Manager", "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-20245", "topic_tag": "20245", "cves": ["CVE-2026-20245"], "vendor": "Cisco", "cvss": null, "risk_level": "medium", "item_type": "cve", "summary": "Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Deadline: 2026-06-23"}, {"published": "2026-06-08 02:00", "relative_age": "5 d", "source": "CISA KEV-katalog", "category": "security", "title": "CVE-2026-50751 – Check Point Security Gateway", "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-50751", "topic_tag": "2026", "cves": ["CVE-2026-50751"], "vendor": "", "cvss": null, "risk_level": "medium", "item_type": "cve", "summary": "Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Deadline: 2026-06-11"}, {"published": "2026-06-03 18:00", "relative_age": "10 d", "source": "Cisco PSIRT", "category": "security", "title": "Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Manager%20Server-Side%20Request%20Forgery%20Vulnerability%26vs_k=1", "topic_tag": "cisco", "cves": ["CVE-2026-20230"], "vendor": "Cisco", "cvss": null, "risk_level": "low", "item_type": "cve", "summary": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Security Impact Rating: Critical CVE: CVE-2026-20230"}, {"published": "2026-06-03 18:00", "relative_age": "10 d", "source": "Cisco PSIRT", "category": "security", "title": "Cisco Finesse Remote File Inclusion Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Finesse%20Remote%20File%20Inclusion%20Vulnerability%26vs_k=1", "topic_tag": "cisco", "cves": ["CVE-2026-20175"], "vendor": "Cisco", "cvss": null, "risk_level": "low", "item_type": "cve", "summary": "A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89 Security Impact Rating: Medium CVE: CVE-2026-20175"}, {"published": "2026-06-03 02:00", "relative_age": "10 d", "source": "CISA KEV-katalog", "category": "security", "title": "CVE-2026-45247 – Mirasvit Mirasvit Full Page Cache Warmer", "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-45247", "topic_tag": "2026", "cves": ["CVE-2026-45247"], "vendor": "", "cvss": null, "risk_level": "medium", "item_type": "cve", "summary": "Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Deadline: 2026-06-06"}, {"published": "2026-05-28 14:17", "relative_age": "16 d", "source": "WHO News", "category": "health_fitness", "title": "Message by the WHO Director-General to the people of the Democratic Republic of the Congo", "link": "https://www.who.int/news/item/28-05-2026-message-by-the-who-director-general-to-the-people-of-the-democratic-republic-of-the-congo", "topic_tag": "congo", "cves": [], "vendor": "", "cvss": null, "risk_level": "low", "item_type": "misc", "summary": "To the people of DRC, especially to the people of Ituri Jambo kwenu wakahaji wa Ituri Mbote na bino, bato ya Ituri My name is Tedros, and I am the Director-General of the World Health Organization (WHO). But today, I am not writing to you as an official. I am writing to you as someone who knows your region, who has walked your streets, and who cares deeply about what happens to you and your families. I am writing because I want to be with you in these moments. And I want you to know that you are not alone. Ebola is not new to me personally. From 2018 to 2020, I came fourteen times to North Kivu, the epicentre of the outbreak at that time. Fourteen visits to Beni, Butembo, Katwa, Goma, and many other communities. During that outbreak, Ebola spread across North Kivu, South Kivu, and reached parts of Ituri as well. I was alongside families who had lost their loved ones. I met health workers risking their lives every day. I met community leaders, traditional healers, religious leaders and business leaders who refused to abandon their people. I saw men and women show extraordinary courage in the most difficult of circumstances. The people there, who saw me coming back again and again, wanted to give me a name that belonged to their community. They asked me whether I was the first, second, or third child of my parents. When I told them I was the firstborn, they gave me the name Dr Paluku. I carry that name with pride. It is not just a name. It is a bond. It is a reminder that this work is not about titles or institutions. It is about people. It is about you. That outbreak was one of the most complex in history. It did not unfold in a stable, peaceful environment. It happened in the middle of armed conflict, with communities displaced, supply routes disrupted, and health workers operating under constant threat. People were fleeing violence while also trying to protect themselves and their families from a deadly disease. I remember being in Beni on more than one occasion while fighting was taking place on the outskirts of the city. We could hear it. And yet the health workers around me did not stop. They kept working. That kind of courage is something I will never forget. The challenges of that time are not so different from what you are facing today in Ituri. I understand that. I have seen it with my own eyes. Mistrust ran deep, and the security situation cost us precious time. Our health workers were attacked. Clinics were targeted. People who were only trying to save lives found themselves caught in the middle of a conflict they did not start. Lives were lost that we might have saved, and that weighs on me still. But I also witnessed something remarkable. When we listened, when communities felt respected and heard, things began to change. Trust grew slowly, then more quickly. People came forward. And together, we managed to contain the outbreak. We did it. The people of DRC did it. I will never forget that. Ebola is now back. This time, the outbreak is hitting Ituri province the hardest. More than 90% of all cases have been reported in Ituri province, with a small number of cases also reported in North Kivu and South Kivu. I know how frightening that is, and I know that the people of Ituri are bearing a burden that is not easy to carry. I know that many of you are exhausted. You are already carrying so much: malaria, hunger, insecurity, and the daily struggle to keep your families safe. And now Ebola. It is not fair, and I will not pretend otherwise. But I also want to say something else about Ituri, because this province deserves to be seen for more than its hardships. Ituri is a place of remarkable energy. It is a province of vibrant commerce, of entrepreneurial spirit, of communities that have refused to be defined by the conflicts around them. The markets of Bunia buzz with life. Traders, farmers, teachers, and young people building their futures against all odds. That spirit, that refusal to give up, is exactly what we need now. It is the foundation on which we will build our response. We do not come to Ituri with only medicine and expertise. We come to join a community that already knows how to fight for its survival. I want to say a special word to the young people of Ituri. You are growing up in circumstances that no young person should have to face. And yet what I see, again and again, is not despair but determination. You are the future of this province and this country. In this outbreak, you have a vital role to play. Talk to your friends and your families. Share what you know about Ebola. Help break the fear and the silence that allow this virus to spread. Your voice carries further than you know, and we need it now more than ever. And to the health workers of Ituri, I want to say this: you are seen, and you are not alone. Every day you go to work knowing the risks, and you go anyway. You do it for your patients, for your communities, for your families. You are the backbone of this response. Without you, none of this is possible. I know the conditions are hard. I know the resources are often not enough. I know that fear and exhaustion are real. Please know that WHO stands with you, that we are working to get you the support you need, and that your courage and dedication are known and deeply valued far beyond the borders of this province. I also know that the security situation in parts of this region remains very difficult. Conflict and displacement make everything harder, including reaching people who need care and keeping health workers safe. I want to be honest: this is one of our greatest challenges. We cannot do this work if those who are trying to help are prevented from doing so or put in danger. We are working closely with all relevant partners to ensure that the response can reach every community that needs it, and that no one is left behind because of where they live or what is happening around them. That is why today I am making a direct appeal to all warring parties in this region: please, declare a ceasefire. Even briefly. Even just enough to let health workers through. People are dying from Ebola who do not have to die. Children are sick. Families are suffering. No cause, no conflict, no grievance is worth condemning innocent people to death from a preventable disease. A ceasefire, even a temporary one, would save lives. I urge you, I implore you: give us the space to help the people who need it most. I also know that there is anger and mistrust in some communities, and I understand why. Trust must be earned, it cannot be assumed. We have not always done things correctly. But I promise you, we are here to learn as much as we are here to help. I need to be honest with you about something important. Most previous Ebola outbreaks in DRC were caused by a virus called Ebola Zaire, for which we have vaccines and treatments. This outbreak is caused by a different virus called Ebola Bundibugyo. There are currently no approved vaccines or treatments for it. This is serious, and you deserve to hear that plainly. But I also want you to know this: while there are no specific treatments for Bundibugyo, there is much we can do together to prevent the spread of this virus and save lives. Early supportive care in our treatment centers can make a real difference. If you or someone you know falls ill, please do not wait. Coming forward early can make the difference between life and death. And everything we do, we will do with you. We will listen to you, we will share information with you, and we are here to help. And for those we cannot save, we will mourn with you. We will help you grieve your lost loved ones with safe and dignified burials. We are working under the leadership of the Government of DRC, together with all relevant partners, united around one goal: to stop this outbreak and protect your communities. No one is working alone. No one is working at cross purposes. We are coordinated, we are committed, and we are here. That is why I am coming to Bunia. I will be there in person, alongside my colleagues, meeting your leaders, listening to your concerns, and doing everything in my power to help you. I will not be managing this from a comfortable office far away. This is the 17th Ebola outbreak in DRC. Together, you have overcome every single one before. That is not a small thing. That is a testament to the strength and resilience of your communities. I have seen that strength with my own eyes. My brothers and sisters of Ituri, I want you to know that the world is watching your courage. You are not forgotten. Together, we will overcome this outbreak, as you have overcome every challenge before. Your resilience is the light that guides us all. We will get through this one too. Not because of anyone, but because of you. Our teams are already on the ground, and they will stay for as long as necessary. And when this outbreak is over, we will not quietly disappear. We will not forget you. We will stay, and we will keep working with you to build health systems that protect every person in every community. I look forward to seeing you in Bunia soon. Until then, please know that you are in my thoughts. With respect and solidarity, Paluku Tedros Tedros Adhanom Ghebreyesus Director-General, World Health Organization"}, {"published": "2026-05-28 00:13", "relative_age": "16 d", "source": "Cisco PSIRT", "category": "security", "title": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Controller%20Authentication%20Bypass%20Vulnerability%26vs_k=1", "topic_tag": "authentication", "cves": ["CVE-2026-20182"], "vendor": "Cisco", "cvss": null, "risk_level": "low", "item_type": "cve", "summary": "May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The Indicators of Compromise section of this advisory includes Show Control Connections guidance to help with system checks. A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Important: To preserve possible indicators of compromise, customers should issue the request admin-tech command from each of the control components in the SD-WAN deployment before upgrading. After the admin-tech file has been collected, software should be upgraded at the earliest opportunity. Before upgrading an SD-WAN deployment to a fixed release, retain relevant logs. After upgrading, verify that the system has not been compromised by checking the logs for the indicators of compromise as documented in this advisory. If the logs show indicators of compromise and the system is confirmed to be compromised, applying the software update alone will not resolve the vulnerability. In such cases, follow the specific remediation steps that are provided by the Cisco Technical Assistance Center (TAC) to help secure the system. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW Security Impact Rating: Critical CVE: CVE-2026-20182"}, {"published": "2026-05-20 18:00", "relative_age": "24 d", "source": "Cisco PSIRT", "category": "security", "title": "Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol Denial of Service Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Nexus%203000%20and%209000%20Series%20Switches%20Border%20Gateway%20Protocol%20Denial%20of%20Service%20Vulnerability%26vs_k=1", "topic_tag": "3000", "cves": ["CVE-2026-20171"], "vendor": "Cisco", "cvss": null, "risk_level": "low", "item_type": "cve", "summary": "A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect parsing of a transitive BGP attribute. An attacker could exploit this vulnerability by sending a crafted BGP update through an established BGP peer session. If the update propagates to an affected device, it could cause the device to drop the BGP session and flap with the BGP peer that is forwarding this update, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx Security Impact Rating: Medium CVE: CVE-2026-20171"}, {"published": "2026-05-20 18:00", "relative_age": "24 d", "source": "Cisco PSIRT", "category": "security", "title": "Cisco Secure Workload Unauthorized API Access Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Secure%20Workload%20Unauthorized%20API%20Access%20Vulnerability%26vs_k=1", "topic_tag": "access", "cves": ["CVE-2026-20223"], "vendor": "Cisco", "cvss": null, "risk_level": "low", "item_type": "cve", "summary": "A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy Security Impact Rating: Critical CVE: CVE-2026-20223"}, {"published": "2026-05-20 18:00", "relative_age": "24 d", "source": "Cisco PSIRT", "category": "security", "title": "Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20ThousandEyes%20Virtual%20Appliance%20Authenticated%20Remote%20Code%20Execution%20Vulnerability%26vs_k=1", "topic_tag": "appliance", "cves": ["CVE-2026-20199"], "vendor": "Cisco", "cvss": null, "risk_level": "low", "item_type": "cve", "summary": "A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An authenticated attacker could exploit this vulnerability by uploading a crafted certificate to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5 Security Impact Rating: Medium CVE: CVE-2026-20199"}, {"published": "2026-05-20 18:00", "relative_age": "24 d", "source": "Cisco PSIRT", "category": "security", "title": "Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tebbot-cmdinj-wN3yQ5gn?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20ThousandEyes%20Enterprise%20Agent%20BrowserBot%20Command%20Injection%20Vulnerability%26vs_k=1", "topic_tag": "agent", "cves": ["CVE-2026-20206"], "vendor": "Cisco", "cvss": null, "risk_level": "medium", "item_type": "cve", "summary": "A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed. This vulnerability was due to insufficient input validation of command arguments that are supplied by the user. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by authenticating to the ThousandEyes SaaS and submitting crafted input into the affected parameter. A successful exploit could have allowed the attacker to execute arbitrary commands within the BrowserBot container as the node user. To exploit this vulnerability, the attacker must have valid user credentials for the ThousandEyes SaaS and the ability to manage transaction tests. As mentioned, Cisco has addressed this vulnerability in the ThousandEyes service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tebbot-cmdinj-wN3yQ5gn Security Impact Rating: Medium CVE: CVE-2026-20206"}, {"published": "2026-05-19 19:49", "relative_age": "24 d", "source": "Cisco PSIRT", "category": "security", "title": "Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense", "link": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Continued%20Evolution%20of%20Persistence%20Mechanism%20Against%20Cisco%20Secure%20Firewall%20Adaptive%20Security%20Appliance%20and%20Secure%20Firewall%20Threat%20Defense%26vs_k=1", "topic_tag": "adaptive", "cves": ["CVE-2025-20333", "CVE-2025-20362"], "vendor": "Cisco", "cvss": null, "risk_level": "low", "item_type": "cve", "summary": "On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) products. According to the update, the ArcaneDoor threat actor has developed a previously unknown persistence mechanism that is preserved across upgrading to the fixed releases that were published in September 2025. This persistence mechanism resides in the Cisco Firepower eXtensible Operating System (FXOS) Software base operating system for Cisco Secure Firewall ASA Software and Cisco Secure FTD Software installations on the affected hardware platforms. Note: According to the intelligence Cisco PSIRT has received to date, the initial compromise, begins with the attacker exploiting the following vulnerabilities before customers upgraded to the fixed releases that were made available in September 2025: CVE-2025-20333: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability CVE-2025-20362: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability For more information about the fixed releases that were made available in September 2025, see Cisco Event Response: Continued Attacks Against Cisco Firewalls. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 Security Impact Rating: Informational"}, {"published": "2026-05-12 09:00", "relative_age": "32 d", "source": "Fortinet PSIRT", "category": "security", "title": "Arbitrary log file read in administrative interface", "link": "https://fortiguard.fortinet.com/psirt/FG-IR-26-138", "topic_tag": "administrative", "cves": [], "vendor": "Cisco", "cvss": 3.0, "risk_level": "low", "item_type": "advisory", "summary": "CVSSv3 Score: 4.0 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests. Revised on 2026-05-12 00:00:00"}, {"published": "2026-05-12 09:00", "relative_age": "32 d", "source": "Fortinet PSIRT", "category": "security", "title": "Command injection in CLI", "link": "https://fortiguard.fortinet.com/psirt/FG-IR-26-131", "topic_tag": "command", "cves": [], "vendor": "Cisco", "cvss": 3.0, "risk_level": "low", "item_type": "advisory", "summary": "CVSSv3 Score: 6.1 An improper neutralization of special elements used in an OS command (\"OS Command Injection\") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. Revised on 2026-05-12 00:00:00"}, {"published": "2025-10-14 09:00", "relative_age": "242 d", "source": "Fortinet PSIRT", "category": "security", "title": "Insertion of Sensitive 2FA Information in logs and debug command", "link": "https://fortiguard.fortinet.com/psirt/FG-IR-24-452", "topic_tag": "command", "cves": [], "vendor": "Cisco", "cvss": 3.0, "risk_level": "low", "item_type": "advisory", "summary": "CVSSv3 Score: 2.6 An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command. Revised on 2026-06-08 00:00:00"}]