Cisco SD WAN Zero Day Is Being Exploited to Gain Root Access
Cisco warned that attackers are actively exploiting CVE-2026-20245 in Catalyst SD WAN Manager. The flaw is currently unpatched and allows low privileged attackers to escalate to root, which makes it especially dangerous in environments where the platform manages broad network connectivity and policy.
Source: BleepingComputer
ShinyHunters Is Exploiting an Oracle PeopleSoft Zero Day Against Education Targets
Mandiant and Google linked an active compromise and extortion campaign to exploitation of CVE-2026-35273 in Oracle PeopleSoft Environment Management. The activity hit education sector infrastructure before Oracle published its advisory, which makes this a true zero day case with immediate operational relevance.
Source: Google Threat Intelligence
LiteLLM Flaw Has Been Added to KEV After Real World Exploitation
CISA added CVE-2026-42271 in LiteLLM to the KEV catalog after evidence of active exploitation. The issue is a command injection flaw that can be chained into unauthenticated remote code execution in exposed deployments, making it especially important for organizations running self hosted AI gateways.
Source: The Hacker News
Check Point Warns of Active Exploitation of VPN Authentication Bypass
Check Point said CVE-2026-50751 is being actively exploited against Remote Access VPN and Mobile Access deployments that still use the deprecated IKEv1 protocol. By abusing certificate validation logic, an attacker can establish a VPN session without a valid password and bypass normal authentication controls.
Source: Check Point
Everest Forms Vulnerability Has Been Used for Months to Take Over WordPress Sites
Defenders say CVE-2026-3300 in Everest Forms Pro has been exploited in the wild for months for full site takeover. The flaw lets unauthenticated attackers inject PHP code through form fields, which turns a popular plugin on more than 100,000 sites into a direct execution path.
Source: SecurityWeek
GitHub Disabled Microsoft Repositories After Miasma Supply Chain Activity
GitHub removed 73 repositories across Microsoft linked organizations after discovering they contained potentially malicious content tied to the Miasma and Shai Hulud campaign. The incident shows that supply chain abuse is now reaching official repositories tied to major vendors, not only small open source projects.
Source: BleepingComputer
Shai Hulud Miasma Has Expanded Into a New PyPI Wave
Socket identified a coordinated PyPI compromise involving 19 packages and 37 malicious wheel artifacts tied to the Shai Hulud and Miasma cluster. The packages used automatic startup execution, downloaded the Bun runtime, and launched heavily obfuscated JavaScript stealers, showing how the campaign now crosses ecosystems and runtimes with ease.
Source: Socket
VS Code Zero Day Can Steal GitHub Tokens with One Click
Researchers released proof of concept code for a VS Code zero day that can steal GitHub authentication tokens if a user clicks a crafted link. The flaw abuses VS Code webview message handling and can lead to malicious extension installation and token theft through a trusted developer workflow.
Source: BleepingComputer
phpBB Fixed a Critical Authentication Bypass That Can Lead to Full Server Compromise
Researchers disclosed a critical phpBB flaw that can be exploited in the default configuration for authentication bypass and can then lead to remote code execution. Because phpBB remains widely deployed across public forums, the issue stands out as a high impact internet facing risk rather than a niche application bug.
Source: Aikido
OpenSSL Patched a High Severity Vulnerability Found with AI Assistance
OpenSSL fixed CVE-2026-45447, a high severity use after free condition reachable during PKCS#7 or S/MIME signature verification. The issue is notable both because of its remote code execution potential in affected applications and because researchers said AI helped uncover it.
Source: SecurityWeek
Dashlane Says Attackers Copied Encrypted Password Vaults from Some Accounts
Dashlane disclosed that a brute force campaign let an attacker access some customer accounts and copy encrypted vaults. The company said it found no evidence of compromise of its internal systems, but the incident still matters because password managers concentrate highly sensitive data in one place.
Source: Help Net Security
UN World Food Programme Breach Exposed Data from 600,000 Gaza Households
The World Food Programme said its Palestine registration application was breached and beneficiary data from across Gaza was exposed. The affected information included names, ID numbers, phone numbers, and neighborhood level location details, making this one of the most sensitive humanitarian sector breaches in this set.
Source: BleepingComputer
Silent Ransom Group Continues Targeted Social Engineering Against US Law Firms
Mandiant said the group it tracks as UNC3753, also known as Luna Moth and Silent Ransom Group, targeted dozens of legal and professional services organizations between January and May 2026. The actors rely on voice phishing, fake IT support pretexts, and remote management tools to gain access and steal data for extortion.
Source: Google Threat Intelligence
HTTP/2 Bomb Can Crash Major Web Servers from a Single Machine
Researchers disclosed a new denial of service technique called HTTP/2 Bomb that can take down servers in seconds by combining compression amplification with resource retention abuse. The method affects default HTTP/2 configurations in major platforms including NGINX, Apache, Microsoft IIS, Envoy, and Cloudflare Pingora.
Source: BleepingComputer
WhatsApp Says NSO Tried Another Spyware Operation Despite Court Restrictions
WhatsApp said it detected and disrupted a spear phishing attempt linked to NSO Group even though the spyware firm is already under a court order barring it from targeting WhatsApp users. The case keeps NSO in focus and reinforces that commercial spyware activity remains an active threat even after legal action and prior exposure.
Source: SecurityWeek
AresISEC d.o.o. · Zagreb, Croatia · OIB: 49411602130 · info@aresisec.hr
Privacy Policy | Terms of Service | Responsible Disclosure
© 2026 AresISEC