Security Highlights Of The Week [07/26-2]
- AresISEC Security Team
- July 13, 2026
Januscape Opens a New VM Escape Path on Both Intel and AMDResearchers disclosed Januscape, a Linux KVM vulnerability that allows guest-to-host escape on both Intel and AMD systems. Because it affects the shadow MMU path in KVM and was reportedly used as a zero-day in Google’s kvmCTF program, it...
Security Highlights Of The Week [07/26-1]
- AresISEC Security Team
- July 6, 2026
Cisco Confirms Active Exploitation of Unified CM FlawCisco confirmed that attackers are now exploiting CVE-2026-20230 in Unified Communications Manager. The bug is an unauthenticated SSRF issue that can be triggered remotely with crafted HTTP requests, putting core enterprise telephony infrastructure at risk.Source: BleepingComputer FortiBleed Credential Theft Now Linked to...
Security Highlights Of The Week [06/26-4]]
- AresISEC Security Team
- June 30, 2026
Ubiquiti Critical Vulnerabilities Are Now Being Exploited in AttacksCISA warned that threat actors are actively targeting three critical UniFi OS flaws, all rated 10.0. The bugs allow unauthorized changes, file access, and deeper system manipulation on exposed devices, making this one of the most urgent edge infrastructure stories of...
Security Highlights Of The Week [06/26-3]
- AresISEC Security Team
- June 23, 2026
Megalodon Supply Chain Attack Compromised More Than 5,000 GitHub RepositoriesMegalodon was one of the most significant developer ecosystem incidents in this batch, with attackers pushing thousands of commits across more than 5,000 public GitHub repositories in only a few hours. The campaign targeted GitHub Actions workflows and aimed to...
Security Highlights Of The Week [06/26-2]
- AresISEC Security Team
- June 15, 2026
Cisco SD WAN Zero Day Is Being Exploited to Gain Root AccessCisco warned that attackers are actively exploiting CVE-2026-20245 in Catalyst SD WAN Manager. The flaw is currently unpatched and allows low privileged attackers to escalate to root, which makes it especially dangerous in environments where the platform manages...
Security Highlights Of The Week [06/26-1]
- AresISEC Security Team
- June 8, 2026
Megalodon Supply Chain Attack Compromised More Than 5,000 GitHub RepositoriesMegalodon was one of the most significant developer ecosystem incidents in this batch, with attackers pushing thousands of commits across more than 5,000 public GitHub repositories in only a few hours. The campaign targeted GitHub Actions workflows and aimed to...
Security Highlights Of The Week [05/26-4]
- AresISEC Security Team
- June 1, 2026
Megalodon Supply Chain Attack Compromised More Than 5,000 GitHub RepositoriesMegalodon was one of the most significant developer ecosystem incidents in this batch, with attackers pushing thousands of commits across more than 5,000 public GitHub repositories in only a few hours. The campaign targeted GitHub Actions workflows and aimed to...
Security Highlights Of The Week [05/26-3]
- AresISEC Security Team
- May 25, 2026
PAN-OS Zero Day Under Active Exploitation Grants Root Access on FirewallsPalo Alto Networks confirmed active exploitation of CVE-2026-0300 in the PAN-OS Captive Portal. The flaw allows unauthenticated remote code execution with root privileges on exposed firewalls, making it one of the most urgent perimeter risks in this cycle.Source: Palo...
Security Highlights Of The Week [05/26-2]
- AresISEC Security Team
- May 15, 2026
PAN-OS Zero-Day Under Active Exploitation Grants Root Access on FirewallsPalo Alto Networks says CVE-2026-0300 in the PAN-OS Captive Portal is being actively exploited and allows unauthenticated remote code execution with root privileges. Because it affects internet-facing firewalls, it is one of the most urgent issues in this week’s set.Source:...
Security Highlights Of The Week [05/26-1]
- AresISEC Security Team
- May 4, 2026
PAN-OS Zero-Day Under Active Exploitation Grants Root Access on FirewallsPalo Alto Networks warned that CVE-2026-0300 in the PAN-OS Captive Portal is being actively exploited and allows unauthenticated remote code execution with root privileges. Because the bug affects internet exposed firewalls, it stands out as one of the highest priority...
Security Highlights Of The Week [04/26-4]
- AresISEC Security Team
- April 30, 2026
Critical cPanel and WHM Auth Bypass Requires Emergency Manual UpdateA critical cPanel and WHM flaw tracked as CVE-2026-41940 can allow attackers to access the control panel without authentication. The fix requires administrators to manually retrieve the patched build, which makes exposed hosting environments an immediate priority.Source: BleepingComputer Microsoft Confirms...
Security Highlights Of The Week [04/26-3]
- AresISEC Security Team
- April 24, 2026
Vercel Finds More Compromised Accounts in Context.ai Linked BreachVercel said its investigation uncovered an additional set of affected customer accounts after expanding the indicators of compromise and reviewing environment variable access logs. The incident stemmed from a compromise tied to Context.ai and shows how third party identity and OAuth...