Security & Lifecycle News

CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS (Severity: MEDIUM)

CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: LOW)

PAN-SA-2026-0009 Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION (Severity: INFORMATIONAL)

CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing (Severity: MEDIUM)

CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability (Severity: MEDIUM)

CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux (Severity: MEDIUM)

CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration (Severity: HIGH)

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclos…

Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, acco…

China-linked JDY botnet expands targeting of U.S. military networks

The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [..…

CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports …

Vercel escapes contempt rap after admitting it botched FBI warrant response

Files sought by feds were sitting in a deletion queue, not gone for good

D2DO304: Observability in the Age of AI

As AI matures, it becomes increasingly important to know how it’s performing and what it actually costs. Ned and Kyler are joined by Anuj Tyagi, Senior Site Reliability Engineer fo…

Residential proxies are hiding in plain sight inside enterprise networks

Residential proxy services route internet traffic through consumer devices to make connections appear to originate from real home IP addresses. Security researchers have tracked th…

The 5 Best Practices for Secure Identity Verification

Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for st…

Linux Lite 8.0 sheds Chrome, slims down, and finds its name fits better than ever

Firefox is in, Snap and Flatpak are still out, but a default AI helper may raise eyebrows

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive…

Infostealers Turn Millions of Devices Into Credential Theft Machines

As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations. The post Infos…

Cyera Raises $600 Million at $12 Billion Valuation

Cyera is positioned as one of the most valuable privately held cybersecurity firms in the world with total funding topping $2 billion. The post Cyera Raises $600 Million at $12 Bil…

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targe…

Brit workers waste nearly six hours a week 'botsitting'

Productivity gains lost as staff spoon-feed AI and correct its cock-ups

GitHub pulls pin on npm's auto-run scripts

Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors

Aryon Security Raises $29 Million in Series A Funding

In the post-Mythos era, the company’s platform helps organizations enforce security controls across environments. The post Aryon Security Raises $29 Million in Series A Funding app…

OpenAI weighs Nvidia-backed lease for 10 GW Ohio data center campus

OpenAI is reportedly in advanced talks to lease a proposed 10-gigawatt data center campus in southern Ohio in an arrangement that could include financial backing from Nvidia. Th…

Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers

Claroty researchers have analyzed the security of Vertiv UPS network cards and the Trane Tracer SC+ HVAC controller. The post Critical HVAC and UPS Vulnerabilities Could Let Hacker…

CISO Forum Webinar Today: 2026 Mid-Year Review

Learn more about protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks. The post CISO Forum Webinar …

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. The post New Windows Zero-Day Exploit ‘RoguePlanet’ Released appeared …

NASA names crew for Artemis III lunar lander rehearsal

Whether any of the spacecraft will be ready in time for H2 2027 remains unanswered

Microsoft: Some Windows PCs fail to install latest monthly updates

Microsoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. [...]