Critical vulnerabilities have been found in two Joomla plugins, leading to maximum severity CVE-2026-56290 and CVE-2026-48908, both already added to CISA's KEV catalog.
Jul 8, 2026 - 5 Min Read
Two pre-authentication flaws CVE-2026-40138 and CVE-2026-40139 disclosed in BeyondTrust Remote Support and Privileged Remote Access let attackers bypass authentication and reach the appliance, including privileged accounts, when a specific authentication configuration is enabled.
Jul 7, 2026 - 2 Min Read
On June 30th, 2026, Citrix disclosed a high-severity vulnerability in its NetScaler ADC and NetScaler Gateway products. Tracked as CVE-2026-8451, the flaw lets an unauthenticated, remote attacker leak fragments of appliance memory from a NetScaler configured as a SAML identity provider, placing it in the same class of memory disclosure flaws collectively known as "CitrixBleed."
Jun 30, 2026 - 3 Min Read
Three CVEs released for Ubiquiti's UniFi OS allow attackers unauthenticated remote root level access
Jun 24, 2026 - 4 Min Read
A compromise of Klue's market intelligence platform resulted in an attacker accessing multiple Salesforce instances, affecting multiple downstream clients.
Jun 22, 2026 - 4 Min Read
A cyber espionage campaign dubbed “FortiBleed” has been uncovered by security researchers purportedly involving the compromise of over 73,000 Fortinet devices. The recovered dataset indicates that the attacker’s operation targeted FortiGate devices and related SSL VPN gateways.
Jun 17, 2026 - 3 Min Read
An Remote Code Execution vulnerability was published that affects a well-known and widely used Joomla Extension "Joomla Content Editor" that is being exploited in the wild.
Jun 16, 2026 - 3 Min Read
A critical SimpleHelp RMM remote authentication bypass was released June 12th which allows attackers to create privileged Technician accounts and grant control of SimpleHelp instance
Jun 16, 2026 - 4 Min Read
On June 10th Oracle released a security advisory impacting the Environment Management component within Oracle’s PeopleSoft application. The vulnerability, now publicly tracked as CVE-2026-35273, has been reportedly actively exploited as early as May 27th 2026.
Jun 11, 2026 - 3 Min Read
Ivanti published two advisories covering 4 CVEs across their Endpoint Manager Mobile (EPMM) and Ivanti Sentry products that range from authentication bypass to remote code execution.
Jun 10, 2026 - 3 Min Read