Advisories
"FortiBleed" Data Disclosure
A cyber espionage campaign dubbed “FortiBleed” has been uncovered by security researchers purportedly involving the compromise of over 73,000 Fortinet devices. The recovered dataset indicates that the attacker’s operation targeted FortiGate devices and related SSL VPN gateways.
Jun 17, 2026 - 3 Min Read
Critical Authentication Bypass in SimpleHelp (CVE-2026-48558)
A critical SimpleHelp RMM remote authentication bypass was released June 12th which allows attackers to create privileged Technician accounts and grant control of SimpleHelp instance
Jun 16, 2026 - 3 Min Read
Critical Vulnerability in Content Editor Extension for Joomla (CVE-2026-48907)
An Remote Code Execution vulnerability was published that affects a well-known and widely used Joomla Extension "Joomla Content Editor" that is being exploited in the wild.
Jun 16, 2026 - 3 Min Read
Critical Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Under Active Exploitation (CVE-2026-35273)
On June 10th Oracle released a security advisory impacting the Environment Management component within Oracle’s PeopleSoft application. The vulnerability, now publicly tracked as CVE-2026-35273, has been reportedly actively exploited as early as May 27th 2026.
Jun 11, 2026 - 3 Min Read
Critical Vulnerabilities in Ivanti Sentry & EPMM (CVE-2026-6973, CVE-2026-10727, CVE-2026-10520, CVE-2026-10523)
Ivanti published two advisories covering 4 CVEs across their Endpoint Manager Mobile (EPMM) and Ivanti Sentry products that range from authentication bypass to remote code execution.
Jun 10, 2026 - 3 Min Read
Check Point VPN Authentication Bypass Under Active Exploitation (CVE-2026-50751 CVE-2026-50752)
On June 8th 2026, Check Point Research identified two CVEs (CVE-2026-50751, CVE-2026-50752) which can be abused to bypass Checkpoint VPN Authentication services, allowing threat actors to access network devices and traffic behind the VPN. These vulnerabilities were found under active exploitation in the wild by attackers that Check Point research attributed with medium confidence to be Qilin ransomware affiliates.
Jun 8, 2026 - 3 Min Read
Critical Vulnerability Disclosed in Drupal Core (CVE-2026-9082)
Update May 20th, 2026: Drupal recently updated their security advisory with additional technical details and an official CVE to reference a critical vulnerability in Drupal Core. Tracked as CVE-2026-9082, the flaw is due to an SQL injection vulnerability that can be reached through Drupal Core’s database extraction API and only affects deployments using PostgreSQL databases.
May 20, 2026 - 4 Min Read
Critical Vulnerability in Cisco Catalyst SD-WAN Controller Under Active Exploitation (CVE-2026-20182, CVE-2026-20245)
Updated 06/05/2026 to include additional CVEs disclosed by Cisco affecting the same product line. On May 14th, Cisco published an advisory detailing a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN controller infrastructure. The vulnerability, tracked as CVE-2026-20182, is a peering authentication bypass between SD-WAN infrastructure components and is similar to a vulnerability discovered 3 months prior. Active exploitation has been confirmed in the wild, and CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Line the vulnerability reported in late February, this flaw allows an unauthenticated attacker the ability to bypass authentication and create a rogue peer to a victim’s SD-WAN controller. Through creating a rogue peer, an attacker can advance to gain high privileged access into the ecosystem and manipulate configurations via NETCONF.
May 14, 2026 - 5 Min Read
Critical 18-Year-Old RCE Vulnerability in NGINX aka “NGINX Rift” (CVE-2026-42945, CVE-2026-9256)
05/26/26 Update: On May 22nd, F5 published another advisory for an additional but different vulnerability found in the same ‘ngx_http_rewrite_module’ system. The new vulnerability (tracked as CVE-2026-9256) can allow an unauthenticated attacker to corrupt system memory and potentially achieve RCE. Discovery of the bug was credited to various research groups, and there were no reports of active exploitation in the wild at time of writing. On May 13th, 2026, F5 released an advisory regarding a flaw that under specific non-default conditions, could allow unauthenticated remote code execution (RCE) in NGINX Open Source and NGINX Plus. Tracked as CVE-2026-42945 and nicknamed “NGINX Rift”, the vulnerability stems from a heap buffer overflow in the ‘ngx_http_rewrite_module’ that has been present in the codebase since 2008.
May 14, 2026 - 5 Min Read
Critical Auth Bypass Vulnerability in FortiAuthenticator (CVE-2026-44277)
On May 12th, Fortinet publicly released a critical vulnerability affecting Fortinet FortiAuthenticator which handles Identity and Access Management (IAM) within some Fortinet architectures. The flaw is tracked as CVE-2026-44277 and classified as an improper access control vulnerability allowing unauthenticated attackers the ability to execute unauthorized code remotely.
May 12, 2026 - 2 Min Read