Security & IT News

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-08.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device. /strong /p p The following versions of XCharge C6 are affected: /p ul li C6 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td XCharge /td td XCharge C6 /td td Download of Code Without Integrity Check, Stack-based Buffer Overflow, Initialization of a Resource with an Insecure Default /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-9037 /a /h3 div class="csaf-accordion-content" p A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device, /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-9037" View CVE Details /a /p hr h4 Affected Products /h4 h5 XCharge C6 /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br XCharge /div div class="ics-version" strong Product Version: /strong br XCharge C6: lt;May_22_2026 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br XCharge has confirmed that the update has been deployed for all affected chargers. Users with questions can reach out to XCharge Support for further details if needed. https://www.xcharge.com/contact br a href="https://www.xcharge.com/contact" https://www.xcharge.com/contact /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/494.html" CWE-494 Download of Code Without Integrity Check /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th r

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-05.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or administrator who accesses the affected interface. This could lead to compromise of user sessions, execution of unauthorized actions with the victim's privileges, exposure or manipulation of sensitive data, and degradation of overall system integrity. /strong /p p The following versions of CP Plus 8 Ch. Network Video Recorder are affected: /p ul li CP-UNR-108F1 Hardware V1.0 /li li CP-UNR-108F1 Web V3.2.7.128806 nbsp; /li li CP-UNR-108F1 System V4.001.00AT009.0.R nbsp; /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.4 /td td CP Plus /td td CP Plus 8 Ch. Network Video Recorder /td td Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Critical Manufacturing, Emergency Services /li li strong Countries/Areas Deployed: /strong India, Nepal, United Arab Emirates, Gambia /li li strong Company Headquarters Location: /strong India /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-6824 /a /h3 div class="csaf-accordion-content" p A stored Cross-Site Scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-6824" View CVE Details /a /p hr h4 Affected Products /h4 h5 CP Plus 8 Ch. Network Video Recorder /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br CP Plus /div div class="ics-version" strong Product Version: /strong br CP Plus CP-UNR-108F1 Hardware: V1.0, CP Plus CP-UNR-108F1 Web: V3.2.7.128806, CP Plus CP-UNR-108F1 System: V4.001.00AT009.0.R /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br CP Plus recommends updating the firmware on the device to the latest firmware version. /p p strong Mit

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-148-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary handle values and change clinical readings, which could result in taking control of the device and lead to patient harm. /strong /p p The following versions of Fourth Frontier Frontier X Mobile Application, Frontier X2 are affected: /p ul li Frontier X Android application vers lt;v15.0.0 /li li Frontier X IOS application vers lt;v25.0.0 /li li Frontier X2 vers:all/* /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td Fourth Frontier /td td Fourth Frontier Frontier X Mobile Application, Frontier X2 /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Healthcare and Public Health /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-5768 /a /h3 div class="csaf-accordion-content" p The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities, triggering vibrations, causing denial-of-service conditions, and fuzzing characteristic values to induce unexpected behavior. Additionally, the Frontier X mobile application lacks proper BLE device authentication, allowing attackers to impersonate a legitimate Frontier X2 device and connect to the application. By cloning BLE advertisements and exposing expected GATT characteristics, attackers can manipulate activity states and inject fabricated health telemetry such as breathing rate, heart rate, strain, and other health-related data into the mobile application. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-5768" View CVE Details /a /p hr h4 Affected Products /h4 h5 Fourth Frontier Frontier X Mobile Application, Frontier X2 /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Fourth Frontier /div div class="ics-version" strong Product Version: /strong br Fourth Frontier Frontier X Android application: lt;v15.0.0, Fourth Frontier Frontier X IOS application: lt;v25.0.0, Fourth Frontier Frontier X2: vers:all/* /div div class="ics-sta

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-04.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could gain physical, unauthorized access to a Building where the product is installed /strong /p p The following versions of ABB Busch-Welcome 2 Wire Door Opener Actuator are affected: /p ul li Switch Actuator 4 DU vers:all/* nbsp; /li li Switch actuator, door/light 4 DU vers:all/* nbsp; /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 6.8 /td td ABB /td td ABB Busch-Welcome 2 Wire Door Opener Actuator /td td Active Debug Code /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-7705 /a /h3 div class="csaf-accordion-content" p Authentication bypass due to compatibility mode enabled by default /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-7705" View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB Busch-Welcome 2 Wire Door Opener Actuator /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br ABB /div div class="ics-version" strong Product Version: /strong br Switch Actuator 4 DU -83330 - All Versions, Switch actuator, door/light 4 DU -83330-500 - All Versions /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br The following actions need to be executed on premise where the respective Busch-Welcome® System is installed: • While the Busch-Welcome® System is in operation, toggle the mode switch on the product from “Door-Open” - to “Light” – Mode, wait one second and switch back to “Door-Open” - Mode. • Restart the Busch-Welcome® System with a Power reset (mains power off and on again). By executing the above steps, the system will recalibrate itself during boot up and will correct the misconfiguration automatically. ABB recommends that customers apply the above listed actions at the earliest convenience. /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/489.html" CWE-489 Active Debug Code /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tables

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could result in an attacker gaining administrator access to the device. /strong /p p The following versions of Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter are affected: /p ul li USR-W610 RS232/485 to Wi-Fi/Ethernet Converter 7.03T.07 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Jinan USR IOT Technology Limited (PUSR) /td td Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter /td td Use of Hard-coded Credentials /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong China /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-7786 /a /h3 div class="csaf-accordion-content" p The device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-7786" View CVE Details /a /p hr h4 Affected Products /h4 h5 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Jinan USR IOT Technology Limited (PUSR) /div div class="ics-version" strong Product Version: /strong br Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter: 7.03T.07 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Jinan USR IOT Technology Limited (PUSR) did not respond to CISA's attempts at coordination. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date. /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/798.html" CWE-798 Use of Hard-coded Credentials /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th ro

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-07.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Schneider Electric is aware of a vulnerability in its EcostruxureTM Machine Expert HVAC product. The [EcostruxureTM Machine Expert HVAC](https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC/) product is a programming software for Modicon M171-M172 logic controllers. Failure to apply the remediation provided below may risk in revealing sensitive information, which could result in disclosing protected source code, leading to loss of confidentiality. /strong /p p The following versions of Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01) are affected: /p ul li Ecostruxure™ Machine Expert HVAC vers lt;1.10.0 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 5.5 /td td Schneider Electric /td td Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01) /td td Cleartext Storage of Sensitive Information /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Chemical, Critical Manufacturing, Energy, Water and Wastewater /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong France /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-6332 /a /h3 div class="csaf-accordion-content" p CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, when an authorized attacker accesses the source code for editing or compiling it. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-6332" View CVE Details /a /p hr h4 Affected Products /h4 h5 Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01) /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Schneider Electric /div div class="ics-version" strong Product Version: /strong br Ecostruxure™ Machine Expert HVAC Versions prior to 1.10.0 /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Version 1.10.0 of Ecostruxure™ Machine Expert HVAC includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC_1_10_0/ nbsp; br a href="https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC_1_10_0/"

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-03.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited these vulnerabilities could access sensitive information stored inside the device and can change the configuration of the device. /strong /p p The following versions of ABB EIBPORT are affected: /p ul li EIBPORT V3 KNX (2CLA963710W1001) lt;3.9.2 /li li EIBPORT V3 KNX (2CSM256242R2001) lt;3.9.2 /li li EIBPORT V3 KNX GSM (2CLA963720W1001) lt;3.9.2 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8 /td td ABB /td td ABB EIBPORT /td td Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing, Information Technology /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2021-22291 /a /h3 div class="csaf-accordion-content" p The vulnerability allows the successful attacker to receive a copy of the session id. /p p a href="https://www.cve.org/CVERecord?id=CVE-2021-22291" View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB EIBPORT /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br ABB /div div class="ics-version" strong Product Version: /strong br EIBPORT V3 KNX (2CLA963710W1001) Version lt;3.9.2, EIBPORT V3 KNX (2CSM256242R2001) Version lt;3.9.2, EIBPORT V3 KNX GSM (2CLA963720W1001) version lt; 3.9.2 /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br ABB recommends that customers apply the update at the earliest convenience. /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/79.html" CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Sc

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a

A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme. [...]

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The

Strong Active Directory passwords don't have to come at the expense of usability. Specops Software explains how passphrases, breached password protection, and self-service resets can improve security without frustrating users. [...]

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three to five AI tools on any given day. Most were never reviewed by IT. A significant portion connects

p CISA has added nbsp;three nbsp;new vulnerabilities nbsp;to its nbsp; a href= https://www.cisa.gov/known-exploited-vulnerabilities-catalog Known Exploited Vulnerabilities (KEV) Catalog /a , based on evidence of active exploitation. /p ul type= disc li a href= https://www.cve.org/CVERecord?id=CVE-2026-8398 target= _blank CVE-2026-8398 /a nbsp;Daemon Tools Lite Embedded Malicious Code Vulnerability /li li a href= https://www.cve.org/CVERecord?id=CVE-2026-45321 target= _blank CVE-2026-45321 /a nbsp;TanStack nbsp;Unspecified Vulnerability /li li a href= https://www.cve.org/CVERecord?id=CVE-2026-48027 target= _blank CVE-2026-48027 /a nbsp;Nx Console Embedded Malicious Code Vulnerability /li /ul p These nbsp;types nbsp;of vulnerabilities are nbsp;frequent attack vectors nbsp;for malicious cyber actors and pose significant risks to the federal enterprise. /p p a href= https://www.cisa.gov/binding-operational-directive-22-01 Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /a nbsp;established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the nbsp; a href= https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf BOD 22-01 Fact Sheet /a nbsp;for more information. /p p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing nbsp;timely nbsp;remediation of nbsp; a href= https://www.cisa.gov/known-exploited-vulnerabilities-catalog KEV Catalog vulnerabilities /a nbsp;as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the nbsp; a href= https://www.cisa.gov/known-exploited-vulnerabilities specified criteria /a . /p

The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. [...]

Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and quietly accumulate risk long before anyone labels them an "incident." That changes the role of the SOC entirely. The

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Anthropic says its Claude Mythos AI identified more than 10,000 software vulnerabilities in one month, including critical flaws in open-source code.

The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon Black.