| unknown |
EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks |
news |
general-news |
|
|
2026-06-17 |
| high |
145 Mastra npm Packages Compromised via Hijacked Contributor Account |
news |
general-news |
|
supply-chain |
2026-06-17 |
| unknown |
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution |
news |
general-news |
|
|
2026-06-17 |
| unknown |
Fileless Phantom Stealer Targets Browser Credentials |
news |
general-news |
|
|
2026-06-16 |
| unknown |
AI’s constant patching treadmill can be a security problem |
news |
general-news |
|
|
2026-06-16 |
| unknown |
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection |
news |
general-news |
|
|
2026-06-16 |
| unknown |
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting |
news |
general-news |
|
|
2026-06-16 |
| unknown |
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures |
news |
general-news |
|
|
2026-06-16 |
| unknown |
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence |
news |
general-news |
|
|
2026-06-16 |
| critical |
'Lorem Ipsum' Malware Pivots to ClickFix Delivery |
news |
general-news |
|
ransomware |
2026-06-16 |
| high |
SprySOCKS Backdoor Expands From Linux to Windows |
news |
general-news |
|
botnet |
2026-06-16 |
| unknown |
SD1775 | FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
SD1777 | FactoryTalk® Analytics™ PavilionX™ - Improper API Authorization |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
SD1773 | FactoryTalk Historian Site Edition - Multiple Vulnerabilities |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
SD1776 | CompactLogix 5370 Controllers – Multiple Vulnerabilities |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Rokarolla Trojan Combines Banking Fraud With Device Surveillance |
news |
general-news |
|
|
2026-06-16 |
| critical |
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds |
news |
general-news |
|
ransomware |
2026-06-16 |
| unknown |
SD1772 | Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| high |
Rockwell Automation CompactLogix |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-06-16 |
| high |
Rockwell Automation FactoryTalk Analytics PavilionX |
advisory |
cisa-advisories, vendor-blogs |
|
ics |
2026-06-16 |
| high |
Rockwell Automation RSLinx |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-06-16 |
| high |
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-06-16 |
| high |
Rockwell Automation FLEX I/O EtherNet/IP Adapters |
advisory |
cisa-advisories, vendor-blogs |
|
phishing, ics |
2026-06-16 |
| critical |
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company |
news |
general-news |
|
ransomware, botnet |
2026-06-16 |
| unknown |
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive |
news |
general-news |
|
|
2026-06-16 |
| unknown |
Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats |
news |
general-news |
|
|
2026-06-16 |
| unknown |
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week |
news |
general-news |
|
|
2026-06-16 |
| high |
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth |
news |
general-news |
|
botnet |
2026-06-16 |
| medium |
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware |
news |
general-news |
|
phishing |
2026-06-16 |
| unknown |
CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext. |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw |
news |
general-news |
|
|
2026-06-16 |
| unknown |
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation |
news |
general-news |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11700 Use after free in Tracing |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11696 Uninitialized Use in Video |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11695 Inappropriate implementation in Passwords |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11694 Use after free in ServiceWorker |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11693 Inappropriate implementation in Plugins |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11692 Use after free in Read Anything |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11690 Out of bounds read and write in Media |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11688 Object lifecycle issue in SVG |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11687 Use after free in Dawn |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11684 Insufficient policy enforcement in Network |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11683 Use after free in WebCodecs |
advisory |
vendor-blogs |
|
|
2026-06-16 |
| unknown |
Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views |
advisory |
vendor-blogs |
|
|
2026-06-16 |