soc

CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities F5 has released out-of-band security updates for two NGINX vulnerabilities that can affect exposed web infrastructure: CVE-2026-42530 and CVE-2026-42055. The first issue affects NGINX’s HTTP/3 QUIC handling. The second affects specific HTTP/2 and gRPC proxying configurations. Both can be triggered remotely and may cause NGINX worker processes to […]

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20253 Splunk Enterprise Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing […]

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways.   To defend against this […]

SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the Most Extensive Dataset on the Fortinet Credential Leak The team that first analyzed the FortiBleed leak now opens its research to the public, having already alerted thousands of customers and national CERTs — and invites every government cybersecurity agency to coordinate on the data. SOCRadar, the […]

FortiSandbox Vulnerabilities Expose Systems to Auth Bypass and Command Execution Fortinet FortiSandbox administrators should review their environments after several critical vulnerabilities raised concern around authentication bypass and command execution risks. The flaws affect FortiSandbox API and Web UI components. In vulnerable deployments, attackers may be able to bypass authentication, escalate privileges, or execute commands without […]

May 2026: TeamPCP’s Supply Chain Blitz Hits Checkmarx, GitHub, and npm May 2026 was defined by two threat actors operating at full intensity in parallel. ShinyHunters executed a major education-sector attack, exploiting a low-friction account program to breach Instructure’s Canvas platform, defacing login portals at hundreds of universities, and ultimately forcing a settlement. A separate […]

The Compromise of 30,000 Fortinet Firewalls Fortinet firewalls and VPN gateways are among the most widely deployed network security devices in the world. Organizations across every sector rely on them to control access to their networks and protect sensitive infrastructure. SOCRadar researchers recently discovered that a threat actor has been systematically compromising these devices at […]

Cisco has released security updates for an SD-WAN vManage flaw exploited in zero-day attacks. The issue, tracked as CVE-2026-20262, affects Cisco Catalyst SD-WAN Manager and can allow an authenticated remote attacker to create or overwrite files on the underlying operating system, opening a path to root privilege escalation. Public reporting says the flaw was exploited […]

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48907 Widget Factory Joomla Content Editor Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: […]

Top 5 Phishing Domain Takedown Service Phishing attacks remain one of the most persistent and scalable threats facing organizations today. In Q1 2026 alone, approximately 8.3 billion email-based phishing threats detected. Phishing-as-a-Service (PhaaS) platforms now account for a growing share of campaigns, enabling threat actors with minimal technical skill to launch credential-harvesting operations at an […]