soc

📅 Kalender

< July 2026 >
Mo
Di
Mi
Do
Fr
Sa
So
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
soc

CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE

CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE Splunk Enterprise admins should prioritize patching CVE-2026-20253, a critical vulnerability that allows a network-reachable, unauthenticated attacker to create or truncate arbitrary files on the Splunk server. Under certain conditions, this can be chained into remote code execution (RCE), making exposure the main risk driver. CISA has […]

Mehr lesen →
soc

CVE-2026-42530: Critical NGINX HTTP/3 Flaw Can Trigger DoS and Possible RCE

F5 has released out-of-band security updates to address multiple NGINX Vulnerabilities, including CVE-2026-42530, a critical issue in the ngx_http_v3_module that can be exploited by a remote, unauthenticated attacker. The flaw is a use-after-free condition in NGINX’s HTTP/3 implementation that can cause worker-process restarts and denial of service, and in environments where ASLR is disabled or […]

Mehr lesen →
soc

FortiBleed: Everything You Need to Know

FortiBleed: Everything You Need to Know This is a developing story. Figures and findings are updated as the investigation continues. 1. What is FortiBleed? FortiBleed is an active, large-scale credential theft campaign targeting internet-exposed Fortinet FortiGate firewalls and SSL VPN gateways. The same threat actor has also been observed targeting FortiWeb and MSSQL services as […]

Mehr lesen →
soc

CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities

CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities F5 has released out-of-band security updates for two NGINX vulnerabilities that can affect exposed web infrastructure: CVE-2026-42530 and CVE-2026-42055. The first issue affects NGINX’s HTTP/3 QUIC handling. The second affects specific HTTP/2 and gRPC proxying configurations. Both can be triggered remotely and may cause NGINX worker processes to […]

Mehr lesen →
soc

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20253 Splunk Enterprise Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing […]

Mehr lesen →
soc

CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways.   To defend against this […]

Mehr lesen →
soc

SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the Most Extensive Dataset on the Fortinet Credential Leak

SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the Most Extensive Dataset on the Fortinet Credential Leak The team that first analyzed the FortiBleed leak now opens its research to the public, having already alerted thousands of customers and national CERTs — and invites every government cybersecurity agency to coordinate on the data. SOCRadar, the […]

Mehr lesen →
soc

FortiSandbox Vulnerabilities Expose Systems to Auth Bypass and Command Execution

FortiSandbox Vulnerabilities Expose Systems to Auth Bypass and Command Execution Fortinet FortiSandbox administrators should review their environments after several critical vulnerabilities raised concern around authentication bypass and command execution risks. The flaws affect FortiSandbox API and Web UI components. In vulnerable deployments, attackers may be able to bypass authentication, escalate privileges, or execute commands without […]

Mehr lesen →
soc

May 2026: TeamPCP’s Supply Chain Blitz Hits Checkmarx, GitHub, and npm

May 2026: TeamPCP’s Supply Chain Blitz Hits Checkmarx, GitHub, and npm May 2026 was defined by two threat actors operating at full intensity in parallel. ShinyHunters executed a major education-sector attack, exploiting a low-friction account program to breach Instructure’s Canvas platform, defacing login portals at hundreds of universities, and ultimately forcing a settlement. A separate […]

Mehr lesen →
soc

The Compromise of 30,000 Fortinet Firewalls

The Compromise of 30,000 Fortinet Firewalls Fortinet firewalls and VPN gateways are among the most widely deployed network security devices in the world. Organizations across every sector rely on them to control access to their networks and protect sensitive infrastructure. SOCRadar researchers recently discovered that a threat actor has been systematically compromising these devices at […]

Mehr lesen →