How has use of framing protection security headers changed in the past 3 years? https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-in https://github.com/orgs/community/discussions/198547 Adobe Patches https://helpx.adobe.com/security.html Rogue Planet new Microsoft Defender Vulnerability https://github.com/MSNightmare/RoguePlanet My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich
June 2026 Patch Tuesday: 206 Vulnerabilities, Three Zero-Days Including HTTP/2 Bomb Flaw (CVE-2026-49160) Microsoft released its June 2026 Patch Tuesday security updates, resolving a total of 206 vulnerabilities across Windows and a wide range of Microsoft products and components. This month’s release includes three publicly disclosed zero-day vulnerabilities, one of which is linked to the […]
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire „critical“ rating, and exploit code for at least three of the weaknesses is now […]
Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.
Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments https://kb.cert.org/vuls/id/615987 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. […]
Continuing Scans for swagger.json https://isc.sans.edu/diary/Continuing+Scans+for+swaggerjson/33044/#comments Fake call detection on Android https://blog.google/security/android-fake-call-detection/ Anthropic’s coordinated vulnerability disclosure dashboard https://red.anthropic.com/2026/cvd/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich