CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching. The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek.
Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. The post Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks appeared first on SecurityWeek.
Die Erpressergruppe ShinyHunters missbraucht eine kritische Zero-Day-Lücke in Oracle PeopleSoft, um Daten aus Hochschulen und Unternehmen zu stehlen. Sicherheitsforscher von Mandiant dokumentieren Angriffe auf mehr als 100 Organisationen, rund 68 Prozent davon aus dem Hochschulbereich. Oracle hat am 10.06.2026 einen Patch veröffentlicht, der umgehend eingespielt werden sollte.
Oracle has released mitigations for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek.
The PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode. The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek.
Microsoft schließt im Juni-Patchday rund 206 Schwachstellen, darunter 33 kritische. Ein aktiv ausgenutzter Zero-Day in Defender und drei vor dem Patch öffentlich bekannte Lücken erhöhen den Handlungsdruck. Zusätzlich liefert Microsoft außerplanmäßige Sicherheitsupdates für Exchange Server.
Google has released emergency Chrome updates to address a Chrome zero-day vulnerability, a high-severity out-of-bounds read/write issue in the V8 JavaScript engine. Google says an exploit exists in the wild, and the patched Stable builds are rolling out as 149.0.7827.102.103 for Windows and Mac and 149.0.7827.102 for Linux. Public reporting says the flaw can be […]
Cisco has disclosed a seventh SD-WAN zero-day exploited in 2026, tracked as CVE-2026-20245. The flaw affects the command-line interface of Cisco Catalyst SD-WAN Manager and can allow an authenticated remote attacker with netadmin privileges to execute arbitrary commands as root by uploading a crafted file. Cisco says exploitation has already been observed in limited cases, […]