A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company’s AI chatbot system. The flaw, called “Rogue Agent,” was revealed by Varonis Threat Labs. It could secretly steal conversations and allow big phishing attacks, needing just one edit permission to start. GCP Dialogflow …
Read More »CIRT identified 153 publicly exposed FortiGate devices in Bangladesh
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally, affecting organizations across 194 countries. The systems have the “fortibleed” label, meaning they might be at risk for losing login details and being accessed without permission due to issues with …
Read More »CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware
Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to the device’s web interface. An attacker can use this flaw, known as CVE-2026-11405, to skip the password check and take full control without proper login details, the CERT Coordination Center (CERT/CC) reported on Monday. “An …
Read More »CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious problem affecting Microsoft SharePoint Server to its list of known threats on Wednesday. They reported that this flaw is currently being exploited. The weakness, called CVE-2026-45659 (CVSS score: 8.8), allows bad code to run from unsafe data. Microsoft fixed …
Read More »900+ Oracle E-Business instances Exposed Online
The Shadowserver Foundation found about 950 Oracle E-Business Suite (EBS) systems on the internet around the world. This discovery came after they improved their fingerprinting method with help from Validin LLC. The new detection method now uses both domain scanning and regular IP scanning. It has found active attacks using …
Read More »Chrome Update Patches 382 Vulnerabilities, Including 15 Critical
Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical issues that could allow attackers to run harmful code and take over the browser if not fixed. Google is sending out this update for Windows, macOS, Linux, and Chrome for iOS. The update has security …
Read More »Apple fixes more than 30 iOS, macOS, and Safari flaws
Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more than thirty issues, including four problems in WebKit found using AI tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below: CVE-2026-43707: A memory corruption issue that could result in an …
Read More »CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) asked Fortinet users with FortiGate devices on Thursday to act to protect against harmful attacks on many internet-connected devices. The large campaign, thought to be done by Russian-speaking hackers, is called FortiBleed. There are 86,644 targeted devices as of June 19, 2026. …
Read More »CISA: Splunk flaw under active exploit, patch by Sunday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has asked federal agencies to protect their systems by Sunday from a serious Splunk Enterprise flaw that is being used in attacks. Tracked as CVE-2026-20253, this security flaw impacts Splunk Enterprise (versions 10.2.0 to 10.2.3 and 10.0.0 to 10.0.6). It lets remote …
Read More »Critical Cisco ISE Vulnerability Enables Remote Code Execution
Cisco has revealed critical security flaws in its Identity Services Engine (ISE). These flaws could let attackers run harmful code from afar and get sensitive information, which is a big risk for business networks. The flaw, noted as CVE-2026-20181 and CVE-2026-20190, were shared in advisory ID cisco-sa-ise-multi-G5WP8vv on June 17, …
Read More »
InfoSecBulletin Cybersecurity for mankind