F5 has shared a security warning about serious flaws in NGINX. These issues could let attackers run any code and cause denial-of-service (DoS) attacks in affected systems. The notice, published on June 17, 2026, points out important problems affecting NGINX Open Source, NGINX Plus, and related products like NGINX Gateway …
Read More »New Rokarolla Android malware hits 217 banking and crypto apps
A new Android banking trojan called Rokarolla is hitting 217 banking and cryptocurrency apps with a wide range of 137 commands. The harmful software spreads through bad websites pretending to offer the Google Chrome or TikTok app and can gain full control over a hacked device. Its abilities include stealing …
Read More »
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
Cisco on Monday told customers about a new SD-WAN product flaw used in attacks. The flaw, called CVE-2026-20262, is a medium-severity issue that lets files be written anywhere in the Catalyst SD-WAN Manager. “This file could later be used to elevate to root,” Cisco explained, adding, “To exploit this vulnerability, …
Read More »Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
A critical security flaw has affected the open-source security community. Recently, complete details and working exploit code were shared online. This critical Wazuh flaw lets verified endpoints change central log systems directly. So, any company testing this new platform must take urgent action. If not, they risk major damage to …
Read More »
CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited
Palo Alto Networks Unit 42 has given an urgent alert about the active use of CVE-2026-0257. This is a serious security hole that allows bypassing authentication in the GlobalProtect portal and gateway parts of PAN-OS software. The flaw lets unauthenticated remote attackers bypass security measures and start unauthorized VPN connections …
Read More »Chrome 149 fixes 28 flaws, including critical UAF bugs
Google has released a big security update for Chrome on desktops. Version 149.0.7827.114/.115 is now out for Windows and Mac. Linux gets version 149.0.7827.114. The update will keep going in the next days and weeks. This update fixes 28 security flaws. Some of these are very serious. They might let …
Read More »Dahua patches multiple critical vulnerabilities in its products
A security notice has revealed serious flaws in some Dahua products. Network admins need to fix these issues fast. The official DHCC-SA-202606-001 alert points out three major problems with different IP cameras (IPC), PTZ cameras (SD), network video recorders (NVR), and other special devices. If not fixed, these risky flaws …
Read More »New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
A security expert shared a new Microsoft Defender vulnerability called “RoguePlanet” only hours after Microsoft fixed two earlier problems in June 2026 Patch Tuesday. The researcher named Nightmare Eclipse says a new flaw affects fully updated Windows 10 and Windows 11 devices. It lets attackers open a command prompt with SYSTEM …
Read More »Microsoft June Patches 200 Vulnerabilities including 3 zero days
Microsoft’s June 2026 Patch Tuesday updates fix about 200 security flaws found in the company’s products. None of the flaws fixed this month seem to have been used by anyone outside, but three issues were shared publicly before Microsoft fixed them. One of them is CVE-2026-49160, which is a denial-of-service (DoS) …
Read More »VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
Broadcom has revealed three stored cross-site scripting (XSS) flaws that affect VMware Cloud Foundation Operations and some other products. They warn that attackers who are logged in could add harmful scripts to do admin tasks in the system. Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the issues were fixed in the …
Read More »
InfoSecBulletin Cybersecurity for mankind