Friday , July 10 2026

Alert

ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks

SD-WAN

Cisco on Monday told customers about a new SD-WAN product flaw used in attacks. The flaw, called CVE-2026-20262, is a medium-severity issue that lets files be written anywhere in the Catalyst SD-WAN Manager. “This file could later be used to elevate to root,” Cisco explained, adding, “To exploit this vulnerability, …

Read More »

Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion

Wazuh

A critical security flaw has affected the open-source security community. Recently, complete details and working exploit code were shared online. This critical Wazuh  flaw lets verified endpoints change central log systems directly. So, any company testing this new platform must take urgent action. If not, they risk major damage to …

Read More »

CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited

GlobalProtect

Palo Alto Networks Unit 42 has given an urgent alert about the active use of CVE-2026-0257. This is a serious security hole that allows bypassing authentication in the GlobalProtect portal and gateway parts of PAN-OS software. The flaw lets unauthenticated remote attackers bypass security measures and start unauthorized VPN connections …

Read More »

New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges

RoguePlanet

A security expert shared a new Microsoft Defender vulnerability called “RoguePlanet” only hours after Microsoft fixed two earlier problems in June 2026 Patch Tuesday. The researcher named Nightmare Eclipse says a new flaw affects fully updated Windows 10 and Windows 11 devices. It lets attackers open a command prompt with SYSTEM …

Read More »

Microsoft June Patches 200 Vulnerabilities including 3 zero days

June

Microsoft’s June 2026 Patch Tuesday updates fix about 200 security flaws found in the company’s products. None of the flaws fixed this month seem to have been used by anyone outside, but three issues were shared publicly before Microsoft fixed them. One of them is CVE-2026-49160, which is a denial-of-service (DoS) …

Read More »

VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts

VMware

Broadcom has revealed three stored cross-site scripting (XSS) flaws that affect VMware Cloud Foundation Operations and some other products. They warn that attackers who are logged in could add harmful scripts to do admin tasks in the system. Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the issues were fixed in the …

Read More »