Friday , July 10 2026

Vulnerabilities

“sockpuppeting” can jailbreak 11 AI models like ChatGPT, Claude, and Gemini

“sockpuppeting”

Newly identified jailbreak technique dubbed “sockpuppeting” lets attackers bypass the safety guardrails of 11 major large language models (LLMs) using a single line of code. This method uses APIs that allow assistant prefill to add fake acceptance messages. This makes models give answers to banned requests. The attack takes advantage …

Read More »

Palo Alto Fixes 3 Security Flaws: Agent Disabling to System Privileges

GlobalProtect

Palo Alto Networks has issued important updates to fix 3 different flaws in its security products. These issues affect the Cortex XDR Agent, the Autonomous Digital Experience Manager (ADEM), and Cortex XSOAR/XSIAM platforms. The flaws include ways to skip local protection and access resources without permission. The first flaw, known …

Read More »

IBM Identity and Verify Access Vulns Allow to Access Sensitive Data

Verify Access

A security bulletin alert points out several flaws in IMB Verify Identity Access and Security Verify Access products. Tracked as CVE-2026-2862 and CVE-2026-1491, these flaws in HTTP request smuggling come from problems with reverse proxy management and have a CVSS score of 5.3. A remote attacker who is not logged in …

Read More »

Fortinet FortiClient EMS 0-Day Flaw Actively Exploited

EMS

Fortinet has released an urgent fix after security experts disclosed a zero-day flaw in FortiClient EMS that is being used by hackers. CVE-2026-35616 is an Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. Successful attacks do not …

Read More »

ALERT
Patch now! Cisco Patches 9.8 CVSS IMC and SSM Flaws

IMC

Cisco has published updates to fix a security issue in the Integrated Management Controller (IMC). If this flaw is used successfully, a remote attacker without authorization could skip authentication and access the system with higher privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a …

Read More »

14,000+ F5 BIG-IP APM instances still exposed on internet

14,000 BIG-IP APM

Shadowserver has found more than 14,000 BIG-IP APM instances visible on the internet during ongoing attacks that use a remote code execution (RCE) weakness. BIG-IP APM is F5’s centralized access management proxy solution designed to help admins secure access to their organizations’ networks, cloud, applications, and application programming interfaces (APIs). This …

Read More »

ALERT
Critical Fortinet Forticlient and Citrix NetScaler memory flaws now under attack

Threat intelligence company Defused said attackers are now actively exploiting a critical vulnerability in Fortinet’s FortiClient EMS platform. This SQL injection flaw, known as CVE-2026-21643, lets attackers run any code on systems that aren’t fixed. They can do this with simple attacks aimed at the FortiClient EMS web interface using …

Read More »

ALERT
CISA Alerts of F5 BIG-IP Flaw Actively Exploited in Attacks

F5 BIG-IP

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new flaw in F5 BIG-IP systems to its Known Exploited Vulnerabilities (KEV) list. They warned that this flaw is being used in real-world attacks. The vulnarability, known as CVE-2025-53521, was officially noted on March 27, 2026, and federal agencies must …

Read More »

ALERT
CISA warns to patch DarkSword iOS flaws exploited in attacks

flaws

An urgent warning about three important Apple flaws that are being used by hackers. These security flaws, known as CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, were added to CISA’s list of Known Exploited Vulnerabilities (KEV). Security experts have connected this group of three flaws to the advanced DarkSword iOS attack method. Hackers …

Read More »