InfoSecBulletin Cybersecurity for mankind
CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation.
The list of flaws is as follows:
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem
Data breach affects 14.2 million email logins across six ISPs
Asian Two AI startups launch Mythos-like Model
Polymarket Hack Reportedly Results in $3 Million Theft
Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5
Hackers Target Cloudflare-Hosted AWS Domains to Steal Console Logins
Daily Cyber security update for 26. 06. 2026
WhatsApp to Alert Users Before Chatting With New Numbers
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
CVE-2014-3931 (CVSS score: 9.8) A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption.
CVE-2016-10033 (CVSS score: 9.8) A command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of the application or result in a denial-of-service (DoS) condition.
CVE-2019-5418 (CVSS score: 7.5) A path traversal vulnerability in Ruby on Rails’ Action View that could cause contents of arbitrary files on the target system’s file system to be exposed
CVE-2019-9621 (CVSS score: 7.5) A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could result in unauthorized access to internal resources and remote code execution.
No public reports exist on the exploitation of the first three vulnerabilities in real attacks. However, Trend Micro linked the exploitation of CVE-2019-9621 to a Chinese threat actor named Earth Lusca in September 2023, who used it to deploy web shells and Cobalt Strike.
