InfoSecBulletin Cybersecurity for mankind
Splunk has put out security updates for many flaws in Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit. These issues could cause denial-of-service (DoS) attacks and expose sensitive information.
The flaws revealed on May 20, 2026, have three known weaknesses: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Organizations should quickly apply patches or turn off the Splunk Archiver app if it is not needed. But, turning off the app could disrupt automated data archiving tasks.
Splunk strongly urges users to:
Upgrade all affected components to the latest secure versions.
Restrict access to sensitive indexes such as _internal.
Review role-based access controls and inherited permissions.
Disable vulnerable apps if patches cannot be applied immediately.
These flaws show the dangers of wrong access settings, not enough checks on inputs, and unsafe logging habits. Patching on time and managing settings well are very important to keep Splunk safe from attacks.
Cisco
Cisco has released security updates to fix a serious Secure Workload problem that lets attackers take over Site Admin roles.
Cisco Secure Workload, once called Cisco Tetration, helps managers make their networks safer. It does this by using zero trust microsegmentation to lower risks and prevent movement across the network to protect business applications.
The security issue called CVE-2026-20223 was discovered in Secure Workload’s REST APIs. It allows attackers without an account to use the Site Admin’s privileges to access resources.
“This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint,” Cisco explained in a Wednesday advisory.
“A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.”
Cisco says there are no solutions for this security problem, has released updates to fix it for on-premises customers, and has already taken care of it in the cloud-based Cisco Secure Workload SaaS service.
Over 100 Cisco Secure Email Devices Exposed to Zero‑Day Attack
