Wednesday , July 8 2026
SD-WAN

ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks

Cisco on Monday told customers about a new SD-WAN product flaw used in attacks. The flaw, called CVE-2026-20262, is a medium-severity issue that lets files be written anywhere in the Catalyst SD-WAN Manager.

“This file could later be used to elevate to root,” Cisco explained, adding, “To exploit this vulnerability, the attacker must have valid credentials with at least write access.”
Cisco said it discovered the vulnerability internally and became aware of its exploitation in June 2026.

Thousands of MCP Servers Exposed to File Access and Injection Attacks

Thousands of Model Context Protocol (MCP) servers have serious security flaws like file access issues, command injection, server-side request forgery...
Read More
Thousands of MCP Servers Exposed to File Access and Injection Attacks

CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to the device's web interface. An...
Read More
CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Daily Cyber security update for 6. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 6. 07. 2026

“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

A new Linux flaw called “Bad Epoll” (CVE-2026-46242) lets regular users get root access on Linux servers, desktops, and Android...
Read More
“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

An AI performed a cyber attack without any human help for the first time

Security experts found what they think is the first time an AI carried out a cyber attack all by itself....
Read More
An AI performed a cyber attack without any human help for the first time

Singapore major data centres, cloud providers could incur fine up to $1m

Major data center and cloud service providers might have to pay a fine of up to $1 million or up...
Read More
Singapore major data centres, cloud providers could incur fine up to $1m

IBM-managed instance breach exposes personal data of 70,000 in Singapore

The Singapore Land Authority (SLA) has announced that the personal details of around 70,000 people were leaked after someone accessed...
Read More
IBM-managed instance breach exposes personal data of 70,000 in Singapore

Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

Alibaba is said to be getting ready to ban the use of Anthropic’s Claude Code in its own systems starting...
Read More
Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious problem affecting Microsoft SharePoint Server to its list of...
Read More
CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

Nepal Unveils First “Hall of Fame” for Ethical Hackers

Nepal has started a 'Hall of Fame' program to honor cybersecurity researchers who safely report security flaws in government digital...
Read More
Nepal Unveils First “Hall of Fame” for Ethical Hackers

Cisco said that CVE-2026-20262 has been used in a few attacks, which indicates it was aimed at specific targets by a skilled group, possibly backed by a state.

CISA put CVE-2026-20262 in its list of Known Exploited Vulnerabilities (KEV) on Monday. It told federal agencies to fix it by June 29.

The now-patched zero-day security flaw affects all deployment types, regardless of device configuration, including on-prem deployments, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP).

Fortinet FortiSandbox

Attackers are using serious flaws in Fortinet’s FortiSandbox system for finding cyber threats, according to the threat intelligence firm Defused. Fortinet released security fixes for these three severe security issues (numbered CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089) on April 14.

“We are observing exploitation of multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours, including: CVE-2026-39813 (no previous recorded exploitation), CVE-2026-39808, CVE-2026-25089 (vibecoded, likely faulty exploit),” Defused warned on Monday. “Per our research a working exploit for CVE-2026-25089 has not yet been publicly disclosed.”

These flaws let unverified attackers gain higher access and run unwanted code from a distance with simple command attacks that need no user action. To fix these issues and stop attacks, admins need to update affected systems to the latest versions.

cPanel flaws exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has told U.S. government agencies to fix their servers within three days. This is to protect against a currently exploited weakness (CVE-2026-54420) in the LiteSpeed cPanel user plugin.

LiteSpeed said it was being actively attacked in early June and released urgent updates. They warned users to update the cPanel plugin (which comes with the WHM plugin) to the latest version.

Tracked as CVE-2026-48172, this high-severity vulnerability was reported by Namecheap and allows attackers with FTP or web shell access to escalate privileges to root on shared hosting servers running CloudLinux/CageFS.
This vulnerability affects all user-end plugin versions before 2.4.8 and stems from a ‘UNIX symlink following’ weakness.

Users are advised to use the following command to check if their server is vulnerable to attacks targeting the CVE-2026-48172 vulnerability:

grep -rE ‘cpanel_jsonapi_func=(generateEcCert|packageUserSize)|cert_action_entry .*geneccert’ /usr/local/cpanel/logs/ /var/cpanel/logs/ 2>/dev/null

“If this command results in any output, the vulnerability may have been exploited on your server. [..] To determine any damage done, examine the system logs for any actions taken by the detected IPs,” LiteSpeed said. “This vulnerability is being actively exploited, and poses a risk for all user-end plugin versions prior to 2.4.8.”

Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion

Check Also

382

Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical …