CVE-2026-8037: Critical Pre-Auth RCE in Progress Kemp LoadMaster Puts Enterprise Networks at Risk
A CVSS 9.8 pre-authentication remote code execution vulnerability (CVE-2026-8037) in Progress Kemp LoadMaster allows unauthenticated attackers to run arbitrary commands on enterprise network edge appliances. Patched versions are...
Critical Microsoft 365 RCE Flaw CVE-2025-60727 Exploitable via Malicious Excel Files — Patch Now
Microsoft has disclosed CVE-2025-60727, a critical out-of-bounds read remote code execution vulnerability in Microsoft 365 Apps, Excel 2016, and multiple Office versions. An attacker can achieve full system...
Hackers Actively Exploit CVE-2026-46817 in Oracle E-Business Suite — 456 Attacks Recorded in 24 Hours
Threat actors are actively exploiting CVE-2026-46817, a critical CVSS 9.8 unauthenticated remote takeover flaw in Oracle E-Business Suite, with 456 attack hits recorded in a single day across...
Palo Alto GlobalProtect VPN Authentication Bypass CVE-2026-0257 Under Active Exploitation — Patch Now
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a critical authentication bypass in GlobalProtect portal and gateway components that lets unauthenticated attackers establish unauthorized VPN sessions. CISA...
25-Year-Old cURL Vulnerability Patched in Record-Breaking Security Release Fixing 18 CVEs
A critical authentication bypass flaw in cURL that had existed undetected for over 25 years has been patched in curl 8.21.0, released June 24, 2026. The release simultaneously...
Microsoft Secure Boot Certificates Expire — Over a Billion PCs and Linux Systems at Risk
Microsoft's original Secure Boot certificates have begun expiring as of June 24, 2026, affecting over a billion UEFI-capable PCs worldwide. Systems that fail to migrate to the 2023...
State-Sponsored Hackers Exploit Cisco Catalyst SD-WAN Manager Zero-Day to Gain Root Access
A state-sponsored threat actor exploited zero-day CVE-2026-20245 in Cisco Catalyst SD-WAN Manager to gain root access via a malicious CSV upload. The multi-phase intrusion also leveraged two CVSS...
CISA Flags Actively Exploited Ubiquiti UniFi OS Vulnerabilities — Patch Deadline June 26
CISA has added three Ubiquiti UniFi OS vulnerabilities to its KEV catalog following confirmed active exploitation. Federal agencies must patch by June 26, 2026; the chained flaws enable...