Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

Eight-Year-Old Samsung KNOX Flaw Exposed Hundreds of Millions of Galaxy Devices to Kernel Attacks

24 June 2026  |  dark6  |  Vulnerability

A critical use-after-free vulnerability in Samsung's KNOX PROCA subsystem — undetected for 8 years — could allow kernel-level compromise on Galaxy S9 through S25 devices. Patch is available...

>> read more

DifyTap: Critical Flaws in AI Platform Dify Allow Silent Wiretapping of AI Conversations Across 1M+ Apps

24 June 2026  |  dark6  |  Vulnerability

Researchers at Zafran disclosed four vulnerabilities in Dify — including two critical CVSS 9+ flaws — that let attackers silently intercept AI conversations across tenants, access private files,...

>> read more

Squidbleed: 29-Year-Old Squid Proxy Vulnerability Leaks Passwords and API Keys from Other Users

23 June 2026  |  dark6  |  Vulnerability

A critical heap overread vulnerability in Squid Proxy, dubbed Squidbleed, has gone undetected since 1997. Discovered with the help of AI, the flaw allows an attacker controlling an...

>> read more

SiderAI and MaxAI Chrome Extensions Expose 10 Million Users to Full Browser Compromise

22 June 2026  |  dark6  |  Vulnerability

Critical vulnerabilities dubbed Spyder and MaXSS have been discovered in the SiderAI and MaxAI Chrome extensions, which together are installed on over 10 million devices. The flaws allow...

>> read more

CVSS 9.1: Critical Cisco ISE Vulnerabilities Enable Remote Code Execution and Unauthenticated Data Theft

19 June 2026  |  dark6  |  Vulnerability

Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) — CVE-2026-20181 (RCE, CVSS 9.1) and CVE-2026-20190 (unauthenticated information disclosure) — affecting all ISE and ISE-PIC...

>> read more

CVE-2026-50656: Microsoft Confirms Defender ‘RoguePlanet’ Zero-Day — No Patch Available Yet

19 June 2026  |  dark6  |  Vulnerability

Microsoft has confirmed CVE-2026-50656, a zero-day TOCTOU race condition in Microsoft Defender dubbed 'RoguePlanet,' that allows low-privilege attackers to escalate to SYSTEM on fully patched Windows 10 and...

>> read more

usbliter8: New iPhone BootROM Vulnerability Exposes A12/A13 Apple SoCs to Full Chain-of-Trust Compromise

19 June 2026  |  dark6  |  Vulnerability

Security researchers have disclosed 'usbliter8,' a critical hardware-level BootROM vulnerability affecting Apple devices with A12, S4/S5, and A13 SoCs. The flaw allows attackers to bypass Apple's entire Secure...

>> read more

FortiBleed: Over 73,000 Fortinet Firewalls Compromised Across 194 Countries in Massive Credential Attack

18 June 2026  |  dark6  |  Vulnerability

A devastating cyber espionage campaign dubbed 'FortiBleed' has silently compromised over 73,932 unique Fortinet firewall URLs spanning 194 countries. Discovered by security researcher Volodymyr Diachenko and analyzed by...

>> read more