Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in the Wild

17 June 2026  |  dark6  |  Vulnerability

Threat actors are actively exploiting three critical Fortinet FortiSandbox vulnerabilities — including CVE-2026-39813, which has no prior exploitation history. All flaws allow unauthenticated remote access via the JRPC...

>> read more

Microsoft Lets connectivity.office.com TLS Certificate Expire, Breaking Enterprise Microsoft 365 Diagnostics

16 June 2026  |  dark6  |  Vulnerability

Microsoft allowed the TLS certificate for connectivity.office.com — a critical enterprise Microsoft 365 diagnostic endpoint — to expire on June 14, 2026, triggering browser security warnings and breaking...

>> read more

CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access

16 June 2026  |  dark6  |  Vulnerability

Horizon3.ai disclosed CVE-2026-48558, a critical authentication bypass in SimpleHelp's OIDC integration that allows unauthenticated attackers to create privileged technician accounts and bypass MFA. Nearly 14,000 internet-exposed servers are...

>> read more

CVE-2026-20262: Cisco Catalyst SD-WAN vManage Zero-Day Actively Exploited in Enterprise Attacks

16 June 2026  |  dark6  |  Vulnerability

Cisco has confirmed active zero-day exploitation of CVE-2026-20262, an arbitrary-file-write vulnerability in Catalyst SD-WAN Manager (vManage) that allows attackers to deploy web shells and escalate to root. No...

>> read more

CVE-2026-54420: LiteSpeed cPanel Plugin Zero-Day Actively Exploited to Escalate Privileges to Root

16 June 2026  |  dark6  |  Vulnerability

A critical actively exploited zero-day in the LiteSpeed cPanel user-end plugin (CVE-2026-54420) enables attackers to escalate privileges to root, breaking tenant isolation in shared hosting environments. Patch to...

>> read more

CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate

12 June 2026  |  dark6  |  Vulnerability

CISA has issued Binding Operational Directive BOD 26-04, requiring federal civilian agencies to patch the most critical vulnerabilities — those that are internet-exposed, KEV-listed, automatable, and grant full...

>> read more

CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution

12 June 2026  |  dark6  |  Vulnerability

A critical path traversal vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow is being actively exploited to achieve remote code execution on exposed servers. No official patch is available, and...

>> read more

ServiceNow Confirms Unauthorized Access Vulnerability Exposing Enterprise Customer Data

11 June 2026  |  dark6  |  Vulnerability

ServiceNow has confirmed a security vulnerability allowing unauthorized actors to query customer instance tables without proper authentication, potentially exposing sensitive enterprise data. The platform, used by thousands of...

>> read more