Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

CVE-2026-9614 (CVSS 8.8): Ivanti Neurons for ITSM Flaw Allows Authenticated Attackers to Gain Full Admin Access

8 June 2026  |  dark6  |  Vulnerability

Ivanti has disclosed a high-severity privilege escalation vulnerability in its Neurons for ITSM platform, tracked as CVE-2026-9614 with a CVSS score of 8.8. An authenticated attacker with low-level...

>> read more

HTTP/2 Bomb: Single-Attacker Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora

8 June 2026  |  dark6  |  Vulnerability

A newly disclosed exploit called the 'HTTP/2 Bomb' can exhaust tens of gigabytes of server memory in seconds using just a home internet connection. Five of the world's...

>> read more

Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses

5 June 2026  |  dark6  |  Vulnerability

SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging app notifications, bypassing all of Google patched defenses...

>> read more

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites

4 June 2026  |  dark6  |  Vulnerability

A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset emails and take over administrator accounts. Over 150,000...

>> read more

Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord

4 June 2026  |  dark6  |  Vulnerability

Researcher Philip Garabandic disclosed five zero-day vulnerabilities in OpenClaw allowing identity spoofing to hijack trusted AI agent access across Slack, Discord, Microsoft Teams, Matrix, and Zalo. The same...

>> read more

CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now

4 June 2026  |  dark6  |  Vulnerability

Google has confirmed active exploitation of CVE-2025-48595, a zero-click Android Framework privilege escalation flaw affecting Android 14-16. Devices without the June 2026 patch remain at risk of complete...

>> read more

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4

3 June 2026  |  dark6  |  Vulnerability

CISA has added CVE-2024-21182, a critical unauthenticated Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active in-the-wild exploitation. Federal agencies must patch by June...

>> read more

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories

3 June 2026  |  dark6  |  Vulnerability

A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all private repositories. Researcher Ammar Askar published a complete...

>> read more