A critical vulnerability in Splunk Enterprise allows unauthenticated remote code execution. Users should apply patches immediately to secure their systems against potential exploits. #Security #Splunk #Vulnerability #Cybersecurity #PatchNow #Infosec thedailytechfeed.com/critica…

🚨 HIGH: CVE-2025-10101 (CVSS 7.8) - Heap buffer overflow in Avast/AVG/Norton Antivirus when scanning malformed Mach-O files. Local code execution or DoS possible. Update to VPS 25090300 immediately. #CVE #Vulnerability #PatchNow #ThreatIntel

🚨 CRITICAL: CVE-2026-35273 in Oracle PeopleSoft PeopleTools allows unauthenticated takeover. CISA KEV listed, ransomware exploitation known. Patch immediately. #CVE #PatchNow #ThreatIntel

🚨 HIGH SEVERITY: CVE-2026-7368 (CVSS 8.1) Yarbo cloud platform lacks device/user authorization. Any valid credential grants fleet-wide access to all robots globally. Attackers can subscribe to telemetry & send commands using only serial numbers. #CVE #Vulnerability #PatchNow

🚨 CRITICAL: CVE-2026-6853 (CVSS 9.8) Pause Mobile App vulnerable to authentication bypass via brute force. Versions 1.0.6 to <1.5 affected. Update immediately. #CVE #Vulnerability #PatchNow #ThreatIntel

🚨 HIGH SEVERITY: CVE-2026-50633 (CVSS 8.1) JNDI Injection in Apache CXF JCA module enables code execution if attacker manipulates ra[.]xml or runtime parameters. Patch NOW: Upgrade to 4.2.2 or 4.1.7 #CVE #PatchNow #ThreatIntel

🚨 HIGH SEVERITY: CVE-2026-6211 (CVSS 8.7) Unrestricted file upload flaw in Global IT Informatics WEOLL v2.0.9-3[.]2[.]45[.]33. Allows attackers to bypass ACLs & upload dangerous files. Patch to v3.2.45.33 immediately. #CVE #Vulnerability #PatchNow

🚨 CRITICAL: CVE-2026-54133 (CVSS 9.8) jmespath[.]php <2.9.1 allows RCE via attacker-controlled expressions in CompilerRuntime. Patch to 2.9.1 immediately or use AstRuntime for untrusted input. #CVE #Vulnerability #PatchNow

🚨 CRITICAL: CVE-2026-53787 (CVSS 9.8) Amasty Order Attributes for Magento 2 <4.0.0 allows unauthenticated arbitrary file upload → RCE. Attackers can upload PHP files without authentication. Patch immediately! #CVE #PatchNow #ThreatIntel

🚨 CRITICAL: CVE-2026-47210 (CVSS 9.8) - vm2 Node.js sandbox escape allows arbitrary code execution on host when using WebAssembly JSPI with async. Affects versions <3.11.4. Patch immediately! #CVE #PatchNow #ThreatIntel

🚨 HIGH: CVE-2026-47209 in vm2 Node.js sandbox (CVSS 8.6). Proxy handler flaw allows cross-realm property writes to host objects, bypassing security isolation. Patch to v3.11.4 immediately. #CVE #PatchNow #NodeJS

🚨 CRITICAL: CVE-2026-47208 | CVSS 10.0 vm2 Node.js sandbox breakout allows arbitrary command execution on host systems. All versions <3.11.4 affected. Patch immediately to v3.11.4 #CVE #PatchNow

🔴 Critical CVE Update: 25 browser vulnerabilities this month • Critical: 24 • High: 24 • Patched: Check vendor advisories Update now #CVE #Vulnerability #PatchNow

14 days. Secure Boot certificate deadline is June 26. If you haven't patched yet — this is your last serious warning. 🚨 Today is June 12. June 26 is 14 days away. What you NEED to have done by June 26: Step 1: Install June 9 cumulative update (KB5089549) ✅ Step 2: Install servicing stack update KB5089573 ✅ Step 3: RESTART your PC (the restart is mandatory — not optional) ✅ Step 4: Verify: Settings → Windows Update → "You're up to date" ✅ Who is at risk if they miss June 26: ▪ Corporate PCs on deferred update policies (IT admins: push it NOW) ▪ Home PCs that get notifications dismissed repeatedly ▪ Gaming rigs that are "always on" and never properly restarted ▪ Any PC that shows a pending restart notification After June 26 with no patch: ▪ Secure Boot enters degraded state permanently ▪ No Windows Update fix available ▪ Only OEM firmware update can remediate — could take months from HP/Dell/Lenovo 14 days. 3-minute fix. Zero downside to updating early. Just do it. This weekend. 🔐 #Windows11 #SecureBoot #Microsoft #CyberSecurity #PatchNow #June26

Fortinet, Ivanti & SAP Ship Critical Patches; FortiSandbox Command Injection #cybersecurity #Fortinet #vulnerability #patchnow #OTsecurity #CISO thehackernews.com/

【Chrome V8ゼロデイCVE-2026-11645、実悪用あり】 GoogleがChromeのCVE-2026-11645を修正しました。Googleはこの脆弱性について、実悪用が存在すると認めています。 脆弱性はV8のメモリアクセス不備で、細工されたHTMLページを開くことでブラウザ内の任意コード実行につながる可能性があります。詳細は更新が進むまで制限されていますが、ブラウザゼロデイはフィッシングや水飲み場攻撃と組み合わされやすい領域です。 企業端末ではChrome更新状況、クラッシュ、ブラウザ起点の不審通信、未知サイト閲覧後のプロセス生成を確認してください。 #Chrome #Google #CVE202611645 #ZeroDay #V8 #BrowserSecurity #PatchNow bleepingcomputer.com/news/se…

Google's Chrome 149 update fixes 28 security flaws, including critical use-after-free bugs in Core, DigitalCredentials, and GPU components. #ChromeUpdate #CVE2026 #BrowserSecurity #PatchNow securityonline.info/chrome-1…

🚨 HIGH severity CVE-2026-45598 (CVSS 7.0): Use-after-free in Windows Ancillary Function Driver for WinSock enables local privilege escalation. Authorized attackers can exploit race condition to gain elevated privileges. Patch immediately. #CVE #Vulnerability #PatchNow

🚨 HIGH severity CVE-2026-45597 (CVSS 7.0) Race condition in UI Automation Manager (uiamanager[.]dll) enables local privilege escalation. Requires local access low privileges. Patch immediately. #CVE #Vulnerability #PatchNow

#ALERT CVE-2026-10143 (CVSS 7.5) - kafka-python <2.3.2 vulnerable to DoS via SCRAM auth. Malicious broker can freeze client event loop with excessive iteration count. Upgrade immediately. #CVE #Vulnerability #PatchNow #ThreatIntel #DFIR