CVE-2026-48558: SimpleHelp OIDC Auth Bypass Used to Deploy Infostealer Payloads
Jun 30, 2026
Categories
Top Articles
Klue Breach: What You Need to Know
Jun 24, 2026
WhatsApp VBScript Campaign Installs ManageEngine Endpoint Central for Persistent Remote Access
Jun 23, 2026
CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE
Jun 19, 2026
CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities
Jun 19, 2026
Jun 30, 2026
CVE-2026-48558: SimpleHelp OIDC Auth Bypass Used to Deploy Infostealer...
CVE-2026-48558: SimpleHelp OIDC Auth Bypass Used to Deploy Infostealer Payloads CVE-2026-48558 is a critical authentication bypass affecting SimpleHelp, a remote support and RMM (remote monitoring and...
Learn More
Jun 24, 2026
Klue Breach: What You Need to Know
Klue Breach: What You Need to Know The Klue breach shows how stolen OAuth tokens from a trusted SaaS integration can expose Salesforce CRM data. Learn what happened, which companies confirmed impact, ...
Learn More
Jun 23, 2026
WhatsApp VBScript Campaign Installs ManageEngine Endpoint Central for ...
WhatsApp VBScript Campaign Installs ManageEngine Endpoint Central for Persistent Remote Access A newly reported malware campaign uses WhatsApp direct messages to deliver VBScript (VBS/VBE) attachments...
Learn More
Jun 19, 2026
CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE
CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE Splunk Enterprise admins should prioritize patching CVE-2026-20253, a critical vulnerability that allows a network-reachable, una...
Learn More
Jun 19, 2026
CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities
CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities F5 has released out-of-band security updates for two NGINX vulnerabilities that can affect exposed web infrastructure: CVE-2026-42...
Learn More
Jun 17, 2026
SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the M...
SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the Most Extensive Dataset on the Fortinet Credential Leak The team that first analyzed the FortiBleed leak now opens its research to t...
Learn More
Jun 17, 2026
FortiSandbox Vulnerabilities Expose Systems to Auth Bypass and Command...
FortiSandbox Vulnerabilities Expose Systems to Auth Bypass and Command Execution Fortinet FortiSandbox administrators should review their environments after several critical vulnerabilities raised con...
Learn More
Jun 16, 2026
May 2026: TeamPCP's Supply Chain Blitz Hits Checkmarx, GitHub, and npm
May 2026: TeamPCP’s Supply Chain Blitz Hits Checkmarx, GitHub, and npm May 2026 was defined by two threat actors operating at full intensity in parallel. ShinyHunters executed a major education-sector...
Learn More
Jun 16, 2026
FortiBleed: SOCRadar's Investigation into 86,644 Compromised Fortinet ...
FortiBleed: SOCRadar’s Investigation into 86,644 Compromised Fortinet Firewalls [Updated: June 29th 9 AM EST] SOCRadar has attributed FortiBleed to the Lynx / INC ransomware group. Full technical repo...
Learn More
Jun 16, 2026
CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day Leads to Root
CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day Leads to Root CVE-2026-20262 is a zero-day vulnerability in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) that lets an authenticated at...
Learn More
Jun 12, 2026
CVE-2026-35273 in Oracle PeopleSoft PeopleTools EMHub Under Active Exp...
CVE-2026-35273 in Oracle PeopleSoft PeopleTools EMHub Under Active Exploitation Oracle has disclosed CVE-2026-35273, a critical Remote Code Execution (RCE) zero-day vulnerability in Oracle PeopleSoft ...
Learn More
Jun 10, 2026
Ivanti Sentry’s CVE-2026-10520 Enables Root RCE
Ivanti Sentry’s CVE-2026-10520 Enables Root RCE CVE-2026-10520 is a critical OS command injection vulnerability in Ivanti Sentry that can allow a remote, unauthenticated attacker to execute commands a...
Learn More
Jun 10, 2026
June 2026 Patch Tuesday: 206 Vulnerabilities, Three Zero-Days Includin...
June 2026 Patch Tuesday: 206 Vulnerabilities, Three Zero-Days Including HTTP/2 Bomb Flaw (CVE-2026-49160) Microsoft released its June 2026 Patch Tuesday security updates, resolving a total of 206 vuln...
Learn More
Jun 10, 2026
SAP Security Patch Day June 2026: Critical CVE-2026-44748 SAML Flaw Co...
SAP Security Patch Day June 2026: Critical CVE-2026-44748 SAML Flaw Could Allow Full Authentication Bypass On June 9, 2026, SAP released its monthly security updates, which included 15 new Security No...
Learn More
Jun 10, 2026
What Do You Need to Know About Claude Fable 5?
What Do You Need to Know About Claude Fable 5? On June 9, 2026, Anthropic released Claude Fable 5, calling it the most capable model it has ever made available to the general public. For security team...
Learn More
Jun 09, 2026
CVE-2026-11645: Exploited Chrome V8 Bug Enables In-Browser Code Execut...
CVE-2026-11645: Exploited Chrome V8 Bug Enables In-Browser Code Execution CVE-2026-11645 is a high-severity Google Chrome zero-day in the V8 JavaScript/WebAssembly engine caused by an out-of-bounds (O...
Learn More
Jun 09, 2026
CISA KEV Highlights LiteLLM RCE (CVE-2026-42271) & Check Point VPN Aut...
CISA KEV Highlights LiteLLM RCE (CVE-2026-42271) & Check Point VPN Auth Bypass (CVE-2026-50751) CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on June 8, 2026:...
Learn More
Jun 09, 2026
Shai-Hulud Hades PyPI Campaign: 19 Packages Trojanized via Wheel Start...
Shai-Hulud Hades PyPI Campaign: 19 Packages Trojanized via Wheel Startup Hooks A PyPI supply-chain campaign in the Shai-Hulud / Mini Shai-Hulud / Miasma lineage compromised 19 Python packages by shipp...
Learn More
Jun 08, 2026
Handala Claims It Disrupted Israeli Radar Systems: Here's What We Actu...
Handala Claims It Disrupted Israeli Radar Systems: Here’s What We Actually Know On the same day that Iran and Israel traded missile strikes in their most serious exchange since the April ceasefire, an...
Learn More
Jun 05, 2026
CVE-2026-20230: Cisco Unified CM WebDialer SSRF Can Lead to Root-Level...
CVE-2026-20230: Cisco Unified CM WebDialer SSRF Can Lead to Root-Level Compromise Cisco has released fixes for CVE-2026-20230, an unauthenticated remote vulnerability affecting Cisco Unified Communica...
Learn More
