CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

Nightmare-Eclipse's vendetta against Microsoft and Windows continues apace — researcher publishes RoguePlanet and GreatXML ...

Oracle PeopleSoft zero-day CVE-2026-35273 was exploited before Oracle's June 10 advisory, exposing data and triggering ...

Attackers have begun backdooring internet-exposed Ivanti Sentry appliances, the nonprofit security watchdog Shadowserver confirmed on June 11, 2026 — less than 48 hours after patches and a public ...

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Cisco warns of public PoC targeting CVE-2026-20230, a high-severity SSRF vulnerability in Unified CM and Unified CM SME.

Cisco addresses security vulnerabilities in three products, including a critical one in Unified Communications Manager.

Low-code cloud services that allow users to create and run their own sandboxed code could be compromised by multistep exploit chains, leading to a complete platform takeover, if software-as-a-service ...

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the ...

May 2026 dropped three critical Linux vulnerabilities on a near-weekly cadence, and the security discourse has mostly treated them as three separate bad days. They’re not. Together they form a ...

Software Affected: SAP Business Planning and Consolidation (SAP BPC) SAP Business Warehouse (SAP BW) Vulnerable Versions: The following SAP components are affected: SAP Business Planning and ...