News
Exploited Flaw in Cisco Catalyst SD-WAN Manager: CVE-2026-20262, Update to a Fixed Release Now
SecurityGlobal CompaniesInfrastructure
Cisco Catalyst SD-WAN Manager, the system that centrally manages a company's WAN, has a vulnerability already confirmed to be exploited (CVE-2026-20262). With just a low-privileged login, an attacker can overwrite server files and seize root. Fixed releases are out; affected organizations should update now.
2026.06.168 views
News
Takeover Flaw in the PAM Tool Fortra BoKS: CVE-2026-9862, Update to s-9.0.0.5 / s-8.1.0.23 Now
Global CompaniesSecurityInfrastructure
Fortra Core Privileged Access Manager (BoKS), used to centrally manage admin access across server fleets, has a 9.8 flaw (CVE-2026-9862). With no login, an attacker on the internal network can take over the central server and seize company-wide privilege. Fixed releases s-9.0.0.5 and s-8.1.0.23 are out; affected orgs should update now.
2026.06.1610 views
News
Max-Severity Takeover Flaw in a WooCommerce Invoice Plugin: CVE-2026-52704, Update to 2.0.9 Now
SecurityDevelopment
WooCommerce PDF Invoice Builder, a popular plugin for generating invoice PDFs on WordPress stores, has a max-severity flaw (CVE-2026-52704, scored 10.0). With no login required, anyone can take over the shop's server over the internet. The fixed version 2.0.9 is out; update affected stores now.
2026.06.162 views
News
Takeover Flaw in Foxit's AI PDF Tool: CVE-2026-12057, a Crafted PDF Can Lead to Remote Code Execution
AIGlobal CompaniesSecurity
Foxit AI, the browser-based AI PDF service, has a takeover flaw (CVE-2026-12057, severity 8.6). Feeding it a crafted PDF lets instructions hidden inside the file call out to an external program and run attacker code. Foxit applied a fix on June 15, 2026, and there are no reports of abuse so far.
2026.06.154 views
Roundup
Hacker and Ransomware Groups Explained: Qilin, Anonymous, and Attacks on Japan
PrivacySecurityLawsuits & Regulation
A guide to the hacker and ransomware groups you see in the news—Qilin, Anonymous, North Korea's Lazarus and more—sorted into four types: ransomware, state-backed, social extortion and hacktivist. Where they came from, who's in them, which famous companies they hit, and what it means for ordinary life, including groups that struck Japan's Asahi, KADOKAWA and local governments.
2026.06.1510 views
Roundup
Why Asahi Cut Its Profit: The Full Chain of a Ransomware Attack, From Breach to a 47.5 Billion Yen Hit
SecurityJapanese CompaniesPrivacy
In June 2026 Asahi Group cut its net-profit outlook from 167.5 billion to 120 billion yen, blaming the September 2025 ransomware attack. We trace the nine-month chain—breach via a VPN device, halted orders and shipping, 115,513 leaked records, the refusal to pay Qilin, and the 47.5-billion-yen hit—and explain what hole was breached and how the company responded.
2026.06.1518 views
Roundup
What Is the Hotel Core System "NEHOPS"? The Jtas Cleaning Integration, Explained
AIJapanese Companies
NEC's hotel core system NEHOPS—covering booking, front desk and accounting—deepened its integration with Edeyans' room-cleaning system Jtas in June 2026. Order items and requests now pass in real time instead of once a day, and free memos are parsed by AI into cleaning instructions. We explain what NEHOPS is, what it automates, and what it means for hotels and guests.
2026.06.153 views
Roundup Updated today
Why ANA's Domestic Renewal Turned to Chaos: The Changes and Causes Explained
Japanese CompaniesInfrastructure
ANA replaced the domestic booking system it used for ~50 years with Amadeus Altéa, the same platform as its international flights. Since the May 19, 2026 renewal, users report online check-in glitches, seat-assignment errors and inquiry replies taking two weeks to two months. We explain what changed (three-tier fares and more), why customer touchpoints broke down, and how it differs from past migration failures.
2026.06.158 views
News Updated 3 days ago
Is Your Mitsubishi Wi-Fi Air Conditioner Safe? Hard-coded Password Flaw (CVE-2026-5667)
Japanese CompaniesSecurity
Mitsubishi Electric disclosed that many Wi-Fi-enabled home appliances—air conditioners, refrigerators, water heaters, IH cooktops, rice cookers and more—shipped with a hard-coded password (CVE-2026-5667). Appliances left with Wi-Fi on but never connected to a home router can let a nearby third party read operating data or change settings. Here are the affected models and what to do now.
2026.06.1524 views
News
LiteSpeed cPanel Plugin: 2nd Takeover Flaw CVE-2026-54420, Fix v2.4.8
SecurityGlobal CompaniesInfrastructure
A second takeover flaw, CVE-2026-54420, hits the LiteSpeed cPanel plugin a month after the first. One cheap plan can seize neighbors' sites. Fix: v2.4.8.
2026.06.143 views
News
Claude Fable 5 and Mythos 5 Pulled Worldwide 3 Days After Launch
Global CompaniesAILawsuits & Regulation
Three days after launch, Anthropic disabled Claude Fable 5 and Mythos 5 worldwide to comply with a US Commerce Department export-control directive targeting foreign nationals. Users and companies in Japan are caught in the cutoff too.
2026.06.1311 views
News
XSS Flaw in the Popular HTML Sanitizer sanitize-html: Update to 2.17.4 — CVE-2026-44990
SecurityDevelopment
A vulnerability (CVE-2026-44990, CVSS 9.3) was found in sanitize-html, the go-to HTML sanitizer for preventing XSS, using the deprecated <xmp> tag to slip past sanitization. It is downloaded 7M+ times a week; the fix is updating to 2.17.4. Here is how it works and what to check.
2026.06.134 views
