News Updated 4 days ago
SQL Injection in Dell Wyse Management Suite: CVE-2026-44272 (CVSS 8.8) — Update to 2605
Global CompaniesSecurity
Dell Wyse Management Suite, used to centrally manage fleets of thin clients, has a critical flaw (CVSS 8.8, CVE-2026-44272). A low-privileged logged-in attacker can use SQL injection to reach information and operations beyond their rights, risking the management base. All versions before 2605 are affected; update to 2605 now.
2026.06.232 views
News Updated 4 days ago
Critical RCE in Autodesk Fusion CAD: CVE-2026-10789 (CVSS 9.6) — Update to 2703.1.20
Global CompaniesSecurity
Autodesk Fusion's desktop CAD has a critical flaw (CVSS 9.6, CVE-2026-10789). With the MCP extension enabled, simply opening a malicious web page can run attacker code on your PC, risking design-data theft and full takeover. Versions before 2703.1.20 are affected; update now.
2026.06.231 views
News Updated 7 days ago
JetBrains Hub Hit by Perfect 10.0 Flaw (CVE-2026-50242): Admin Takeover With No Password, Update Now
SecurityDevelopmentGlobal Companies
On June 19, 2026, JetBrains disclosed three critical flaws in its login-management service JetBrains Hub. The most severe, CVE-2026-50242, scores a perfect 10.0: an attacker can bypass identity checks from outside and impersonate an administrator. Fixes are already available.
2026.06.204 views
Roundup Updated 7 days ago
ChatGPT Ads in Japan: When They Started, the Cost, the Results, and Whether They Change Answers
Japanese CompaniesGlobal CompaniesAI
In June 2026, ChatGPT ads started in Japan, targeting the free and low-cost "Go" plans (paid Plus and Pro show none), with Dentsu and CyberAgent supporting placement. This guide covers when it began in Japan, what advertisers pay, how the ads have performed, and the user question of whether ads change the answers, from both the advertiser's and user's side.
2026.06.1919 views
News
Zyxel GS1900 Switch Takeover Flaw CVE-2026-7273: Patch 10 Models Now
InfrastructureGlobal CompaniesSecurity
Zyxel's GS1900 office network switches — 10 models — have a flaw, CVE-2026-7273, that lets anyone on the same local network take the device over without a password, enabling traffic spying or cut-offs. Here are the affected models, the fixed firmware, and the update steps to run now.
2026.06.165 views
News
Exploited Flaw in Cisco Catalyst SD-WAN Manager: CVE-2026-20262, Update to a Fixed Release Now
SecurityGlobal CompaniesInfrastructure
Cisco Catalyst SD-WAN Manager, the system that centrally manages a company's WAN, has a vulnerability already confirmed to be exploited (CVE-2026-20262). With just a low-privileged login, an attacker can overwrite server files and seize root. Fixed releases are out; affected organizations should update now.
2026.06.168 views
News
Takeover Flaw in the PAM Tool Fortra BoKS: CVE-2026-9862, Update to s-9.0.0.5 / s-8.1.0.23 Now
Global CompaniesSecurityInfrastructure
Fortra Core Privileged Access Manager (BoKS), used to centrally manage admin access across server fleets, has a 9.8 flaw (CVE-2026-9862). With no login, an attacker on the internal network can take over the central server and seize company-wide privilege. Fixed releases s-9.0.0.5 and s-8.1.0.23 are out; affected orgs should update now.
2026.06.1610 views
News
Takeover Flaw in Foxit's AI PDF Tool: CVE-2026-12057, a Crafted PDF Can Lead to Remote Code Execution
AIGlobal CompaniesSecurity
Foxit AI, the browser-based AI PDF service, has a takeover flaw (CVE-2026-12057, severity 8.6). Feeding it a crafted PDF lets instructions hidden inside the file call out to an external program and run attacker code. Foxit applied a fix on June 15, 2026, and there are no reports of abuse so far.
2026.06.154 views
News
LiteSpeed cPanel Plugin: 2nd Takeover Flaw CVE-2026-54420, Fix v2.4.8
SecurityGlobal CompaniesInfrastructure
A second takeover flaw, CVE-2026-54420, hits the LiteSpeed cPanel plugin a month after the first. One cheap plan can seize neighbors' sites. Fix: v2.4.8.
2026.06.143 views
News
Claude Fable 5 and Mythos 5 Pulled Worldwide 3 Days After Launch
Global CompaniesAILawsuits & Regulation
Three days after launch, Anthropic disabled Claude Fable 5 and Mythos 5 worldwide to comply with a US Commerce Department export-control directive targeting foreign nationals. Users and companies in Japan are caught in the cutoff too.
2026.06.1311 views
News
Oracle PeopleSoft CVE-2026-35273 Now Actively Exploited (CISA KEV): Patch the 9.8 Flaw Now
InfrastructureSecurityGlobal Companies
Oracle has issued an emergency patch for CVE-2026-35273 (CVSS 9.8) in PeopleSoft, the HR and payroll system used by large enterprises, universities and governments. Without a login, an attacker can take over the server over the network and steal the personal data, salaries and bank accounts of all employees and students at once. It is a rare out-of-cycle response; affected PeopleTools 8.61 and 8.62 should be patched now.
2026.06.1134 views
News
Two Flaws in Splunk: Files Destroyed Without a Login, CVE-2026-20253 and CVE-2026-20251, Update Now
SecurityGlobal CompaniesInfrastructure
Two serious flaws in Splunk, the enterprise monitoring and log platform (CVE-2026-20253 and CVE-2026-20251, up to CVSS 9.8): files on the server can be created or destroyed with no login, and the server can be hijacked via arbitrary code execution from a low-privilege account. The company's watchtower becomes the target. Update Splunk Enterprise to 10.2.4 or 10.0.7 now.
2026.06.113 views
