Security news.
Today's security news highlights active exploitation of critical vulnerabilities in Palo Alto GlobalProtect VPN and WP Maps Pro, alongside a major botnet takedown by Dutch authorities. Supply chain compromises and new Linux kernel flaws also underscore ongoing threats to various systems.
WP Maps Pro Bug Exploited to Create Admin Accounts on WordPress Sites
Hackers are actively exploiting a vulnerability in the WP Maps Pro plugin to create unauthorized administrator accounts on WordPress websites.
Palo Alto GlobalProtect VPN Auth Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks is warning that attackers are actively exploiting CVE-2026-0257, an authentication bypass flaw in PAN-OS GlobalProtect VPN, to breach corporate networks. CISA has added this vulnerability to its KEV Catalog.
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Dutch authorities have announced the takedown of a massive botnet comprising at least 17 million infected devices, including computers, tablets, smartphones, and IoT devices, used for malicious attacks.
Exploit Code Published for Critical Flowise RCE Vulnerability
Exploit code has been published for a critical one-click vulnerability in Flowise that allows attackers to execute arbitrary code on self-hosted servers by tricking users into importing a malicious chatflow.
New CIFSwitch Linux Flaw Gives Root on Multiple Distributions
A newly discovered local privilege escalation vulnerability, 'CIFSwitch', in the Linux kernel could allow attackers to gain root privileges by forging CIFS authentication key descriptions.
Supply Chain Compromises Impact Nx Console and GitHub Repositories
CISA is prioritizing response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems, including a GitHub compromise via a malicious Nx Console Visual Studio Code extension.
ChatGPT Share Links Abused to Host Fake Outage Pages to Deliver Malware
Threat actors are exploiting ChatGPT's content-sharing feature to display fake OpenAI outage pages, tricking users into downloading malware disguised as a ChatGPT desktop application.
Gogs Zero-Day Exposes Servers to Remote Code Execution
A critical-severity argument injection flaw in Gogs, an open-source self-hosted Git service, allows authenticated attackers to achieve remote code execution via malicious branch names in pull requests.