Security news.
Today's security brief highlights several critical vulnerabilities under active exploitation, including flaws in Windows Netlogon and Palo Alto Networks PAN-OS. Additionally, a 19-year-old Linux kernel vulnerability has resurfaced, exposing systems to root access. Supply chain attacks and the ongoing evolution of cybercrime tactics remain significant concerns for developers and IT teams.
Critical Windows Netlogon RCE flaw now exploited in attacks
Threat actors are actively exploiting a recently patched critical Windows Netlogon vulnerability, as warned by the Centre for Cybersecurity Belgium (CCB).
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
Proof-of-concept exploit code has been released for the CIFSwitch flaw, allowing low-privileged users to escalate to root on vulnerable Linux systems.
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have uncovered a malicious supply chain campaign targeting developers using OpenAI Codex via a legitimate-looking remote web UI, stealing authentication tokens.
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Threat actors are actively exploiting a critical security flaw in the WP Maps Pro WordPress plugin (over 15,000 sales) to create malicious administrator accounts on vulnerable sites.
Recent Palo Alto Networks Vulnerability Exploited for Weeks
Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after its public disclosure.
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto Networks warns that CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass flaw, is being actively exploited to breach corporate networks.
Exploit Code Published for Critical Flowise RCE Vulnerability
A one-click vulnerability in Flowise allows attackers to execute arbitrary code on self-hosted servers by tricking users into importing a malicious chatflow, with exploit code now publicly available.
Gogs Zero-Day Exposes Servers to Remote Code Execution
A critical-severity argument injection flaw (CVSS 9.4) in Gogs allows authenticated attackers to achieve remote code execution via pull requests with malicious branch names.