Security news.
Today's security landscape highlights the rapid exploitation of known vulnerabilities, with CISA flagging an Oracle WebLogic flaw and Google patching an Android zero-day already under attack. The increasing role of AI in both offense and defense is a recurring theme, alongside significant supply chain compromises and critical vulnerabilities in widely used software.
CISA Flags Actively Exploited Oracle WebLogic Flaw
CISA has ordered federal agencies to patch a two-year-old, high-severity Oracle WebLogic Server vulnerability (CVE-2024-21182) that is now actively exploited in attacks.
Google Patches Actively Exploited Android Zero-Day
Google released June 2026 Android security patches, addressing 124 vulnerabilities, including one zero-day flaw actively exploited in targeted attacks.
Critical RCE Flaw in HP VoIP Phones
A stack-based buffer overflow vulnerability in HP VoIP phones can be exploited for remote code execution, potentially enabling enterprise network breaches.
Meta AI Exploited to Hijack Instagram Accounts
Hackers exploited a "confused deputy" weakness in Meta AI, tricking the chatbot into linking high-profile Instagram accounts to new email addresses and seizing control.
Supply Chain Attack Compromises Red Hat NPM Packages
A supply chain attack published 96 malicious versions of 32 Red Hat npm packages, injecting a credential-stealing worm similar to Mini Shai-Hulud.
AI-Driven Exploitation Shrinks Vulnerability Timelines
AI is accelerating vulnerability exploitation, with the window between disclosure and widespread attacks now measured in hours, posing significant challenges for vulnerability management.
Dashlane Brute-Force Attack Downloads Encrypted Vaults
Password manager Dashlane disclosed a brute-force attack that led to the download of encrypted vaults for fewer than 20 users, though accounts were automatically locked.
Thousands of Sites Hijacked for ClickFix and FakeUpdate Attacks
A threat actor named DriveSurge is conducting large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on thousands of compromised websites.