Today's security landscape is dominated by actively exploited vulnerabilities, record-breaking patch volumes, and escalating threats to critical infrastructure. Microsoft's June Patch Tuesday set a new record with 206 fixes including three zero-days, while multiple zero-days and high-severity flaws are under active exploitation across Langflow, Ivanti Sentry, and Exchange Server. Federal agencies face new three-day patching mandates as AI accelerates vulnerability discovery.

CISA Mandates 3-Day Patching for Critical Exploited Flaws — The U.S. Cybersecurity and Infrastructure Security Agency issued Binding Operational Directive 26-04, requiring Federal Civilian Executive Branch agencies to patch critical exploited vulnerabilities within three days, reflecting the accelerated threat landscape driven by AI-assisted vulnerability discovery. Read more →
Langflow Path Traversal Flaw CVE-2026-5027 Under Active Exploitation — Attackers are actively exploiting a high-severity path traversal vulnerability in the AI development platform Langflow to write arbitrary files on exposed servers, with the flaw disclosed in March but remaining unpatched. Read more →
Ivanti Sentry Maximum-Severity Flaw Exploited for Root Code Execution — Attackers are exploiting a recently patched maximum-severity vulnerability in Ivanti Sentry to execute code with root privileges on Internet-exposed secure mobile gateways. Read more →
Microsoft Patches Exploited Exchange Server Zero-Day CVE-2026-42897 — Microsoft released fixes for a zero-day vulnerability in Exchange Server that has been actively exploited since May 14, with the company warning of ongoing attacks. Read more →
'GreatXML' Zero-Day Exploit Bypasses BitLocker Encryption — A proof-of-concept exploit leverages Microsoft Defender's offline scan functionality to spawn a SYSTEM shell when rebooting into Recovery Mode, effectively bypassing BitLocker protection. Read more →
Coupang Fined Record $409 Million for Data Breach Affecting 37 Million Customers — South Korea's Personal Information Protection Commission imposed a record 624.6 billion won fine on e-commerce giant Coupang following a massive data breach affecting over 37 million customers. Read more →
University of Nottingham Breach Exposes 450,000+ Student Records — The ShinyHunters hacker group claimed responsibility for breaching the University of Nottingham's student records system, leaking over 450,000 email addresses and personal information from current students and alumni. Read more →
GitHub to Disable npm Install Scripts by Default to Combat Supply Chain Attacks — GitHub announced that npm version 12 will disable install scripts by default, blocking a common attack vector that abuses npm lifecycle hooks to execute malicious code during package installation. Read more →