Today's cybersecurity landscape is marked by critical vulnerabilities, active exploitation, and persistent nation-state threats. Cisco addressed a zero-day in SD-WAN vManage, while CISA added two new actively exploited flaws to its KEV catalog, including one affecting LiteSpeed cPanel Plugin. Supply-chain attacks also hit popular WordPress plugins and North Korean hackers are leveraging developer tools for malware delivery.

Cisco Fixes SD-WAN vManage Zero-Day Exploited in Attacks — Cisco released updates for a critical vulnerability, CVE-2026-20262, in Catalyst SD-WAN Manager that was actively exploited to gain root privileges. Read more →
CISA Adds Two Actively Exploited Vulnerabilities to KEV Catalog — CISA has added CVE-2026-20262 (Cisco Catalyst SD-WAN Manager) and CVE-2026-54420 (LiteSpeed cPanel Plugin) to its Known Exploited Vulnerabilities Catalog, urging immediate patching. Read more →
OptinMonster WordPress Plugin Hacked in CDN Supply-Chain Attack — Popular WordPress plugins OptinMonster, TrustPulse, and PushEngage were compromised via a supply-chain attack on Awesome Motive's CDN, leading to script tampering and potential backdoor creation. Read more →
North Korean Hackers Using Developer Tools for Malware Delivery — Proofpoint researchers observed North Korean threat actors, linked to Contagious Interview, conducting phishing campaigns themed around developer recruitment and code reviews to deliver malware. Read more →
LiteLLM Vulnerability Chain Allows AI Gateway Server Takeover — A chain of three vulnerabilities in LiteLLM, a widely used open-source AI gateway, allows low-privilege users to escalate to full admin and execute code, potentially exposing over 100 model provider keys. Read more →
One-Click Microsoft 365 Copilot Flaw Could Have Stolen Emails, Files, and MFA Codes — Researchers discovered a "SearchLeak" vulnerability chain in Microsoft 365 Copilot Enterprise Search that could allow attackers to exfiltrate sensitive data with a single click on a trusted Microsoft link. Read more →
China-Nexus Actor Spied on US Researchers Undetected for a Year — Google disrupted a year-long campaign by a China-linked actor, UNC6508, that stole RedCAP credentials to target numerous institutions, including medical, military, and AI research, and exfiltrate sensitive data. Read more →
Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer — Mackay Sugar, Australia's second-largest sugar producer, was hit by a ransomware attack attributed to "The Gentlemen" threat group, leading to the shutdown of its mills. Read more →