Today's threat landscape is dominated by active exploitation of critical vulnerabilities across multiple platforms, major supply chain attacks, and state-sponsored campaigns. CISA has flagged two actively exploited flaws requiring immediate federal agency remediation, while Fortinet, Cisco, and cPanel products face ongoing attacks in the wild.

CISA Adds Two Actively Exploited Vulnerabilities to KEV Catalog — CVE-2026-54420 (LiteSpeed cPanel Plugin, CVSS 8.5) and CVE-2026-20262 (Cisco Catalyst SD-WAN Manager, CVSS 6.5) are both under active exploitation; federal agencies have until June 18 to patch. Read more →
Fortinet FortiSandbox Critical Flaws Exploited in Active Attacks — Attackers are exploiting CVE-2026-39813 (CVSS 9.1 path traversal), CVE-2026-39808, and CVE-2026-25089 in FortiSandbox threat detection platform as of the past 24 hours. Read more →
FulcrumSec Claims 1.3TB Data Theft from Novo Nordisk — Hack-and-leak group FulcrumSec claims to have stolen 1.3TB of data from the pharmaceutical giant in a significant breach. Read more →
Atomic Arch Supply Chain Attack Compromises 1,500 AUR Packages — Arch Linux suspended account registrations after a wave of malicious packages were uploaded to the AUR repository, affecting thousands of Linux users. Read more →
SprySOCKS Backdoor Expands to Windows, Targets Government Organizations — China-linked SprySOCKS now has Windows variants (WIN_DRV and WIN_PLUS) with driver-based stealth, used to attack government organizations in at least four countries. Read more →
ScarCruft Uses Fake Microsoft Alerts to Deliver NarwhalRAT Malware — North Korean APT37 (ScarCruft) is conducting spear-phishing campaigns impersonating Microsoft Account security notifications to deliver NarwhalRAT malware. Read more →
iRhythm Healthcare Breach Exposes Patient Personal and Health Data — Digital healthcare company iRhythm Holdings disclosed a data breach where hackers stole patients' personal and health information from third-party-hosted business applications. Read more →
DragonForce Ransomware Hides C2 Traffic in Microsoft Teams Relays — DragonForce ransomware gang deployed custom malware 'Backdoor.Turn' to conceal command-and-control communications within Microsoft Teams relay infrastructure. Read more →