Critical infrastructure vulnerabilities are under active exploitation today, with CISA adding four known exploited flaws to its catalog including Lantronix EDS5000 and Ubiquiti UniFi OS. Major law enforcement operations disrupted Amadey and StealC malware infrastructure, while new threats emerge in AI supply chains and CI/CD pipelines that could compromise millions of repositories.

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited — CVE-2025-67038 (CVSS 9.8), a code injection vulnerability in Lantronix EDS5000 Series devices, is actively exploited; CISA mandates federal agencies patch by June 26, 2026. Read more →
CISA Warns of Max Severity Ubiquiti Flaws Exploited in Attacks — Multiple critical Ubiquiti UniFi OS vulnerabilities (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) are being actively exploited; flaws allow remote unauthenticated attackers to make system changes and inject commands. Read more →
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered — Law enforcement and private sector partners including Microsoft, Bitdefender, and ESET disrupted criminal infrastructure powering Amadey and StealC malware, dismantling "assembly lines" used for ransomware and critical infrastructure attacks. Read more →
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks — A critical exploitable CI/CD workflow weakness dubbed Cordyceps allows attackers to hijack workflows and compromise open-source repositories at major organizations including Microsoft, Google, and Apache. Read more →
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root — CVE-2026-20230 (CVSS 8.6), an improper input validation flaw in Cisco Unified Communications Manager, is now being exploited in the wild following public PoC disclosure. Read more →
More Malicious OpenClaw Skills Threaten AI Supply Chain — OpenClaw removed five malicious packages from its ClawHub skills marketplace that bypassed security checks and contained infostealers and other threats. Read more →
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation — A Russian-speaking IAB conducted large-scale credential harvesting against 430,000+ FortiGate firewalls globally, collecting 110 million credentials through brute-force attacks and credential searches since February 2026. Read more →
When Information Becomes the Attack Surface – Understanding AI Agent Traps — Attackers are exploiting trusted data sources through hidden content injections and cognitive state poisoning to compromise autonomous AI agents. Read more →