Today's security news highlights critical vulnerabilities, ongoing exploitation, and evolving phishing tactics. Several CISA advisories detail severe flaws in industrial control systems and medical devices, while a Cisco SD-WAN zero-day was actively exploited for months before patching. Additionally, new macOS malware is designed to evade AI analysis, and a popular order-tracking app is being abused for callback phishing.

Cisco SD-WAN Zero-Day Exploited Months Before Patching — A critical Cisco Catalyst SD-WAN vulnerability (CVE-2026-20245) was exploited as a zero-day for at least two months to gain root access before its public disclosure and patching. Read more →
Order-tracking app Shop abused to push callback phishing attacks — Threat actors are leveraging Shopify's Shop app by adding fake purchase receipts to users' order histories, tricking them into callback phishing scams to steal sensitive data or install remote access software. Read more →
New macOS malware embeds fake errors to confuse AI analysis tools — A new macOS malware, "Gaslight," is designed to evade AI-assisted analysis by embedding prompt injection strings and fake debugging data within its executable. Read more →
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability — A popular Chrome ad blocker for YouTube with over 10 million installs was found to have a dormant capability to execute arbitrary JavaScript code, posing a significant supply chain risk. Read more →
CISA Advisory: EVoke Systems Charging Station Management System Vulnerabilities — Multiple vulnerabilities in EVoke Systems Charging Station Management System could allow attackers to gain unauthorized administrative control over charging stations or disrupt services via denial-of-service attacks. Read more →
CISA Advisory: pydicom pynetdicom Library Path Traversal — A critical path traversal vulnerability (CVSS 9.1) in pydicom pynetdicom Library versions >=v1.0.0|Read more →
Microsoft quietly extends free Windows 10 ESU support to October 2027 — Microsoft has extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, providing security updates until October 12, 2027. Read more →
Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning — The critical code injection flaw CVE-2025-67038 in Lantronix EDS5000 Series devices, disclosed as part of the BRIDGE:BREAK research, is now being actively exploited. Read more →