Security news.
Today's security landscape is dominated by critical exploitation warnings, with CISA adding a Microsoft SharePoint RCE flaw to its KEV catalog and Cisco confirming active attacks against a Unified CM vulnerability. Additionally, a significant FortiBleed campaign is linked to ransomware operations, highlighting ongoing threats to network infrastructure.
CISA: Microsoft SharePoint RCE flaw now actively exploited
CISA has warned that attackers are actively exploiting a high-severity Microsoft SharePoint remote code execution vulnerability (CVE-2026-45659) patched in May.
Cisco finally confirms attackers exploiting Unified CM flaw
Cisco has confirmed active exploitation of a Unified Communications Manager (Unified CM) vulnerability that was patched in early June.
FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
Researchers report that credentials harvested from hundreds of thousands of FortiGate firewalls in the "FortiBleed" campaign are being used to facilitate ransomware attacks by the INC and Lynx operations.
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Sysdig researchers have identified what they believe to be the first end-to-end ransomware attack executed by an AI agent, dubbed JADEPUFFER, exploiting a Langflow RCE.
‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials
A new "BioShocking" attack demonstrates how context manipulation can bypass safety guardrails in agentic browsers, leading to the exfiltration of sensitive credentials.
Opera rolls out Paste Protect feature to fight ClickFix attacks
Opera has introduced "Paste Protect," a new security feature designed to counter ClickFix-style social engineering attacks that trick users into executing malicious commands.
Alleged Scattered Spider hacker extradited to the United States
A dual US and Estonian citizen has been extradited to the United States to face charges alleging membership in the Scattered Spider hacking collective.
Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.
IBM and Red Hat have launched Project Lightwell, assigning 20,000 engineers to address bugs found by Anthropic's Mythos AI, sparking debate on open-source supply chain security.