Security news.
Today's security brief highlights critical vulnerabilities, with a new WordPress core flaw allowing unauthenticated code execution and zero-days actively exploited in SonicWall SMA appliances. Additionally, CISA has added several Fortinet and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities Catalog, urging immediate patching.
New wp2shell WordPress Core Flaw Allows Unauthenticated Code Execution
A critical flaw in WordPress core, affecting versions 6.9 and 7.0, allows unauthenticated attackers to run code with a bare install. Working proof-of-concept code is now public.
Inc Ransomware Exploits SonicWall SMA Zero-Days
The Inc ransomware group is actively exploiting two zero-day vulnerabilities in SonicWall's mobile access appliances, which, when chained, grant root-level capabilities to threat actors.
CISA Urges Immediate Action on Actively Exploited Fortinet Flaws
CISA has added two actively exploited vulnerabilities (CVE-2026-25089, CVE-2026-39808) in Fortinet FortiSandbox to its KEV Catalog, mandating urgent patching by federal agencies.
CISA Adds Microsoft SharePoint Deserialization Flaw to KEV Catalog
A critical-severity Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-58644) has been added to CISA's KEV Catalog due to active exploitation, allowing remote authenticated attackers to execute arbitrary code.
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
A denial-of-service vulnerability, dubbed HollowByte, allows unauthenticated attackers to cause OpenSSL servers to set aside significant memory with just an 11-byte TLS request, potentially leading to server freezes.
New Windows LegacyHive Zero-Day Grants Admin Privileges
A security researcher has released a new Windows zero-day exploit, "LegacyHive," which allows attackers to escalate privileges on fully updated Windows systems.
Abbott Laboratories Probes Two Cyber Incidents Amid Extortion Claims
Abbott Laboratories is investigating two separate cybersecurity incidents involving unauthorized access to internal legacy Exact Sciences systems and a separate claim of data theft from its LabCentral portal.
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
The April 2026 DigiCert security incident, involving the theft of code-signing certificates, has been attributed to CylindricalCanine, a subgroup of the Chinese cybercrime group GoldenEyeDog (APT-Q-27).