Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A photoreal close-up of glowing green terminal text scrolling across a dark monitor screen in a dimly lit server room, c
Vulnerabilities
5 min read
8 Jun 2026

CVE-2026-23111: Public Exploit Turns Unpatched Linux Kernels Into Root Shells

A weaponized proof-of-concept for a use-after-free in nf_tables dropped on June 8, 2026 — four months after the upstream fix — and it works reliably against hardened kernels with KASLR and SMAP enabled.

A photoreal close-up of a computer circuit board bathed in cool blue light, with streams of green binary code cascading
Vulnerabilities
5 min read
8 Jun 2026

AI Agent Finds 21 Zero-Days in FFmpeg the Same Week Chrome Ships a Record 429 Security Fixes

An autonomous AI fuzzer exposed 21 previously unknown vulnerabilities in the media library embedded in nearly every video-capable product on earth. Days later, Google released Chrome 149 with 429 patches — the largest single browser security update on record. Neither story is routine.

A photoreal editorial scene showing a server rack in a dimly lit enterprise data center, one server unit with a blinking
Vulnerabilities
4 min read
7 Jun 2026

CISA Adds SolarWinds Serv-U DoS Flaw to Known Exploited Vulnerabilities List

CVE-2026-28318 crashes the Serv-U file transfer service in the wild. Federal agencies have roughly three weeks to patch. Everyone else should treat that deadline as their own.

A photoreal close-up of a developer's hands on a mechanical keyboard in a dimly lit office, a large monitor showing a br
Vulnerabilities
5 min read
6 Jun 2026

One-Click github.dev Flaw Let Attackers Steal GitHub OAuth Tokens

A single crafted link was enough to drain a developer's GitHub OAuth token from the browser-based VS Code editor — granting read/write access to private repositories with no second click required.

A photoreal wide-angle shot of a dimly lit enterprise network operations center at night, multiple large monitors displa
Vulnerabilities
4 min read
6 Jun 2026

Cisco Catalyst SD-WAN Manager Flaw CVE-2026-20245 Exploited in the Wild — No Patch Available

A high-severity authorization vulnerability in Cisco's SD-WAN control plane is under active attack across on-premises, cloud, and FedRAMP deployments. Cisco has confirmed exploitation and has not yet released a fix.

Photoreal editorial scene: a close-up of a developer's hands at a mechanical keyboard in a dimly lit office, a terminal
Vulnerabilities
5 min read
6 Jun 2026

RubyGems Adds Bundler Cooldown to Block Supply Chain Attacks Before They Land

A new --cooldown flag for Bundler delays installation of freshly published gems, buying defenders the time attackers have long exploited.

A photoreal close-up of a developer's hands on a laptop keyboard in a dimly lit office, the screen casting a blue glow s
Vulnerabilities
4 min read
4 Jun 2026

GitHub's Browser Editor Handed Attackers an Unscoped OAuth Token — and a Path to Every Private Repo You Own

A malicious Jupyter notebook, a bypassed publisher trust check, and a single browser tab were all an attacker needed to steal an OAuth token granting access to every repository tied to a GitHub account.

A photoreal editorial scene showing a glowing server rack inside a dark data center, with a single open circuit board in
Vulnerabilities
5 min read
3 Jun 2026

CVE-2026-23479: Redis Sat Vulnerable for Two Years Before an AI Found the Bug

A use-after-free flaw in Redis's blocking-client code went undetected from version 7.2.0 until patches landed on May 5, 2025 — and it took an autonomous AI auditing tool, not a human researcher, to surface it.

A photoreal editorial scene of a server room bathed in low blue light, with a single rack of servers visibly older and d
Vulnerabilities
5 min read
3 Jun 2026

CISA Flags Two-Year-Old Oracle WebLogic Flaw as Actively Exploited — Federal Deadline Is Four Days

CVE-2024-21182 earned a CVSS 7.3 score and a July 2024 Oracle patch. Neither was enough to stop threat actors from finding the organizations that never bothered.

A close-up, photoreal editorial photograph of a glowing computer monitor displaying a WordPress admin dashboard with an
Vulnerabilities
5 min read
2 Jun 2026

CVE-2026-8732: Attackers Are Creating Rogue Admin Accounts on WordPress Sites Right Now

A critical unauthenticated privilege-escalation flaw in the WP Maps Pro plugin lets anyone register a full administrator account — no login, no phishing, no waiting. Active exploitation is already underway.

Photoreal editorial scene: a developer's dimly lit workstation at night, multiple monitors showing terminal windows with
Vulnerabilities
4 min read
2 Jun 2026

Miasma Supply Chain Attack Plants Credential-Stealing Worm Inside Red Hat npm Packages

A sophisticated campaign named Miasma has weaponized npm packages tied to the Red Hat ecosystem, silently harvesting developer credentials and burrowing into CI/CD pipelines the moment a compromised package lands on disk.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress