See the no-go signals before they become incidents.
Cisco has released critical security patches for Cisco Unity Connection to address vulnerabilities including Path Traversal (CVE-2026-20034) and Server-Side Request Forgery (CVE-2026-20035). These flaws affect versions 12.5 through 15.0, potentially allowing unauthorized system access. Organizations are advised to upgrade to version 15SU4 or 14SU5 to mitigate these infrastructure risks. Read more
Ollama has released a critical security update to address CVE-2026-7482, an out-of-bounds read vulnerability. KISA has issued an advisory recommending that users upgrade to version 0.17.1 or higher. The flaw could allow unauthorized memory access, necessitating immediate patching or temporary mitigation by restricting external API access and rotating keys. Read more
cPanel has released urgent security updates for cPanel & WHM and WP Squared to address three critical vulnerabilities: improper input validation, code injection, and symbolic link following. These flaws affect numerous legacy and current versions, potentially allowing unauthorized system access. Administrators should immediately verify their software versions and apply the recommended patches to mitigate the risk of server compromise. Read more
South Korea's internet security agency, KISA, has issued an urgent advisory regarding highly targeted smishing attacks. Cybercriminals are using stolen data from hacked travel platforms, such as accommodation reservation details, to impersonate hotel staff. These attacks aim to deceive travelers into entering credit card information on fraudulent sites to avoid supposed booking cancellations, posing significant secondary financial risk. Read more
Trend Micro has launched 'TrendAI,' a new corporate brand integrating Anthropic’s Claude models into its Vision One platform. The partnership aims to shift cybersecurity from reactive 'If/Else' logic to autonomous AI agents capable of prioritizing threats and automating incident response. This initiative addresses the escalating speed of AI-driven attacks by providing high-speed governance and automated reporting. Read more
Organizations must transition from treating AI security as a niche concern to integrating it into core IT governance. By adopting 'Cyber for AI' strategies, teams can defend against threats like LLM Jacking—where attackers hijack model resources—using strict API management and newly released NIST and CISA guidelines designed to secure large language model environments. Read more
Oracle has issued its April 2026 Critical Patch Update, delivering 481 security fixes across its product portfolio. The update addresses several high-risk vulnerabilities in Java SE and GraalVM, some of which allow unauthenticated network-based attacks. Organizations are urged to apply these patches immediately to mitigate risks of unauthorized code execution and service disruptions. Read more
Modern cyber threats are shifting focus from breaking encryption to manipulating user behavior through psychological fatigue. New tactics target the friction between automated security tools and manual user intervention, specifically exploiting the 'MFA fatigue' phenomenon and the warning dialogs of password managers to trick users into authorizing unauthorized access or bypassing domain-matching security protocols. Read more
Microsoft has released urgent security updates for ASP.NET Core to address CVE-2026-40372, a critical elevation of privilege vulnerability. Flaws in cryptographic signature validation allow unauthenticated attackers to forge authentication cookies and gain SYSTEM-level access. The vulnerability primarily impacts non-Windows environments using the Data Protection package, requiring immediate patching of affected container and server deployments. Read more
CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a high-severity path traversal flaw in ConnectWise ScreenConnect and a Windows Shell spoofing vulnerability. Both flaws have confirmed active exploitation in the wild, requiring federal agencies and private organizations to prioritize patching to prevent unauthorized remote access and network-based identity spoofing. Read more