See the no-go signals before they become incidents.
Cisco has released urgent security updates to address significant vulnerabilities in its networking and security product lines. The advisories cover denial-of-service risks in the Crosswork Network Controller and Network Services Orchestrator (NSO), as well as long-standing resource management issues in Cisco Email Security Appliance (ESA) running legacy AsyncOS software. Read more
Palo Alto Networks has released critical security updates addressing CVE-2026-0300, an out-of-bounds write vulnerability in its PAN-OS software. Affecting versions 10.2 through 12.1, the flaw poses significant risks to network infrastructure security. The Korea Internet & Security Agency (KISA) strongly recommends that organizations apply the specific hotfixes and maintenance releases provided to mitigate potential exploitation risks. Read more
Cisco has released critical security patches for Cisco Unity Connection to address vulnerabilities including Path Traversal (CVE-2026-20034) and Server-Side Request Forgery (CVE-2026-20035). These flaws affect versions 12.5 through 15.0, potentially allowing unauthorized system access. Organizations are advised to upgrade to version 15SU4 or 14SU5 to mitigate these infrastructure risks. Read more
cPanel has released urgent security updates for cPanel & WHM and WP Squared to address three critical vulnerabilities: improper input validation, code injection, and symbolic link following. These flaws affect numerous legacy and current versions, potentially allowing unauthorized system access. Administrators should immediately verify their software versions and apply the recommended patches to mitigate the risk of server compromise. Read more
South Korea's internet security agency, KISA, has issued an urgent advisory regarding highly targeted smishing attacks. Cybercriminals are using stolen data from hacked travel platforms, such as accommodation reservation details, to impersonate hotel staff. These attacks aim to deceive travelers into entering credit card information on fraudulent sites to avoid supposed booking cancellations, posing significant secondary financial risk. Read more
Trend Micro has launched 'TrendAI,' a new corporate brand integrating Anthropic’s Claude models into its Vision One platform. The partnership aims to shift cybersecurity from reactive 'If/Else' logic to autonomous AI agents capable of prioritizing threats and automating incident response. This initiative addresses the escalating speed of AI-driven attacks by providing high-speed governance and automated reporting. Read more
Organizations must transition from treating AI security as a niche concern to integrating it into core IT governance. By adopting 'Cyber for AI' strategies, teams can defend against threats like LLM Jacking—where attackers hijack model resources—using strict API management and newly released NIST and CISA guidelines designed to secure large language model environments. Read more
Oracle has issued its April 2026 Critical Patch Update, delivering 481 security fixes across its product portfolio. The update addresses several high-risk vulnerabilities in Java SE and GraalVM, some of which allow unauthenticated network-based attacks. Organizations are urged to apply these patches immediately to mitigate risks of unauthorized code execution and service disruptions. Read more
Microsoft has released urgent security updates for ASP.NET Core to address CVE-2026-40372, a critical elevation of privilege vulnerability. Flaws in cryptographic signature validation allow unauthenticated attackers to forge authentication cookies and gain SYSTEM-level access. The vulnerability primarily impacts non-Windows environments using the Data Protection package, requiring immediate patching of affected container and server deployments. Read more
Okta's 'Businesses at Work 2026' report reveals a massive 1,140% surge in access requests over two years, driven primarily by autonomous AI agents. This shift is forcing global enterprises to move beyond traditional user-centric security, prioritizing non-human identity (NHI) governance and phishing-resistant multi-factor authentication to secure modern cloud and hybrid infrastructure environments. Read more