PAN-OS IKEv2 and DNS Proxy RCEs — CVE-2026-0263
CVE-2026-0263 and CVE-2026-0264 deliver RCE in PAN-OS VPN and DNS processing. FortiClient EMS CVE-2026-35616 exploited in the wild.
Posts tagged: Daily-Brief
Carnival Breach — ShinyHunters Steal 5.9M Records
ShinyHunters breach Carnival for 5.9M records. Google unifies Mandiant, Wiz, and Gemini. JINX-0164 deploys macOS backdoors against crypto firms.
FBI Warns Silent Ransom Group Walking Into Law Firms
FBI flash alert on Silent Ransom Group USB attacks at law firms. LA Metro attributed to Iranian APT. SymJack weaponizes AI coding agents. CVE-2026-45659.
CISA Mandates 48-Hour Drupal Patch — Active SQLi
CISA orders 48-hour Drupal patching for active SQLi exploitation, Dutch police seize 800 bulletproof hosting servers, Iran APT hits aviation sector.
Megalodon Poisons 5,500+ GitHub Repos
Megalodon injects malicious workflows into 5,500+ GitHub repos, CVE-2026-26980 Ghost CMS zero-day exploited, TrapDoor plants 34 packages on npm and PyPI.
Three CVSS 10.0 UniFi OS RCEs Patched by Ubiquiti
Ubiquiti patches three CVSS 10.0 UniFi OS RCEs, nation-state actors weaponize ROADtools for Azure AD recon, Apex One zero-day CVE-2026-34926 hits KEV.
PAN-OS DNS RCE CVE-2026-0264 — Cisco CVSS 10
CVE-2026-0264 PAN-OS DNS heap overflow RCE patched, Cisco Secure Workload CVSS 10 API auth bypass, GitHub confirms 3,800-repo VS Code extension breach.
GitHub Breached via Malicious VS Code Extension
GitHub confirms 3,800 internal repos breached via trojanized VS Code extension, Verizon DBIR 2026 marks exploits top vector, CVE-2026-0264 PAN-OS DNS RCE.
CISA Contractor Leaked AWS GovCloud Keys
CISA contractor exposed AWS GovCloud secrets on GitHub, Exchange zero-day CVE-2026-42897 actively exploited, Storm-2949 malware-free Azure cloud breach.
NGINX Heap Overflow CVE-2026-42945 Exploited
CVE-2026-42945 NGINX heap overflow exploited 48 hours after disclosure, MiniPlasma Windows kernel zero-day PoC public, ShinyHunters hits 7-Eleven.