PAN-OS IKEv2 and DNS Proxy RCEs — CVE-2026-0263
CVE-2026-0263 and CVE-2026-0264 deliver RCE in PAN-OS VPN and DNS processing. FortiClient EMS CVE-2026-35616 exploited in the wild.
Posts tagged: Supply-Chain
FBI Warns Silent Ransom Group Walking Into Law Firms
FBI flash alert on Silent Ransom Group USB attacks at law firms. LA Metro attributed to Iranian APT. SymJack weaponizes AI coding agents. CVE-2026-45659.
Megalodon Poisons 5,500+ GitHub Repos
Megalodon injects malicious workflows into 5,500+ GitHub repos, CVE-2026-26980 Ghost CMS zero-day exploited, TrapDoor plants 34 packages on npm and PyPI.
PAN-OS DNS RCE CVE-2026-0264 — Cisco CVSS 10
CVE-2026-0264 PAN-OS DNS heap overflow RCE patched, Cisco Secure Workload CVSS 10 API auth bypass, GitHub confirms 3,800-repo VS Code extension breach.
GitHub Breached via Malicious VS Code Extension
GitHub confirms 3,800 internal repos breached via trojanized VS Code extension, Verizon DBIR 2026 marks exploits top vector, CVE-2026-0264 PAN-OS DNS RCE.
CISA Contractor Leaked AWS GovCloud Keys
CISA contractor exposed AWS GovCloud secrets on GitHub, Exchange zero-day CVE-2026-42897 actively exploited, Storm-2949 malware-free Azure cloud breach.
NGINX Heap Overflow CVE-2026-42945 Exploited
CVE-2026-42945 NGINX heap overflow exploited 48 hours after disclosure, MiniPlasma Windows kernel zero-day PoC public, ShinyHunters hits 7-Eleven.
Cisco SD-WAN Zero-Day CVE-2026-20182 Exploited
CVE-2026-20182 Cisco SD-WAN CVSS 10 auth bypass exploited, Exchange CVE-2026-42897 XSS-to-RCE active, NGINX RCE patched, Shai-Hulud worm open-sourced.
Microsoft AI Finds 16 Windows Zero-Days
CVE-2026-33827 and CVE-2026-33824 AI-discovered CVSS 9.8 Windows kernel RCEs patched. Shai-Hulud npm worm spreads. Foxconn confirms factory cyberattack.
Checkmarx Jenkins Plugin Hijacked in Supply Chain
Checkmarx Jenkins AST plugin compromised on the Marketplace, CVE-2026-7482 Ollama Bleeding Llama flaw exposes 300K servers, SailPoint GitHub breach.