vulnerability-management

Critical Redis vulnerability CVE-2026-23479 allows remote code execution

• vulnerability-management

Critical Redis vulnerability CVE-2026-23479 allows remote code execution

SC Staff June 4, 2026

The vulnerability, rated 8.8 by CVSS 3.1 and 7.7 by CVSS 4.0, resides in the unblockClientOnKey() function...

Read More Read more about Critical Redis vulnerability CVE-2026-23479 allows remote code execution

Critical vulnerability in Hugging Face Transformers library allowed arbitrary code execution

• vulnerability-management

Critical vulnerability in Hugging Face Transformers library allowed arbitrary code execution

SC Staff June 4, 2026

The vulnerability, tracked as CVE-2026-4372, was exploitable through a standard model-loading command, even when Hugging Face’s recommended...

Read More Read more about Critical vulnerability in Hugging Face Transformers library allowed arbitrary code execution

Security Researchers Are Threat Actors – PSW #929

• ai-benefitsrisks
• aiml
• vulnerability-management

Security Researchers Are Threat Actors – PSW #929

Paul Asadoorian June 4, 2026

Read More Read more about Security Researchers Are Threat Actors – PSW #929

9.8 Mirasvit bug actively exploited on Magento servers

• patchconfiguration-management
• vulnerability-management

9.8 Mirasvit bug actively exploited on Magento servers

Steve Zurier June 4, 2026

CISA warns of an actively exploited Magento extension flaw that enables remote code execution.

Read More Read more about 9.8 Mirasvit bug actively exploited on Magento servers

WordPress Kirki plugin vulnerability allows account takeover

• vulnerability-management

WordPress Kirki plugin vulnerability allows account takeover

SC Staff June 4, 2026

The vulnerability, present in Kirki versions 6.0.0 through 6.0.6, stems from an unauthenticated REST API endpoint that...

Read More Read more about WordPress Kirki plugin vulnerability allows account takeover

Acer addresses critical zero-day vulnerabilities in Wave 7 routers

• vulnerability-management

Acer addresses critical zero-day vulnerabilities in Wave 7 routers

SC Staff June 3, 2026

The first vulnerability, CVE-2026-49200, is a broken access control flaw that allows unauthenticated attackers to access plaintext...

Read More Read more about Acer addresses critical zero-day vulnerabilities in Wave 7 routers

CISA adds Android and Linux kernel flaws to exploited vulnerabilities catalog

• vulnerability-management

CISA adds Android and Linux kernel flaws to exploited vulnerabilities catalog

SC Staff June 3, 2026

The vulnerabilities added are CVE-2022-0492, a Linux kernel improper authentication flaw with a CVSS score of 7.0,...

Read More Read more about CISA adds Android and Linux kernel flaws to exploited vulnerabilities catalog

Most organizations that miss 24-hour patch window report breaches

• patchconfiguration-management
• vulnerability-management

Most organizations that miss 24-hour patch window report breaches

Steve Zurier June 2, 2026

Study points out that AI has shattered the model of patching on a two- to four-week schedule.

Read More Read more about Most organizations that miss 24-hour patch window report breaches

Google releases June Android security patches addressing 124 vulnerabilities, including 1 zero-day

• vulnerability-management

Google releases June Android security patches addressing 124 vulnerabilities, including 1 zero-day

SC Staff June 2, 2026

The actively exploited vulnerability, identified as CVE-2025-48595, is a high-severity flaw in the Android Framework that allows...

Read More Read more about Google releases June Android security patches addressing 124 vulnerabilities, including 1 zero-day

Heraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland… – SWN #586

• aiml
• ransomware
• vulnerability-management

Heraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland… – SWN #586

Doug White June 2, 2026

Read More Read more about Heraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland… – SWN #586