The Hacker News

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

The leaked bytes are the useful part. Squid reuses freed memory buffers without zeroing them, so a 4KB buffer that recently ...
Dark Reading

In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw

The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified ...
CSO Online

Attackers exploit Cisco Unified CM flaw weeks after patch release

New activity targets CVE‑2026‑20230, an SSRF bug that can allow unauthenticated file writes and potential root‑level access ...

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being ...
Security Boulevard

Akamai Report Details MCP Security Weaknesses

Akamai today revealed a raft of cybersecurity weaknesses in the latest specification for the Model Context Protocol (MCP) that is widely used by ...
The Hacker News

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Cisco Unified CM CVE-2026-20230 is under active exploitation, allowing file writes on WebDialer-enabled systems.
Tech Times

WordPress Email Plugin Flaw Triggers 17 Million Attacks: Gravity SMTP Leaks Live API Keys

Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...

AWS debuts Lambda MicroVMs with up to 8 hours runtime

AWS has introduced Lambda MicroVMs, built on its Firecracker virtual machine monitor, which can run isolated Linux containers ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.