Tech-Logs of Data-Scientist

CISA added CVE-2026-42271 and CVE-2026-50751 to its KEV catalog after evidence of active exploitation, while Microsoft moved to slow risky VS Code extension…Table of contentsOverviewCISA Moves Two Actively Exploited Bugs Into KEVVS Code Adds Friction to Extension UpdatesUNC3753 Campaign Blends Vishing With Physical IntrusionVerdantBamboo Expands Malware Activity on Appliance TargetsMorning Break..

CISA's KEV listing for SolarWinds Serv-U, active exploitation against Everest Forms Pro, a DD-WRT botnet campaign and Silent Ransom Group's helpdesk…Table of contentsOverviewCISA Adds SolarWinds Serv-U Flaw to KEV After ExploitationEverest Forms Pro Exploitation Targets WordPress Admin AccessC0XMO Botnet Uses DD-WRT Flaw to Expand Router FootholdsSilent Ransom Group Leans on Helpdesk Trust Inste..

CISA added an actively exploited SolarWinds Serv-U denial-of-service flaw to KEV, while Cisco warned of active exploitation in Catalyst SD-WAN Manager with no…Table of contentsOverviewCISA Moves SolarWinds Serv-U Flaw Into KEV After Exploitation EvidenceCisco Warns Catalyst SD-WAN Manager Flaw Is Being Exploited Without a PatchRepository Worms and Agentic CI/CD Put Developer Secrets Under Pressu..

CISA advisories on June 4 put the day’s security focus on industrial control software, including NAVTOR NavBox, Hitachi Energy tools and B&R PPT30 systems.…Table of contentsOverviewNAVTOR Fixes Local NavBox SOAP Access FlawHitachi Energy Advisories Put Availability FirstB&R PPT30 Advisory Targets OPC-UA AvailabilityThreat Reports Track macOS Malvertising and Wider PhishingMorning Breaking Up..

Microsoft traced a broad npm supply-chain compromise to the @redhat-cloud-services scope, while CISA added an actively exploited Mirasvit flaw to KEV and…Table of contentsOverviewMicrosoft Traces npm Miasma to Red Hat Package ScopeCISA Adds Mirasvit Deserialization Flaw to KEVMicrosoft 365 Android Token Exposure Puts App Trust in FocusGoogle Patches Exploited Android Framework FlawHTTP/2 Bomb Ra..

CISA added Oracle WebLogic Server CVE-2024-21182 to its exploited-vulnerability catalog, while separate June 1 reports pointed to WordPress plugin abuse,…Table of contentsOverviewCISA puts exploited WebLogic flaw on the federal deadline listWP Maps Pro exploitation targets WordPress administrator accessMalicious codexui-android package puts developer tokens at riskDragon Weave uses ZIP phishing ..

Dutch authorities disrupted a botnet tied to at least 17 million infected devices, while CISA, NIST, Microsoft and Google remained the key reference points…Table of contentsOverviewDutch Botnet Takedown Shows the Scale of Everyday Device CompromiseCISA Advisories Keep the Focus on Mitigation, Not RumorNIST Database Remains the Reference Point for CVE SeverityMicrosoft's Update Guide Anchors Prod..

Security reporting for May 30 centered on an actively exploited Palo Alto Networks VPN authentication bypass and a Microsoft-documented npm…Table of contentsOverviewPalo Alto Networks Warns of Exploited GlobalProtect BypassMicrosoft Tracks Malicious npm Packages Targeting DevelopersChatGPhish Turns Markdown Rendering Into a Phishing SurfaceOfficial Advisories Anchor Patch Decisions Amid Thin Dai..