FortiSandbox CVE-2026-25089: Patch Exploited RCE Bugs
Attackers are probing three critical Fortinet FortiSandbox vulnerabilities. Admins should patch affected appliances and review access logs for exploitation attempts.
Author profile
Emma Davis
Content editor and security writer focused on making malware-removal and scam-prevention guides easier to understand. Emma reviews structure, clarity, and source consistency before articles are published.
1,039 articles
Editorial review
Reader clarity
Security guidance
Published work
Recent articles by Emma Davis
News · June 16, 2026
Joomla JCE CVE-2026-48907: Patch Exploited Editor RCE Flaw
CISA added Joomla Content Editor CVE-2026-48907 to KEV after exploitation. Update JCE to 2.9.99.6 and check for rogue profiles or PHP uploads.
News · June 16, 2026
LiteSpeed cPanel CVE-2026-54420: Patch Exploited Root Escalation
CISA says LiteSpeed cPanel Plugin CVE-2026-54420 is exploited in the wild. Shared hosting admins should update the WHM plugin or disable the user-end plugin...
News · June 15, 2026
Cisco SD-WAN CVE-2026-20262: Patch Exploited File-Write Flaw
Cisco says CVE-2026-20262 in Catalyst SD-WAN Manager has seen limited exploitation. Patch fixed releases and check vManage logs for suspicious WAR uploads.
News · June 15, 2026
OptinMonster Supply Chain Attack: WordPress Sites Get Hidden Backdoors
OptinMonster, TrustPulse and PushEngage scripts were tampered in a WordPress supply-chain attack that planted hidden admins and backdoors.
News · June 14, 2026
LangGraph RCE Chain: Patch Self-Hosted AI Agent Checkpointers
Self-hosted LangGraph deployments using SQLite or Redis checkpointers should patch CVE-2025-67644, CVE-2026-28277, and CVE-2026-27022 and review exposed checkpoint history endpoints.
News · June 14, 2026
Velvet Ant Backdoored Linux PAM and OpenSSH for Years
Sygnia says China-nexus Velvet Ant hid inside Linux PAM and OpenSSH authentication paths for years, turning trusted login components into persistence and credential-theft tools.
News · June 13, 2026
Splunk Enterprise CVE-2026-20253: Patch Critical Sidecar RCE Flaw
Splunk Enterprise CVE-2026-20253 is a Critical PostgreSQL sidecar flaw with no listed workaround. Admins should update to 10.4.0, 10.2.4, or 10.0.7 and review exposure.
News · June 13, 2026
Google Outsider AI Smishing Ring Sent 2.5M Scam Texts
Google says Outsider Enterprise used AI-assisted phishing kits, fake websites, and bulk texts to run a large smishing operation targeting passwords, payment cards, and...
News · June 12, 2026
Arch Linux AUR Packages Hijacked to Drop Infostealer and Rootkit
More than 400 Arch Linux AUR packages were reported compromised in an Atomic Arch supply-chain attack that pulled malicious npm and bun dependencies into...
News · June 12, 2026
Langflow CVE-2026-5027 Exploited: Patch AI Workflow Servers
Attackers are exploiting Langflow CVE-2026-5027, a path traversal file-write flaw that can become remote code execution on exposed AI workflow servers.
News · June 11, 2026
Ivanti Sentry CVE-2026-10520: Root RCE Is Now Exploited
CISA added Ivanti Sentry CVE-2026-10520 to KEV after public PoC-driven exploitation attempts. Patch now and review exposed gateways for compromise.
