MetInfo CMS CVE-2026-29014: unauthenticated RCE exploitation reported
Researchers warn that MetInfo CMS sites running versions up to 8.2.0 may be exposed to unauthenticated PHP code execution (CVE-2026-29014).
News desk
Cybersecurity News & Analysis
Security incidents, exploited vulnerabilities, breach reports, and urgent patch notes, arranged for fast scanning like a daily cyber newspaper.
June 16, 2026
Latest reports
Microsoft Warns of AiTM Phishing Campaign Targeting 35,000 Users
Microsoft says a code of conduct-themed AiTM phishing campaign targeted more than 35,000 users across 13,000 organizations and could bypass non-phishing-resistant MFA by stealing...
Instructure Canvas Breach: Data Exposure, Login Defacement, and What Users Should Do
Instructure says Canvas is back online after a security incident involving names, emails, student IDs, and messages. Here is what is confirmed and what...
Apache HTTP Server 2.4.67 Fixes CVE-2026-23918 HTTP/2 RCE Risk
Apache HTTP Server 2.4.67 fixes CVE-2026-23918, an HTTP/2 double-free in 2.4.66 that can crash workers and may allow RCE in specific conditions.
DAEMON Tools Installers Carried a Backdoor Since April 8
Official DAEMON Tools installers reportedly carried a backdoor from April 8, 2026. Users who installed it recently should remove it, scan Windows, and wait...
Grok Wallet Drained After Bankr Prompt Injection Moves 3B DRB
A reported Bankr/Grok prompt-injection incident moved 3B DRB tokens from a labeled Grok wallet on Base after a gifted NFT and a crafted Morse-code...
Weaver E-cology CVE-2026-22679 RCE Is Being Exploited
CVE-2026-22679 is an unauthenticated RCE in Weaver E-cology 10.0 builds before 20260312. Patch exposed systems and check for post-exploitation activity.
30,000 Facebook Accounts Hacked in Google AppSheet Phishing Campaign
A Google AppSheet phishing wave dubbed AccountDumpling hijacked roughly 30,000 Facebook accounts, many tied to business pages and ad access.
Poisoned Ruby Gems and Go Modules Used to Steal CI Secrets
A BufferZoneCorp package cluster in RubyGems and Go targeted developer machines and CI pipelines, stealing secrets, tampering with GitHub Actions, and planting SSH persistence.
