Threat Intel · Updated Hourly

Live cybersecurity intel, straight from the sources we trust.

Actively exploited vulnerabilities (CISA KEV), recently disclosed CVEs (NVD), and the cybersecurity newsroom — all in one place. We refresh on the hour so what you see is what's hitting the wire.

Feed catching up · last update 21 d ago

CISA Known Exploited Vulnerabilities

What's being actively exploited right now

Every CVE below is on CISA's KEV catalog — meaning attackers are using it in the wild, today. Filter to the categories your stack actually runs.

CVE-2026-11645 Actively exploited
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utili…
Google · Chromium V8 Added Jun 9, 2026
browser smb essential
Read advisory at NVD →
CVE-2008-4250 Actively exploited
Microsoft Windows Buffer Overflow Vulnerability
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Microsoft · Windows Added May 20, 2026
endpoint m365 smb essential
Read advisory at NVD →
CVE-2009-1537 Actively exploited
Microsoft DirectX NULL Byte Overwrite Vulnerability
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
Microsoft · DirectX Added May 20, 2026
endpoint m365 smb essential
Read advisory at NVD →
CVE-2009-3459 Actively exploited
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
Adobe · Acrobat and Reader Added May 20, 2026
smb essential
Read advisory at NVD →
CVE-2010-0249 Actively exploited
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (…
Microsoft · Internet Explorer Added May 20, 2026
endpoint m365 smb essential
Read advisory at NVD →
CVE-2010-0806 Actively exploited
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted pro…
Microsoft · Internet Explorer Added May 20, 2026
endpoint m365 smb essential
Read advisory at NVD →
CVE-2026-41091 Actively exploited
Microsoft Defender Link Following Vulnerability
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
Microsoft · Defender Added May 20, 2026
endpoint m365 smb essential
Read advisory at NVD →
CVE-2026-45498 Actively exploited
Microsoft Defender Denial of Service Vulnerability
Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Microsoft · Defender Added May 20, 2026
endpoint m365 smb essential
Read advisory at NVD →
CVE-2026-42897 Actively exploited
Microsoft Exchange Server Cross-Site Scripting Vulnerability
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
Microsoft · Microsoft Added May 15, 2026
endpoint m365 smb essential
Read advisory at NVD →
CVE-2024-1708 Actively exploited
ConnectWise ScreenConnect Path Traversal Vulnerability
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
ConnectWise · ScreenConnect Added Apr 28, 2026 Ransomware
enterprise smb essential
Read advisory at NVD →
CVE-2026-32202 Actively exploited
Microsoft Windows Protection Mechanism Failure Vulnerability
Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
Microsoft · Windows Added Apr 28, 2026
endpoint m365 smb essential
Read advisory at NVD →
CVE-2026-33825 Actively exploited
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
Microsoft · Defender Added Apr 22, 2026
endpoint m365 smb essential
Read advisory at NVD →

See the full KEV catalog (1,619 entries) →

NVD · Recent Disclosures

Recently disclosed CVEs (last 7 days)

Newly published vulnerabilities from the National Vulnerability Database, ranked critical-first. Most of these aren't being exploited yet — but the patches need to be on your roadmap.

CVE CVSS Severity Published Description
CVE-2026-11499 9.8 CRITICAL Jun 8, 2026 A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.
CVE-2024-58349 9.8 CRITICAL Jun 8, 2026 WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress in…
CVE-2024-58348 9.8 CRITICAL Jun 8, 2026 WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.
CVE-2023-54352 9.8 CRITICAL Jun 8, 2026 WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.
CVE-2026-45779 9.8 CRITICAL Jun 5, 2026 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database.…
CVE-2026-45777 9.8 CRITICAL Jun 5, 2026 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configurat…
CVE-2026-45758 9.6 CRITICAL Jun 5, 2026 Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be affected. Security researchers identified the malicious package within approxim…
CVE-2026-50751 9.3 CRITICAL Jun 8, 2026 A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
CVE-2026-11517 8.8 HIGH Jun 8, 2026 A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-11504 8.8 HIGH Jun 8, 2026 A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is…
CVE-2026-11503 8.8 HIGH Jun 8, 2026 A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been…
CVE-2026-11498 8.8 HIGH Jun 8, 2026 A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely.
CVE-2026-11413 8.8 HIGH Jun 6, 2026 A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early…
CVE-2026-7654 8.8 HIGH Jun 5, 2026 The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper…
CVE-2026-26422 8.4 HIGH Jun 6, 2026 clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.
CVE-2026-11416 8.1 HIGH Jun 5, 2026 MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename normalization or path validation. An attacker who controls a filen…
CVE-2026-41724 8 HIGH Jun 8, 2026 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
CVE-2026-41723 8 HIGH Jun 8, 2026 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
CVE-2026-41722 8 HIGH Jun 8, 2026 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
CVE-2026-11401 8 HIGH Jun 5, 2026 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through…
CVE-2026-11400 8 HIGH Jun 5, 2026 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster throug…
CVE-2026-49235 7.5 HIGH Jun 8, 2026 When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
CVE-2026-49234 7.5 HIGH Jun 8, 2026 When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
CVE-2026-49233 7.5 HIGH Jun 8, 2026 Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.
CVE-2026-36789 7.5 HIGH Jun 8, 2026 Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

From the Cybersecurity Newsroom

What's making cyber headlines

Hand-picked feeds from Krebs on Security, The Hacker News, BleepingComputer, and SANS Internet Storm Center. Headlines link to the original source — full credit, no scraping.

BleepingComputer
Maine disables data breach notification portal after fake disclosures
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]
Jun 12, 2026
Read at source →
The Hacker News
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can…
Jun 12, 2026
Read at source →
The Hacker News
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phis…
Jun 12, 2026
Read at source →
BleepingComputer
phpBB forum fixes auth bypass bug lurking for a decade
A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]
Jun 12, 2026
Read at source →
The Hacker News
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is…
Jun 12, 2026
Read at source →
BleepingComputer
Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]
Jun 12, 2026
Read at source →
BleepingComputer
Over 400 Arch Linux packages compromised to push rootkit, infostealer
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]
Jun 12, 2026
Read at source →
BleepingComputer
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]
Jun 12, 2026
Read at source →
SANS Internet Storm Center
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)
Jun 12, 2026
Read at source →
The Hacker News
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake erro…
Jun 12, 2026
Read at source →
The Hacker News
Rethinking MDR as Attackers and Defenders Embrace AI
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The t…
Jun 12, 2026
Read at source →
SANS Internet Storm Center
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
Jun 11, 2026
Read at source →

Headlines and snippets © their respective publishers; links go directly to the original sources.

Why this matters for your business

Most of these attacks start with a person, not a firewall

Phishing, hostile Wi-Fi, an unpatched laptop in the wrong place — the techniques behind the headlines are the same ones that target every small and growing business today. OfficeGuardIT keeps the patches current, the EDR sharp, and your team trained to spot what slips through.

Worried about what you don't know?

A free OfficeGuardIT assessment finds the gaps before someone else does.

Book a 20-Min IT Risk Review