The second Tuesday of June 2026 marked Microsoft's largest Patch Tuesday release on record, delivering security updates for a massive range of vulnerabilities affecting Windows, Microsoft Office, Azure, Exchange, Hyper-V, Active Directory, Remote Desktop, BitLocker, and numerous core operating system components.
Read more →Two Russia-aligned threat groups, Gamaredon and UAC-0226, are actively exploiting CVE-2025-8088, a high-severity WinRAR path traversal vulnerability, against Ukrainian government, military, and critical infrastructure organizations. Nearly a year after a patch was made available, both groups continued to operate unimpeded.
Read more →A newly identified Gafgyt botnet variant, C0XMO, is actively targeting internet-exposed devices through a combination of vulnerability exploitation, weak-credential attacks, and automated lateral movement. Unlike traditional Gafgyt campaigns, C0XMO separates its propagation logic into a dedicated Python-based scanner, enabling it to compromise a wider range of architectures and device types while scaling infections more efficiently.
Read more →Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb.
Read more →What changed when AI tested the lab before and after Saner reduced the usable attack surface
Read more →Learn how to prioritize remediation at scale by fixing reachable, exploitable, and business-critical risks first instead of relying on CVSS alone.
Read more →
