1. Palo Alto Networks confirmed that CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect, is under active exploitation in the wild. (The Hacker News)
2. Attackers are actively exploiting the GlobalProtect authentication bypass flaw to establish unauthorized VPN connections to corporate networks. (BleepingComputer)
3. A new local privilege escalation vulnerability named CIFSwitch has been identified in the Linux kernel, allowing attackers to gain root access on multiple distributions. (BleepingComputer)
4. Security researchers reported active exploit activity targeting Langflow, highlighting it as a significant vulnerability signal. (Reddit)
5. A massive botnet consisting of over 17 million devices has been successfully dismantled by authorities. (Reddit)
6. A Business Email Compromise incident was reported where an attacker successfully injected malicious replies into an existing email thread using a lookalike domain. (Reddit)
7. Researchers identified LLMReaper, a new threat involving DOM based AI conversation exfiltration through malicious browser extensions. (Reddit)
8. Concerns persist regarding the potential for malicious activity within the Polyfill.io service despite previous security warnings. (Reddit)
9. An authentication bypass vulnerability in Indias largest exam evaluation portal was successfully exploited to achieve full account takeover. (Reddit)
10. Security analysts noted a surprising jump in the Exploit Prediction Scoring System for Windows, indicating increased risk for certain vulnerabilities. (Reddit)
11. Security professionals are discussing the risks associated with pen testing AI agents and the need for deterministic control planes to manage parallel agent deployments. (Reddit)
12. Microsoft has officially joined the DMARC protocol, marking a significant step in their email security infrastructure. (Reddit)
Be First to Comment