Security researchers have confirmed that [over 900 Oracle E-Business Suite (EBS) instances are exposed to the internet and under active attack](https://www.bleepingcomputer.com/news/security/over-900-
Threat intelligence firm Defused has confirmed that attackers are actively exploiting **CVE-2026-46817**, a critical vulnerability in Oracle E-Business Suite (EBS). Active exploitation means this has
Threat intelligence firm Defused has confirmed that attackers are actively exploiting multiple critical vulnerabilities in Fortinet's FortiSandbox platform, the appliance many organizations rely on to
Palo Alto Networks has confirmed that an unknown threat actor is actively exploiting [CVE-2026-0257](https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html), a high-severity aut
**What Happened**
A maximum-severity vulnerability in Ivanti Sentry is being actively exploited in the wild, [according to BleepingComputer](https://www.bleepingcomputer.com/news/security/max-severity-ivanti-sentry-vul
Cisco has confirmed that [CVE-2026-20245](https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html), a high-severity flaw in Catalyst SD-WAN Manager, is under active exploitation
Attackers are actively exploiting a critical privilege escalation vulnerability in the Kirki Customizer Framework plugin for WordPress, using it to silently promote themselves to administrator on any
Threat actors are actively exploiting a critical authentication bypass vulnerability in **WP Maps Pro**, a commercial WordPress plugin used to embed interactive maps. The flaw lets unauthenticated rem
**A confirmed authentication bypass in Palo Alto Networks PAN-OS and Prisma Access is actively being exploited in the wild.** If GlobalProtect is your VPN gateway, patching is not optional — it is ove
This week's most uncomfortable disclosure didn't come from a nation-state campaign or a ransomware gang — it came from an 18-year-old bug sitting quietly inside software running a third of the interne
Supply chain compromises dominated this week, with developer tools, CI workflows, and npm packages falling in overlapping campaigns — while separately, a wave of active exploitation hit network infras