Threats Tagged 'high-priority'

Healthcare technology company Xsolis, Inc. disclosed a data breach affecting approximately 1.4 million individuals. The breach resulted from a targeted phishing attack detected on January 22, 2026, which allowed unauthorized access to files containing personal and protected health information. Compromised data includes names, dates of birth, addresses, Social Security numbers, health insurance details, and medical treatment information. The company is not aware of any misuse of the stolen information. The incident was publicly disclosed in early June 2026 and added to the US Department of Health and Human Services data breach tracker.

Maine's official data breach notification portal allowed anyone to submit breach disclosures without verification, leading to fake breach reports being publicly posted. Notably, fraudulent notices impersonating Discord and VRChat were submitted, causing these companies to publicly deny the incidents. The portal has been taken offline while the Maine Attorney General's office reviews the situation. This lack of authentication in the submission process risks misinformation, reputational damage, and public panic.

CVE-2026-23111 is a use-after-free (UAF) vulnerability in the Linux kernel's nftables subsystem, introduced by a security fix for a previous vulnerability (CVE-2023-4244). This flaw affects nf_tables and is reachable from an unprivileged user namespace. The vulnerability enables advanced exploitation techniques including kernel address space layout randomization (KASLR) leaks, arbitrary reads, kernel structure traversal, and privilege escalation to root (uid=0) without hardcoded addresses. The exploit and detection methods have been publicly disclosed, emphasizing detection strategies beyond payload identification. No specific affected versions or vendor patches are detailed in the provided information.

Kodak confirmed a data breach involving unauthorized access to a limited amount of company data. The ShinyHunters extortion gang claimed responsibility, stating they stole over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data. Kodak is investigating the incident with external cybersecurity experts and cooperating with law enforcement. The company has not disclosed how the attackers gained access or whether the internal network was breached. ShinyHunters has a history of targeting multiple organizations and extorting data. Kodak has not yet provided details on remediation or mitigation.

CVE-2026-39949 is an authenticated remote code execution vulnerability in Cacti versions up to and including 1.2.30. The flaw arises from unsanitized variable substitution in RRDtool command-line arguments, allowing users with graph management privileges to inject arbitrary OS commands via host metadata fields such as the device notes. Exploitation requires authenticated access with permissions to create devices and graph templates. An attacker can craft malicious input in the notes field and trigger code execution during graph rendering.

Cisco disclosed a zero-day vulnerability (CVE-2026-20262) in Catalyst SD-WAN Manager that allows an attacker with valid credentials and write access to send crafted HTTP requests to an API endpoint, enabling arbitrary file write on the underlying operating system. This vulnerability can be leveraged to escalate privileges to root. Cisco discovered the flaw internally and confirmed limited exploitation in targeted attacks. The vulnerability is considered medium severity by Cisco but is rated critical here due to its exploitation and potential impact. Cisco has released patches addressing this issue. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities catalog, mandating remediation by June 29, 2026. This is one of multiple SD-WAN vulnerabilities exploited in 2026.

The Lapsus$ ransomware group is claiming to have compromised GitHub, although the breach has not been independently confirmed. Lapsus$ is known for previous high-profile attacks on companies like Nvidia, Microsoft, Samsung, and Uber. The claim includes alleged infostealer activity and compromised employee and user credentials. No ransom demand has been made, and the group states they may leak data if no buyer is found. The situation remains unverified and under investigation.

This entry references a service called Breach Detective, which is a search engine for breached credentials aggregated from multiple data leaks. The information provided is promotional and describes the service's capabilities to help users discover if their data has been compromised. There is no specific vulnerability or exploit detailed in the provided data. The source is a Reddit post linking to the Breach Detective website, with no technical details or evidence of an active breach or exploit.

A high-severity vulnerability (CVE-2026-5027) in the Langflow low-code AI development platform allows unauthenticated attackers to write files to arbitrary locations via a path traversal flaw in the 'POST /api/v2/files' endpoint. This flaw enables remote code execution (RCE) because the filename parameter is not sanitized, and Langflow's default unauthenticated auto-login allows attackers to reach the vulnerable endpoint without credentials. Exploitation attempts have been observed in the wild, with attackers dropping test files on victim systems. Approximately 7,000 Langflow instances are internet-accessible, mostly in North America. The vulnerability was publicly disclosed in March 2026, and no patch or official fix information is provided in the source content.

CVE-2026-45447 is a use-after-free vulnerability in OpenSSL's PKCS#7 signature verification. It occurs when processing specially crafted PKCS#7 or S/MIME signed messages containing an empty ASN.1 SET in the SignedData digestAlgorithms field. This causes OpenSSL to incorrectly free a caller-owned BIO during PKCS7_verify(), leading to potential crashes, heap corruption, or remote code execution. Applications using OpenSSL PKCS#7 APIs may be affected, while those using CMS APIs or FIPS modules are not impacted. The vulnerability has been addressed by OpenSSL in official commits.