Overview pgAdmin 4, the most widely used open-source administration and development platform for PostgreSQL, has disclosed multiple critical vulnerabilities in a June 2026 security advisory. … Read More
Actively Exploited â Information Disclosure CVE-2026-4020 is an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, actively installed on over 100,000 sites. CVSS … Read More
What Happened The Icarus threat actor group has significantly expanded its exploitation of the Klue OAuth token breach, pivoting from initial reconnaissance to full-scale Salesforce … Read More
Vulnerability Intelligence Report — June 20, 2026 (Saturday Edition) Coverage: June 1–20, 2026 | Total CISA KEV additions (period): 16 | New KEVs: 0 | … Read More
CISA Known Exploited Vulnerability (KEV): Added to the CISA KEV Catalog on June 18, 2026. Action due Sunday, June 21, 2026. BOD 26-04 3-day patch … Read More
What Happened On or around June 18, 2026, the update mechanism for the popular ShapedPlugin family of WordPress plugins was compromised in a supply-chain attack. … Read More
What Happened A newly observed variant of the Gentlemen ransomware family has begun deploying multiple Endpoint Detection and Response (EDR) killer utilities in a coordinated … Read More
Vulnerability Intelligence Report — June 19, 2026 Coverage: June 1–19, 2026 | Total CISA KEV additions (period): 16 | New KEVs: 1 (Splunk) | KEV … Read More
F5 has released out-of-band critical security patches for NGINX addressing two critical RCE/DoS vulnerabilities (CVE-2026-42530, CVE-2026-42055) in HTTP/3 and proxy/gRPC modules, plus two high-severity NGINX Gateway Fabric flaws. NGINX powers ~33% of all websites — patch immediately.
What Happened On June 17, 2026, security researchers disclosed a massive credential leak affecting Fortinet VPN devices, dubbed “FortiBleed.” A publicly exposed database containing VPN … Read More
