PTC Windchill RCE CVE-2026-12569: Web Shells Actively Deployed

The PTC Windchill RCE CVE-2026-12569 (CVSS 9.3) is actively exploited — and this is the second attack wave targeting the same product in three months. Attackers are deploying persistent JSP web shells inside Windchill PDMLink and FlexPLM installations right now. CISA added the flaw to its Known Exploited Vulnerabilities catalog on June 25, 2026; the…

Read More

Gaslight: North Korea’s macOS Malware That Deceives AI Security Tools

North Korea has built macOS malware that attacks your AI security tools — not by evading them technically, but by lying to them. SentinelOne disclosed a Rust-based macOS implant on June 25, 2026, codenamed Gaslight, attributed with high confidence to North Korea-aligned threat actors. It is the first documented malware to embed fabricated system-failure messages…

Read More

Top 5 Cybersecurity News Stories June 26, 2026

Top 5 Cybersicherheit News Stories vom 26. Juni 2026

The five stories in this week’s Cybersecurity News Stories June 26, 2026 do not share an attacker technique or a common entry point. They share a common target: the foundational infrastructure organisations treat as settled — the code supply chain that delivers the software their developers build with, the integration layer that connects their business…

Read More

Three CVSS 10.0 Vulnerabilities in Ubiquiti UniFi OS — Zero Auth, Full Network Control

Three CVSS 10.0 vulnerabilities in Ubiquiti UniFi OS. One exploit chain. Full network control. Zero authentication required. If you use UniFi in your office — and most DACH SMBs do — this is your highest-priority patch this week. CISA added three Ubiquiti vulnerabilities to its Known Exploited Vulnerabilities catalog on June 23, confirming active exploitation…

Read More