CVE-2026-48282 Adobe ColdFusion RCE Exploited in 2 Hours

CVE-2026-48282 Adobe ColdFusion RCE

CVE-2026-48282 Adobe ColdFusion RCE is now the fastest-weaponized CVSS-10.0 flaw DIESEC has tracked in 2026: attackers began exploiting Adobe’s maximum-severity ColdFusion vulnerability within two hours of public disclosure, and CISA has given US federal agencies until July 10 to patch. What Happened Adobe’s APSB26-68 security bulletin, released June 30, 2026, patched 11 CVEs across ColdFusion,…

Read More

JADEPUFFER Agentic AI Ransomware Attack

JADEPUFFER agentic AI ransomware

JADEPUFFER agentic AI ransomware is, according to Sysdig’s Threat Research Team, the first publicly documented case of a ransomware attack executed start to finish by an autonomous AI agent — from initial access through a Langflow vulnerability to database encryption and extortion, with no human operator directing any step. What Happened Sysdig identified JADEPUFFER, this…

Read More

June 2026 Cybersecurity Roundup: Supply Chain Breaches, Data Extortion, and Critical CVEs

June 2026 Cybersecurity Roundup

This June 2026 Cybersecurity Roundup lands in a month when the FIFA World Cup kickoff dominated the conversation, with most attention on cyber threats and fraud tied to the tournament. Away from the headlines, though, June’s most consequential incidents ran through SaaS supply chains, ransomware-driven data extortion, and identity compromise. Here’s a roundup of the…

Read More

OPNsense CVE-2026-57155: Root RCE via GeoIP Alias

OPNsense CVE-2026-57155

OPNsense CVE-2026-57155 (CVSS 9.9) is a path-traversal flaw in the firewall’s GeoIP alias importer that lets a low-privileged user escalate to full root remote code execution. It is the fifth critical or high-severity OPNsense vulnerability disclosed since May 2026, and it matters disproportionately for German Mittelstand IT teams and MSPs because OPNsense’s free, open-source model…

Read More

SharePoint RCE CVE-2026-45659: Active Exploits

SharePoint RCE CVE-2026-45659

SharePoint RCE CVE-2026-45659 is now under active exploitation, and the federal patch deadline set by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is July 4 — tomorrow. The CVSS 8.8 deserialization flaw lets any authenticated user with nothing more than baseline Site Member permissions run code remotely on the server. Shadowserver currently counts more…

Read More