Your backup server just became a CVSS 9.4 problem.

By Editorial Team | June 12, 2026

Your backup server just became a CVSS 9.4 problem. Veeam disclosed CVE-2026-44963 on June 9: any authenticated domain user — not an admin, not a privileged account — can execute code directly on a Veeam Backup & Replication server. A standard Active Directory login is enough. The flaw was discovered by watchTowr researcher Sina Kheirkhah.…

Read More

The biggest Patch Tuesday in Microsoft history dropped yesterday: 200 vulnerabilities. 33 Critical. 3 disclosed zero-days.

By Editorial Team | June 11, 2026

The biggest Patch Tuesday in Microsoft history dropped yesterday: 200 vulnerabilities. 33 Critical. 3 disclosed zero-days. And then — hours after the patches shipped — a researcher published an unpatched one that works on fully updated Windows 10 and 11. You patched everything available. You still have a gap. Here is what the June 9…

Read More

Your password manager just had encrypted vaults stolen. That’s not a near-miss.

By Editorial Team | June 5, 2026

Your password manager just had encrypted vaults stolen. That’s not a near-miss. Dashlane disclosed this week that attackers successfully downloaded encrypted password vaults belonging to fewer than 20 users via a brute-force attack. Dashlane notes the vaults remain encrypted and there’s no evidence of successful decryption. Most organizations reading this will breathe a sigh of…

Read More

Your VPN just let someone in without a password.

By Editorial Team | June 2, 2026

Your VPN just let someone in without a password. Not because they guessed it. Not because someone clicked a phishing link. Because the authentication check never happened at all. CVE-2026-0257 is an authentication bypass in Palo Alto Networks PAN-OS that affects GlobalProtect portal and gateway. The flaw is subtle: when the certificate used to encrypt…

Read More