Notes from the ops room.

ShapedPlugin's Official Update Server Delivered Backdoors for 28 Days

Jun 23, 2026 · Security

Operation Endgame Cleaned 15,000 WordPress Sites — Yours Could Be Next

Jun 22, 2026 · Security

FortiBleed: 86,000 Fortinet Firewalls Compromised — Is Your VPN in the Dataset?

Jun 21, 2026 · Security

Avada Builder CVE-2026-8713: Delete wp-config.php, No Login Required

Jun 20, 2026 · WordPress

DragonForce Hid Ransomware C2 Inside Microsoft Teams for Two Months

Jun 19, 2026 · Security

PHP SOAP Extension RCE (CVE-2026-6722): CVSS 9.8, Patch Now

Jun 18, 2026 · Security

Joomla JCE CVE-2026-48907: CVSS 10.0 Web Shell, No Login Required

Jun 17, 2026 · Security

Two LiteSpeed cPanel Bugs Are Handing Attackers Root — One CISA Deadline Is Today

Jun 16, 2026 · Security

Check Point VPN Zero-Day Lets Ransomware Skip the Password

Jun 15, 2026 · Security

Agentjacking: Fake Sentry Errors Are Hijacking AI Coding Agents

Jun 14, 2026 · Security

Oracle PeopleSoft Zero-Day (CVE-2026-35273): 100+ Orgs Breached Before a Patch Existed

Jun 13, 2026 · Security

UpdraftPlus Auth Bypass (CVE-2026-10795) Puts 3 Million WordPress Sites at Risk

Jun 12, 2026 · WordPress

June 2026 Patch Tuesday: Wormable Kernel Bug, Exchange Under Active Attack

Jun 11, 2026 · Security

Claude Fable 5 Is Out. Here's What Matters for Your Business.

Jun 10, 2026 · Artificial Intelligence

Linux Kernel CVE-2026-23111 Has a Public Root Exploit — Patch Now

Jun 9, 2026 · Security