Last updated: July 6, 2026 at 12:53 AM UTC
All 559 Vulnerability 199 Breach 107 Threat 246 Defense 7

LiteLLM AI gateway flaw exploited for unauthenticated remote code execution

Attackers are actively exploiting a flaw in LiteLLM, a widely used open-source gateway that routes requests to AI models, and CISA has added it to its known-exploited-vulnerabilities list. The bug (CVE-2026-42271) lets any authenticated user run commands on the host through test endpoints that spawn whatever command is supplied in the request. Chained with a separate Host-header bypass in the Starlette web framework (CVE-2026-48710), it becomes unauthenticated remote code execution, giving full control of the server, credential theft, and a foothold in connected AI infrastructure. Horizon3.ai has published a proof-of-concept. It follows a LiteLLM SQL injection flaw exploited within 36 hours last month.

Check
Identify internet-facing LiteLLM proxy deployments and their version, check the Starlette version in use, and review logs of the /mcp-rest/test endpoints for unexpected command execution.
Affected
LiteLLM AI gateway and Python SDK (BerriAI) deployments exposing the vulnerable test endpoints (CVE-2026-42271), especially when paired with Starlette versions vulnerable to the Host-header bypass (CVE-2026-48710).
Fix
Upgrade LiteLLM and Starlette to the fixed releases immediately, restrict the affected endpoints to trusted networks, and rotate any credentials or API keys reachable from the LiteLLM host.

Veeam backup server flaw lets low-privilege domain users run code

Veeam has patched a critical flaw in Backup and Replication, one of the most widely deployed enterprise backup tools, that lets any authenticated low-privilege domain user run code remotely on the backup server. The bug (CVE-2026-44963, rated 9.4) only affects version 12 installations joined to an Active Directory domain; version 13, which uses a different architecture, is not affected, and workgroup setups are safe. No exploitation has been seen yet, but Veeam warns attackers often move quickly once patches reveal the flaw, and backup servers are a prime ransomware target because compromising them cripples recovery. The fix is build 12.3.2.4854.

Check
Identify Veeam Backup and Replication version 12 servers, determine which are joined to an Active Directory domain, and review the domain-user access granted to the backup console.
Affected
Domain-joined Veeam Backup and Replication 12.3.2.4465 and earlier version 12 builds (CVE-2026-44963). Version 13 and workgroup-only deployments are not affected.
Fix
Upgrade to Veeam Backup and Replication 12.3.2.4854 now. Where patching must wait, isolate backup servers from the domain network and tighten which domain users can reach the console.

Russia-aligned groups exploit old WinRAR flaw to hit Ukrainian targets

Trend Micro reports that at least two Russia-aligned groups, including Gamaredon, are exploiting a WinRAR flaw that was patched nearly a year ago to attack Ukrainian military and government organizations. The attacks start with emails carrying a booby-trapped RAR archive that abuses a path-traversal bug (CVE-2025-8088) to silently drop a malicious shortcut into the Windows Startup folder using NTFS Alternate Data Streams. One cluster, tracked by Ukraine's CERT-UA as UAC-0226, then installs an updated GiftedCrook stealer that grabs browser passwords, session cookies, and documents before deleting itself. The campaigns are a reminder that unpatched WinRAR remains a reliable foothold for attackers.

Check
Check the WinRAR version on Windows endpoints, and review email gateways and endpoint logs for inbound RAR archives and new shortcuts written to Startup folders via alternate data streams.
Affected
Windows systems with WinRAR versions before the CVE-2025-8088 fix, particularly organizations receiving RAR email attachments; Ukrainian government and military entities are the current targets.
Fix
Update WinRAR to the latest version that fixes CVE-2025-8088, block or sandbox inbound RAR attachments at the email gateway, and alert staff to unexpected archive lures.

ServiceNow API flaw let attackers query customer instance data

ServiceNow has quietly told affected customers that attackers exploited an unauthenticated flaw in one of its API endpoints to pull data from hosted customer instances. The company applied a fix to hosted instances on June 5 that restricts the endpoint to authenticated users, and confirmed attackers had successfully queried customer instance tables, though it did not say what data was taken. ServiceNow instances routinely hold sensitive material such as IT support tickets, employee records, asset inventories, and internal documentation, and support tickets in particular often contain credentials, API tokens, and secrets shared during troubleshooting. ServiceNow has opened support cases with the customers it believes were impacted.

Check
Check your ServiceNow support portal for a case opened by ServiceNow about this incident, and review instance access and API logs for unexpected unauthenticated queries before June 5.
Affected
Organizations running hosted ServiceNow instances whose data could be reached through the vulnerable unauthenticated API endpoint before the June 5 fix, especially those storing secrets in support tickets.
Fix
Confirm the June 5 fix applied to your instance, rotate any credentials, API tokens, or secrets that appeared in support tickets, and tighten access controls and logging on the instance.

Check Point VPN zero-day exploited by Qilin ransomware, patch now

Check Point has rushed out a fix for a critical flaw in its Remote Access VPN, Mobile Access, and Spark firewall products that attackers have been exploiting since May 7. The bug (CVE-2026-50751, rated 9.3) is a logic error in how the software checks certificates, letting an unauthenticated attacker log into the VPN with no password, but only on gateways still using the old IKEv1 key-exchange protocol. So far a few dozen organizations have been hit, and at least one intrusion was tied to an affiliate of the Qilin ransomware gang, which used the access to steal data with Rclone before deploying ransomware. A second, unexploited flaw was also patched.

Check
Check whether your Check Point gateways accept IKEv1 remote-access connections, then audit VPN and authentication logs back to May 7 for logins lacking a matching certificate or password.
Affected
Check Point Remote Access VPN, Mobile Access, and Spark firewalls on versions R80.20.X through R82.10 configured for the deprecated IKEv1 protocol without mandatory machine certificates.
Fix
Apply the hotfix per Check Point advisory SK185033, or switch Remote Access to IKEv2 only, make machine-certificate authentication mandatory, drop legacy clients, and enable IPS signatures.

Chained UniFi OS flaws give unauthenticated root on Ubiquiti gateways

Researchers at Bishop Fox have shown that three maximum-severity flaws Ubiquiti patched in May can be chained into a single attack that hands an unauthenticated attacker root access to UniFi OS Server with one crafted web request. Two flaws (CVE-2026-34908 and CVE-2026-34909) bypass the login gateway by abusing how the server reads encoded web addresses; the third (CVE-2026-34910) injects commands into the package-update feature, which runs with passwordless sudo, making escalation to root trivial. The flaws hit version 5.0.6 and earlier across widely used gear like UDM, UCG, and UNVR appliances. Bishop Fox released a free script to check for exposure.

Check
Inventory UniFi OS Server and gateway appliances (UDM, UCG, UNVR) for version 5.0.6 or earlier, and run Bishop Fox's detection script against the management interface to confirm exposure.
Affected
UniFi OS Server 5.0.6 and earlier on UDM, UDM-Pro, UCG, UNVR, and related Ubiquiti appliances; the chain (CVE-2026-34908/34909/34910, all CVSS 10.0) yields unauthenticated root.
Fix
Update to UniFi OS Server 5.0.8 (unifi-core 5.0.153) or later. Because patching does not undo prior compromise, rotate credentials and run incident response where exposure is suspected.

Gogs patches critical RCE zero-day exposing private repos and credentials

Gogs, a popular self-hosted Git service, has finally patched a critical zero-day that Rapid7 disclosed in late May when no fix existed. The flaw (CVSS 9.4, no CVE assigned yet) lets a logged-in user with no admin rights run commands on the server by opening a pull request whose branch name secretly injects an exec option into a git rebase. Because Gogs ships with open registration on by default, an attacker can simply create an account to reach it. Successful exploitation means full server takeover: reading every private repository, dumping password hashes, API tokens, SSH keys, and 2FA secrets, and tampering with hosted source code.

Check
Identify internet-facing Gogs instances and their version, check whether open registration is enabled, and review logs for unexpected pull requests with unusual branch names or new low-privilege accounts.
Affected
Self-hosted Gogs servers up to and including 0.14.2 and 0.15.0+dev, especially those with the default open registration and unlimited repository creation enabled.
Fix
Upgrade to the patched Gogs release immediately. As interim mitigation, disable open registration and restrict repository creation, and rotate any credentials or tokens stored on the server.

Public exploit lands for one-character Linux kernel root flaw

A working exploit is now public for a Linux kernel bug that lets an ordinary local user become root and break out of containers. The flaw (CVE-2026-23111) lives in nf_tables, the kernel's packet-filtering code, and came down to a single inverted character that the upstream fix removed in one line back in February. It is reachable on common setups that have nf_tables plus unprivileged user namespaces enabled, both default on most desktops and many servers. Ubuntu rates it 7.8. There is no remote path on its own, but Exodus Intelligence published a full exploit walkthrough on June 8, making weaponization easy.

Check
Check the running kernel version on Linux hosts against your distribution's February 2026 or later patch, and review whether unprivileged user namespaces and nf_tables are enabled.
Affected
Linux systems on a kernel built before the February 5, 2026 nf_tables fix with both nf_tables and unprivileged user namespaces enabled (CVE-2026-23111); multi-tenant and container hosts most at risk.
Fix
Install the patched kernel package from your distribution and reboot. As a mitigation, restrict unprivileged user namespaces, for example setting kernel.unprivileged_userns_clone to 0 where supported.

New Shai-Hulud wave poisons 19 scientific Python packages on PyPI

The ongoing Shai-Hulud supply-chain campaign has struck again, this time trojanizing 19 Python packages on PyPI, many of them popular bioinformatics tools like Dynamo, Spateo, CoolBox, and Napari-UFISH that have been downloaded hundreds of thousands of times. Discovered by Socket, the wave pushed 37 malicious package versions from what looks like a single compromised maintainer, each carrying code that steals developer secrets such as cloud keys and tokens, then uses them to spread further. PyPI has quarantined affected releases. The credential-stealing behavior and tactics match earlier Shai-Hulud activity tied to the group TeamPCP, whose worm code leaked publicly last month.

Check
Search Python environments, lock files, and CI build logs for the 19 affected packages (including Dynamo, Spateo, CoolBox, U-FISH, Napari-UFISH) installed during the malicious window.
Affected
Developers and research teams that installed the trojanized versions of the 19 PyPI scientific packages, especially bioinformatics workflows pulling Dynamo, Spateo, CoolBox, U-FISH, or Napari-UFISH.
Fix
Remove the malicious versions and pin to known-good releases, then rotate every developer, cloud, and CI credential exposed on machines that installed them. Rebuild from trusted sources.

NFCShare Android malware poses as bank app updates to steal card data

Researchers at D3Lab warn that new versions of the NFCShare Android malware are spreading as fake updates for real banking apps, hosted on GitHub to look legitimate. Targeting customers of European banks, the malware shows a fake verification screen that tells victims to hold their payment card against the phone. It then uses the phone's NFC chip to read the card number, type, and expiry, and tricks the victim into typing their 4-digit PIN, sending it all to the attacker's server. That stolen data feeds NFC relay fraud, where criminals use it to make contactless payments or withdrawals. The malware only works if users sideload it.

Check
On managed Android devices, look for banking apps installed from outside Google Play and any app that requests an NFC card scan during a verification step.
Affected
Android users, mainly customers of European banks, who sideload fake banking app updates from GitHub or other non-Play sources and follow prompts to scan their cards.
Fix
Install banking apps only from Google Play, keep Play Protect enabled, and never scan a payment card or enter a PIN in response to an in-app verification prompt.