Microsoft 365 Copilot "SearchLeak" One-Click Data Exfiltration via Prompt Injection Now Patched (CVE-2026-42824)

Scope: Microsoft 365 Copilot Enterprise Search (All Tenants, Now Patched Server-Side)

Severity: High

Read More

Cisco Catalyst SD-WAN Manager Arbitrary File Write to Root Escalation Under Active Exploitation (CVE-2026-20262)

Scope: Cisco Catalyst SD-WAN Manager (On-Premises, Cloud-Pro, Cisco Managed Cloud, and FedRAMP Deployments)

Severity: Red

Read More

LiteSpeed cPanel Plugin Symlink Escalation to Root Under Active Exploitation (CVE-2026-54420)

Scope: LiteSpeed cPanel Plugin Prior to Version 2.4.8 (Bundled in LiteSpeed WHM Plugin Prior to 5.3.2.0) on CloudLinux/CageFS Shared Hosting

Severity: High

Read More

Windows HTTP.sys Integer Overflow Enables Unauthenticated RCE, "Exploitation More Likely" (CVE-2026-47291)

Scope: Windows Server (All Supported Versions Running IIS, WinRM, or Other HTTP.sys-Dependent Services)

Severity: Red

Read More

Fortinet FortiCloud SSO Authentication Bypass Actively Exploited Against FortiGate Firewalls (CVE-2026-24858)

Scope: FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy, FortiSwitch Manager (FortiCloud SSO-Enabled Devices)

Severity: Red

Read More

Windows Kernel Use-After-Free Remote Code Execution Patched in Record June 2026 Patch Tuesday (CVE-2026-45657)

Scope: Windows 11 (Versions 23H2 through 26H1) and Windows Server 2022, 2025 (Including Server Core)

Severity: Red

Read More