Skip to content
Security News, Assessments & Alerts Page 17

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Ravie LakshmananJun 24, 2026Open Source / Supply Chain Security Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The “critical exploitable pattern”… 

New CISA Guide Assists Federal Agencies with Transitioning to Modernized Zero Trust Architectures

New CISA Guide Assists Federal Agencies with Transitioning to Modernized Zero Trust Architectures

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) published a guide that helps federal civilian agencies advance their zero trust capabilities and adopt modern architectures supported under the Trusted Internet Connections (TIC) 3.0… 

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Ravie LakshmananJun 24, 2026Vulnerability / Network Security Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM… 

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

Ravie LakshmananJun 23, 2026Initial Access Broker / Firewall Security A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over… 

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the… 

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

Swati KhandelwalJun 23, 2026Cryptography / Quantum Computing President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by… 

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

Ravie LakshmananJun 23, 2026Workflow Security / Software Supply Chain GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow”…