Red Hat OpenShift AI: Multiple Critical Security Vulnerabilities (CVE-2026-15378, CVE-2026-15143)
Two critical SSRF vulnerabilities (CVE-2026-15378, CVE-2026-15143) with a CVSS score of 9.3 in Red Hat OpenShift AI allow attackers to gain unauthorized access to cloud and Kubernetes systems.
Microsoft 365: Phishing Campaign Bypasses MFA by Exploiting the OAuth Protocol
Phishing campaigns exploit the Microsoft 365 OAuth device code flow to take over accounts. The ARToken Kit and a Ghost phishing variant bypass standard MFA. Analysis and protective measures.
WPFunnels: Critical RCE Vulnerability (CVE-2026-14345, CVSS 9.8)
Critical RCE vulnerability (CVSS 9.8) in the WordPress plugin WPFunnels: CVE-2026-14345 allows unauthenticated code execution. Update to version 3.12.8.
Plesk: Multiple Critical Security Vulnerabilities (CVE-2026-48614, CVE-2026-56843)
Critical vulnerabilities in Plesk (CVE-2026-48614, CVE-2026-56843, CVSS 9.9) allow for privilege escalation and password disclosure. A patch is available for CVE-2026-56843.
Adobe ColdFusion: Multiple Critical Security Vulnerabilities (CVE-2026-48316, CVE-2026-48282)
Analysis of critical vulnerabilities in Adobe ColdFusion (CVSS 10.0), including CVE-2026-48316 and CVE-2026-48282. CISA warns of active exploitation. Patches are available.
Gitea: Three Critical Security Vulnerabilities (CVE-2026-58426, -20896, -22874)
Three critical Gitea vulnerabilities: CVE-2026-58426 (data access), CVE-2026-20896 (account takeover), CVE-2026-22874 (SSRF). Updating to version 1.26.4 is recommended.
Printcart (WordPress): File Deletion via CVE-2026-9725
CVE-2026-9725 (CVSS 9.1) in the WordPress plugin Printcart allows unauthenticated deletion of arbitrary files. Update to version 2.5.3.
Novalnet for WooCommerce: Critical Vulnerability (CVE-2026-57677)
CVE-2026-57677 (CVSS 9.8) in the Novalnet plugin for WooCommerce allows unauthenticated store takeover. Update to version 12.10.4.
DokuWiki: Controversial Account Vulnerability (CVE-2026-37106)
CVE-2026-37106 (DokuWiki): Not RCE, but a controversial account creation issue—only when self-registration is enabled (default: disabled). Assessment & Protection.
Cyberdome Germany: National Cyber Defense in the Context of the NIS2 Directive
The Federal Ministry of the Interior is promoting Cyberdome Deutschland as the national response to the NIS2 requirements. An analysis of its objectives and implications.
CVE-2026-11645: Chrome Zero-Day and the Growing Threat of Phishing
INTERPOL reports a rise in cybercrime. At the same time, a Chrome zero-day vulnerability (CVE-2026-11645, CVSS 8.8) that is actively being exploited has come to light. Analysis and protective measures.
NIS2 Registration: BSI Sets Extension Deadline of July 31, 2026
The statutory deadline for NIS2 registration with the BSI expired on March 6, 2026. The BSI has granted an extension until July 31, 2026. Take action now.
CVE-2026-25470: Critical Vulnerability in the WordPress Plugin ACPT (CVSS 10.0)
Analysis of the critical remote code execution vulnerability CVE-2026-25470 (CVSS 10.0) in the WordPress plugin ACPT. Versions up to 2.0.47 are affected. Immediate action is required.
CVE-2026-49109: Critical vulnerability in WordPress plugin for Salesforce
Critical vulnerability CVE-2026-49109 (CVSS 9.8) in the WordPress plugin cf7-salesforce allows PHP object injection. All versions are <= 1.4.3.



