Summary
During week 26 of 2026, security teams tracked 12 advisories (including five active exploits affecting Cisco, Ubiquiti, Lantronix, PTC Windchill, and a WordPress SMTP plugin) and 20 incidents. Breaches affect roughly 16 million individuals, driven largely by KDDI's potential leak of 14 million email credentials. The incidents skew heavily toward healthcare and were caused mainly by software vulnerability exploits, malware/ransomware, phishing, and third-party/supply-chain compromises (e.g., LastPass, Polymarket, Tata Electronics).
Take Action:
This week's lesson is publicly accessible services. Gravity SMTP plugin for WordPress, Webmin and self hosted mail server on Synology all have critical issues. Flaws won't stop appearing, just make sure to follow them regularly.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)