The Security Brief

A critical authentication bypass in Check Point's Remote Access VPN has been quietly exploited since 7 May, and at least one of the resulting intrusions ended in Qilin ransomware. CISA has given US federal agencies just three days to patch. If your organisation still accepts IKEv1 VPN connections, this story is about you. What Happened On 8 June, Check Point disclosed CVE-2026-50751, a critical authentication bypass (CVSS 9.3) affecting Remote Access VPN, Mobile Access and Sp

A single laptop on home broadband can now take a web server offline if it runs NGINX, Apache, IIS, Envoy or Cloudflare Pingora. The technique, disclosed on 2 June and named HTTP/2 Bomb, needs no botnet and no credentials. It abuses how these servers handle HTTP/2 by default, and roughly 880,000 public-facing servers were exposed when the research went live. What Happened Researchers at Calif published the exploit after it was found by OpenAI's Codex, which combined two attack

nginx runs in front of a large share of the world's websites and applications, which is exactly why a flaw that sat untouched inside it for 18 years deserves attention this week. CVE-2026-42945, now named NGINX Rift, began life as a heap overflow that could crash a worker process. A public proof-of-concept has since turned it into unauthenticated remote code execution triggered by a single HTTP request. What Happened Researchers at depthfirst found a heap buffer overflow in..

Two vulnerabilities in Microsoft Defender — the antivirus software running on nearly every Windows endpoint — are being actively exploited in the wild. Microsoft confirmed the flaws on 19 May, and CISA added both to its Known Exploited Vulnerabilities catalogue the following day, setting a 3 June deadline for US federal agencies to patch or drop the product entirely. If your organisation runs Windows, this one demands your attention. What Happened CVE-2026-41091 (CVSS 7.8) is

Cisco has patched a flaw in its Catalyst SD-WAN Controller that carries the worst score the CVSS scale can give: a clean 10.0. Tracked as CVE-2026-20182, it lets an unauthenticated attacker bypass authentication entirely and take administrative control of the device. Cisco confirmed the flaw was already being exploited before the fix was available. What Happened The vulnerability sits in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller (formerly vSmart

A single git push was all it took. On 28 April, GitHub publicly disclosed CVE-2026-3854, a CVSS 8.7 remote code execution flaw in GitHub Enterprise Server that any authenticated user with push access could trigger. The fix shipped fast. The lesson for self-hosted code platforms is harder to patch. What Happened Wiz Research found the bug on 4 March 2026 and reported it to GitHub the same day. GitHub deployed a fix to GitHub.com within hours and released patches for GitHub Ent

One researcher. Three Windows Defender zero-days. Thirteen days. That cadence has left most corporate Windows estates carrying at least one unpatched privilege escalation bug this week, with CISA ordering federal agencies to fix the first of them by 6 May. What Happened On 7 April, a proof-of-concept exploit named BlueHammer (CVE-2026-33825) was published, showing how an unprivileged local user could gain SYSTEM access on fully patched Windows 10 and Windows 11 machines. The

Microsoft's April 2026 Patch Tuesday has landed with a staggering 163 security fixes — the second-largest patch release in the company's history. Among them are two zero-day vulnerabilities, one already being actively exploited in the wild, and eight critical flaws that could allow remote code execution across enterprise infrastructure. For Australian organisations running Microsoft environments, this is not a routine update cycle — it demands immediate attention. What Happen

A newly disclosed vulnerability in Docker Engine has once again shown how a single overlooked edge case can unravel an entire security control. CVE-2026-34040, rated 8.8 on the CVSS scale, allows attackers to bypass authorisation plugins with nothing more than a padded HTTP request. For any organisation running containers in production — which today means most of them — the implications are serious and immediate. What Happened Researchers at Cyera discovered that Docker's mid