Threat Advisories

A critical vulnerability (CVE-2026-20253) has been identified in Splunk Enterprise that allows unauthenticated attackers to perform arbitrary file operations and achieve remote code execution (RCE). The flaw stems from missing authentication controls in a PostgreSQL sidecar service endpoint.

A recent security incident involving ServiceNow highlights a significant risk to enterprises relying on cloud workflow and IT service management platforms. ServiceNow disclosed that a software flaw affecting certain customer instances allowed unauthenticated access to data via a vulnerable API endpoint. This condition effectively bypassed authentication controls, enabling external parties to query stored data without valid credentials.

Organisations using Check Point Remote Access VPN, Mobile Access, or Spark Firewall solutions are advised to take immediate action following confirmed active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability. This flaw, rated with a high severity score of 9.3, affects environments configured to use the deprecated IKEv1 key exchange protocol and allows unauthenticated attackers to gain VPN access without valid user credentials.

GitHub has confirmed the unauthorized access and exfiltration of approximately 3,800 of its internal development repositories. The breach was orchestrated by the financially motivated cybercrime group TeamPCP, who exploited a trojanized Microsoft Visual Studio Code (VS Code) extension installed on a privileged employee's device.

A critical vulnerability, tracked as CVE-2026-42945 and codenamed "NGINX Rift," has been identified in the ngx_http_rewrite_module of the NGINX web server. Discovered by researchers at DepthFirst AI, this flaw has existed within the NGINX codebase for approximately 18 years. The vulnerability is a heap buffer overflow that occurs due to inconsistent state handling within NGINX's internal script engine during the processing of rewrite directives.

Microsoft’s May 2026 Patch Tuesday update for Windows 10, KB5087544, reflects the current reality of the platform. Now firmly in its Extended Security Updates phase, Windows 10 is no longer evolving through features, but it is still being actively secured and maintained. This update combines a large set of vulnerability fixes with targeted changes to Remote Desktop and Secure Boot that reveal how Microsoft is tightening control over endpoint trust and stability.

Fortinet has disclosed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator that could enable unauthenticated remote code execution (RCE) on exposed systems.

Trellix has announced that internal source code for portions of its product portfolio was accessed without authorisation. The affected material relates to product development code only and does not include customer environments or customer data. There is no indication of malicious modification to released software artifacts.

CVE 2026 31431, commonly known as “Copy Fail”, is a high severity local privilege escalation vulnerability affecting the Linux kernel. The issue impacts kernels shipped by all major Linux distributions since 2017 and allows a local, unprivileged user to gain root level execution on the host system.

In late March 2026, a threat actor operating under the alias “The_Auditors” claimed to have breached BlackLine Systems, a US‑based financial automation and accounting software provider. The attacker alleges the exfiltration of approximately 354 GB of sensitive financial and operational documents, reportedly totaling over 1.5 million records belonging not only to BlackLine, but to its enterprise customers. At the time of writing, BlackLine has not publicly confirmed a breach, and the claims remain unverified. However, multiple cybersecurity intelligence firms have assessed the allegations as credible based on multiple indicators.