Tech News Aggregator

Two focused feeds: AI News and Recent Attack Threats. Generated 2026-07-09 04:12 UTC.

AI News

VentureBeat AI · Score 12 · Mon, 19 Jan 2026 14:00:00 GMT

Claude Code costs up to $200 a month. Goose does the same thing for free.

The artificial intelligence coding revolution comes with a catch: it's expensive. Claude Code , Anthropic's terminal-based AI agent that can write, debug, and deploy code autonomously, has captured the imagination of software developers worldwide. But its pricing — ranging from $20 to $200 per month

Recent Attack Threats

CISA Alerts · Score 18 · Tue, 07 Jul 26 12:00:00 +0000

Siemens SINEC OS

View CSAF Summary SINEC OS before V4.0 contains multiple vulnerabilities. Siemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/<4.0 CVSS Vendor

CISA Alerts · Score 18 · Tue, 30 Jun 26 12:00:00 +0000

Schneider Electric EasyLogic T150 and Saitel DP RTU

View CSAF Summary Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files. The following versions of Schneider Electric Easy

CISA Alerts · Score 18 · Tue, 30 Jun 26 12:00:00 +0000

StoneFly Storage Concentrator

View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. The following versions o

CISA Alerts · Score 18 · Tue, 30 Jun 26 12:00:00 +0000

Frangoteam FUXA SCADA/HMI

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) C

CISA Alerts · Score 18 · Tue, 30 Jun 26 12:00:00 +0000

Delta Electronics DVP12SE PLC

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement. The following versions of Delta Electronics DVP12

CISA Alerts · Score 16 · Tue, 07 Jul 26 12:00:00 +0000

Hitachi Energy e-mesh EMS

View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and

CISA Alerts · Score 16 · Tue, 07 Jul 26 12:00:00 +0000

Labcenter Proteus 9

View CSAF Summary Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations. The following versions of Labcenter Proteus 9 are affected: Proteus 9.1_SP4_Build_42914 CVSS Vendor Equipment Vulnerabilities

CISA Alerts · Score 16 · Tue, 07 Jul 26 12:00:00 +0000

Hitachi Energy PROMOD V

View CSAF Summary Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or un

CISA Alerts · Score 16 · Tue, 07 Jul 26 12:00:00 +0000

Digi International PortServer TS, Digi One SP IA

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts. The following versions of Digi International PortServer TS, Digi One SP IA are affected: Port

CISA Alerts · Score 16 · Thu, 02 Jul 26 12:00:00 +0000

ST Engineering iDirect iQ-Series Terminals

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals <=4.5.

CISA Alerts · Score 16 · Thu, 02 Jul 26 12:00:00 +0000

CubeSpace CW0057 Reaction Wheel

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace

CISA Alerts · Score 16 · Tue, 30 Jun 26 12:00:00 +0000

XZ Utils vulnerability impacting B&R Products

View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. The following versions of XZ Utils vulnerability impactin

CISA Alerts · Score 16 · Tue, 30 Jun 26 12:00:00 +0000

Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed

CISA Alerts · Score 16 · Thu, 25 Jun 26 12:00:00 +0000

Yokogawa FAST/TOOLS and CI Server

View CSAF Summary Successful exploitation of this vulnerability may return a response containing the CI Server setting information. The following versions of Yokogawa FAST/TOOLS and CI Server are affected: FAST/TOOLS >=R9.01|<=R10.04 Collaborative Information Server (CI Server) >=R1.01|<=R1.04 CVSS

CISA Alerts · Score 16 · Thu, 25 Jun 26 12:00:00 +0000

OHIF Viewers DICOM

View CSAF Summary Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. The following versions of OHIF Viewers DICOM are affected: OHIF DICOM Web Viewer Framework <=v3.12.0 CVSS Vendor Equ

CISA Alerts · Score 16 · Thu, 25 Jun 26 12:00:00 +0000

EVoke Systems Charging Station Management System

View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. The following versions of EVoke Systems Charging Station Management

CISA Alerts · Score 14 · Tue, 07 Jul 26 12:00:00 +0000

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-55255 Langflow Authorization Bypass Through User-

CISA Alerts · Score 14 · Tue, 07 Jul 26 12:00:00 +0000

Siemens Mendix Studio Pro

View CSAF Summary Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user

CISA Alerts · Score 14 · Tue, 07 Jul 26 12:00:00 +0000

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant r

CISA Alerts · Score 14 · Thu, 02 Jul 26 12:00:00 +0000

Gardyn IoT Hub

View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-5447

CISA Alerts · Score 14 · Wed, 01 Jul 26 12:00:00 +0000

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber

CISA Alerts · Score 14 · Tue, 30 Jun 26 12:00:00 +0000

OFFIS DCMTK Toolkit

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes. The following versions of OFFIS DCMTK Toolkit are affected: DCMTK <=3.7.0 (CVE-2026-50003, C

CISA Alerts · Score 14 · Tue, 30 Jun 26 12:00:00 +0000

Schneider Electric EcoStruxure IT Data Center Expert

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipme

CISA Alerts · Score 14 · Mon, 29 Jun 26 12:00:00 +0000

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant

CISA Alerts · Score 14 · Thu, 25 Jun 26 12:00:00 +0000

Schneider Electric PowerLogic P7

View CSAF Summary Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation provided below may risk unauthorized execution o

CISA Alerts · Score 14 · Thu, 25 Jun 26 12:00:00 +0000

pydicom pynetdicom Library

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versions of pydicom pynetdicom Library are affected: pynetdicom >=v1.0.0|<v3.0.4 CVSS Vendor Equipment Vulnerabilities v3 9.1 pydicom pydicom pynetd

CISA Alerts · Score 14 · Thu, 25 Jun 26 12:00:00 +0000

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SS

CISA Alerts · Score 12 · Tue, 07 Jul 26 12:00:00 +0000

Hydro-Québec Le Circuit Electrique charging station backend

View CSAF Summary Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack. The following versions of Hydro-Québec Le Circuit Electrique charging station backend are affected: Le Circuit Electrique charging station backend CVSS Vend

The Hacker News · Score 12 · Tue, 07 Jul 2026 14:40:51 +0530

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in th

The Hacker News · Score 12 · Tue, 07 Jul 2026 10:46:51 +0530

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-

The Hacker News · Score 12 · Mon, 06 Jul 2026 21:58:59 +0530

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header fr

The Hacker News · Score 12 · Fri, 03 Jul 2026 00:00:33 +0530

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Mo

CISA Alerts · Score 12 · Thu, 25 Jun 26 12:00:00 +0000

Daktronics Controller Firmware

View CSAF Summary Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system. The following versions of Daktronics Controller Firmware are affected: VFC-DMP-5000 <v8.117.x.x VFC-DMP-5000 <v9.43.x.x VFC-DMP-50

The Hacker News · Score 10 · Wed, 08 Jul 2026 20:08:05 +0530

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution. The list of vulnerabilities is as follows - CVE-2026-50746 (CVSS score: 1

BleepingComputer · Score 10 · Wed, 08 Jul 2026 04:15:20 -0400

Ubiquiti warns of new max severity UniFi OS vulnerability

Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. [...]

The Hacker News · Score 10 · Tue, 07 Jul 2026 12:10:47 +0530

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exp

The Hacker News · Score 10 · Sat, 04 Jul 2026 00:25:24 +0530

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recov