Security – TheCyberThrone

OptinMonster Supply Chain Attack — CDN Poisoning at Scale

What Happened A supply chain attack against three popular WordPress marketing plugins — OptinMonster, TrustPulse, and PushEngage — served tampered JavaScript from their vendors' CDNs to live websites. The injected…

PravinKarthik June 15, 2026

CVE-2026-20253 — Splunk Enterprise Unauthenticated RCE

Severity: CriticalCVSS v3.1 Score: 9.8CWE: CWE-306 — Missing Authentication for Critical FunctionVendor Advisory: SVD-2026-0603 What Is Vulnerable CVE-2026-20253 affects Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform…

PravinKarthik June 14, 2026

The End of CVSS: Why CISA Just Rewrote the Rules of Vulnerability Management

For nearly two decades, vulnerability management has been built around a simple assumption: Higher CVSS score equals higher priority. Security teams scan. Dashboards populate. Critical vulnerabilities rise to the top.…

PravinKarthik June 12, 2026

Oracle PeopleSoft Zero-Day Exploited by ShinyHunters — 100+ Organizations Breached

CVE-2026-35273 | CVSS 9.8 | Critical | Zero-Day | Active Exploitation Overview Oracle's PeopleSoft enterprise platform has been the target of a large-scale, coordinated mass-compromise campaign carried out by the…

PravinKarthik June 12, 2026

Ivanti June 2026 — Vulnerability Advisory Deep Dive

CVE-2026-10520 | Ivanti Sentry | CVSS 10.0 — OS Command Injection Vulnerability class: CWE-78 — OS Command InjectionAttack vector: Network | No authentication | No user interaction The flaw resides…

PravinKarthik June 11, 2026

CISA KEV Update — Cisco Catalyst SD-WAN, Google Chrome V8 & Arista EOS

CISA added three new vulnerabilities to its Known Exploited Vulnerabilities catalog on June 9, 2026: CVE-2026-20245 (Cisco Catalyst SD-WAN Manager), CVE-2026-11645 (Google Chromium V8), and CVE-2026-7473 (Arista Extensible Operating System).…

PravinKarthik June 10, 2026

Microsoft Patch Tuesday — June 2026

Microsoft's June 2026 Patch Tuesday is the largest release since the Patch Tuesday program began, surpassing the previous record of 167 CVEs set in October 2025. This month's release addresses…

PravinKarthik June 10, 2026

CISA adds BerriAI LiteLLM & Check Point Security Gateway to KEV

CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog on June 8, 2026, confirming active exploitation of both. The two entries are CVE-2026-42271 (BerriAI LiteLLM Command Injection) and CVE-2026-50751…

PravinKarthik June 9, 2026