MUST READ

Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix

 | 

Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

 | 

Discord adds end-to-end encryption to voice and video calls by default

 | 

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

 | 

Microsoft issues YellowKey mitigation, no patch yet

 | 

Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free 

 | 

A malicious VS code extension just breached GitHub 's internal repositories

 | 

DirtyDecrypt: PoC Released for yet another Linux flaw

 | 

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

 | 

Drupal is rolling out an emergency security update on May 20. You cannot miss it

 | 

Microsoft dismantled malware-signing network Fox Tempest

 | 

Poland shifts away from Signal following cyberattacks on officials’ accounts

 | 

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

 | 

Shai-Hulud worm copycats emerge after source code leak

 | 

Grafana confirms GitHub token breach cybercrime group claims the attack

 | 

ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

 | 

Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

 | 

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

 | 

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

 | 

CVE-2026-20223

Pierluigi Paganini May 21, 2026
Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems from insufficient validation and authentication in REST API endpoints. According to Cisco, remote attackers could […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix

Hacking / May 21, 2026

Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

Security / May 21, 2026

Discord adds end-to-end encryption to voice and video calls by default

Security / May 21, 2026

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

Security / May 20, 2026

Microsoft issues YellowKey mitigation, no patch yet

Hacking / May 20, 2026