Amazon Q Developer enabled arbitrary code execution via crafted MCP configurations in malicious repositories, which could lead to credential theft (CVE-2026-12957, CVSS 8.5).
CISA has cataloged a critical, actively exploited RCE vulnerability in PTC Windchill/FlexPLM, triggering immediate patching and forensic action for CISOs in critical infrastructure organizations.
Kernel vulnerability CVE-2026-46331 allows local users to escalate privileges to root through the packet editing module with a publicly available exploit.
First NIS2 compliance reviews conclude on 30 June, revealing widespread implementation gaps among critical infrastructure providers and large enterprises.
Multiple vulnerabilities in PowerDNS allow remote attackers to conduct DoS attacks, cache poisoning, and bypass security checks without authentication.
Zero-Trust in OT succeeds better through concrete functional principles than abstract architecture models, and through focused measures at IT-OT interfaces such as jump hosts and remote access paths.