‼️ CISA has added two vulnerabilities to the KEV Catalog

CISA KEV Catalog

CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability: SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution. CVE-2025-11953: React Native Community CLI OS Command Injection Vulnerability: React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute arbitrary shell commands with fully controlled arguments.

❗️🇫🇷 SSL/TLS certificates allegedly belonging to France's Ministry of the Interior and National French Police are being offered for sale. The leak includes 42 files in certificate formats (.crl, .der, .cer, .pem, .crt, .xml), with the seller indicating additional certificates are available for purchase.

❗️🇺🇸 Sinobi Ransomware Claims Reilly Foam Corp as a victim

‼️ Cl0p Ransomware Claims 11 Victims 🇮🇹 Labinf IT 🇺🇸 NG Attorneys 🇨🇦 Conwest 🇬🇧 Dukosi 🗺️Crowded Island 🇨🇦 Ideal Welders 🗺️ Strategic Objectives 🏴󠁧󠁢󠁷󠁬󠁳󠁿 TRJ Ltd 🇺🇸 VIP LLC 🇮🇳 MNK Associates 🇺🇸 Brault