This week’s roundup highlights active exploitation of a PAN-OS GlobalProtect authentication bypass, a critical zero-day in Gogs, and a Windows Netlogon flaw, alongside takedowns and campaigns involving GlassWorm, GREYVIBE, EvilTokens, and RatPressto. It also shows how AI, poisoned dev tools, and phishing kits are accelerating abuse across open-source ecosystems, enterprise software, and identity workflows. #CVE-2026-0257 #Gogs #GlassWorm #GREYVIBE #EvilTokens #RatPressto #CVE-2026-41089 #NimbusRAT
Keypoints
- Palo Alto Networks warned that CVE-2026-0257 is being actively exploited in PAN-OS and Prisma Access.
- Gogs has a critical zero-day that can lead to remote code execution on default-configured servers.
- CrowdStrike, Google, and Shadowserver disrupted the GlassWorm malware operation by taking down its C2 channels.
- GREYVIBE is using large language models in attacks against organizations in Ukraine.
- Phishing and malware campaigns are abusing AI, OAuth device flow, Microsoft Teams, Google Drive, and compromised WordPress sites.
Read More: https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html