CISA is giving federal agencies until Friday to patch an actively exploited Langflow vulnerability. Sergiu Gatlan at @BleepinComputer has the details, including VulnCheck’s Caitlin Condon reporting exploitation in the wild on June 10. https://t.co/5xCGseBsAV
Recorded at RSA, Patrick Garrity & Kimber Duke sat down with Piotr Kijewski of @Shadowserver to discuss cyber threats, exploitation, botnet takedowns, and global threat intel.
Watch: https://t.co/WM5MrDSwJ8
Have research, a deep dive, or insight the cybersecurity community needs to hear? Submit it to THREATCON1!
The CFP closes on July 10, 2026.
Submit your proposal: https://t.co/QbPLZzzXMc
.@VentureBeat highlighted VulnCheck's research on vulnerabilities affecting AI frameworks, including active exploitation targeting exposed Langflow servers.
Read more: https://t.co/bafrvhzp4H
VulnCheck recently disclosed CVE-2026-53805, an NVIDIA GEN3C inference API flaw that could let unauthenticated attackers run code on vulnerable servers.
Interested in learning how? Read the full report: https://t.co/gm9QnO5357
What damage could a missing keyword do? In FOSSBilling, everything.
Our latest research shows how a missing throw statement and an unsandboxed Twig renderer can be chained into unauthenticated RCE against default FOSSBilling installations.
Read more: https://t.co/Vm9VWkn6Yw
On the THREATCON1 Podcast, Piotr Kijewski (@Shadowserver) breaks down AI-generated vuln reports, fake exploits and “research” that fails in the real world.
Could AI misinformation become its own threat vector?
Watch: https://t.co/9mZAMXHm2s
Listen: https://t.co/MV5F5BQR6L
Observed exploitation is only the starting point.
New research from Adam Powis shows how VulnCheck Canary Intelligence and Target Intelligence can help defenders pivot from Canary activity to attacker infrastructure.
Read the report: https://t.co/jEtPO1ryV5
In this THREATCON1 episode, Halcyon’s Cynthia Kaiser explains why victims often stay hidden, stolen data may not be deleted, and paying can make orgs repeat targets.
Watch: https://t.co/eLrMby9MgE
Listen: https://t.co/tnIUy5vjSo
Join VulnCheck June 24 for our next In the Wild webinar where we break down CISA BOD 26-04, SSVC-based prioritization, Vulnrichment gaps and what private-sector teams should take away.
12 PM CT
Register: https://t.co/pV7zZAk2LS
One of the nation’s most consequential cyber leaders is taking the THREATCON1 stage.
Gen. Paul M. Nakasone, former Commander of U.S. Cyber Command and former NSA Director, will keynote THREATCON1 2026.
Register, submit a CFP or learn more: https://t.co/JsqJikDVhn
AI-assisted Linux LPE research is creating signal and noise.
Landon Rice breaks down Copy Fail, Dirty Frag, and related page-cache overwrite bugs, with a focus on exploitability over headlines.
Read: https://t.co/UDjZ9rl5M1
CISA’s BOD 26-04 puts risk-based remediation in focus for federal agencies.
Patrick Garrity breaks down what it means, why SSVC matters, and how broader coverage plus earlier exploit intel can help teams prioritize.
Read more: https://t.co/kCp7rzvpfk
New research from Adam Powis shows how VulnCheck connects observed exploitation activity to the broader attacker infrastructure behind it.
Canary Intelligence sees the activity. Target Intelligence helps map the operation.
Read the full research: https://t.co/jEtPO1ryV5
Live June 24 at 12 PM CST: our next In the Wild webinar covers CISA BOD 26-04, SSVC-based prioritization, Vulnrichment gaps, and why it matters for federal agencies and private-sector teams.
Register: https://t.co/nO4uKizfXz
How much can a handful of suspicious indicators reveal?
Join VulnCheck’s Adam Powis at LCHS 2026 for a look at mapping attacker infrastructure from initial signal to C2.
📅 June 25 | 🕕 6:15 p.m. | More here: More here: https://t.co/CD0eFCS5gz
THREATCON1 is back, and year two is going bigger.
Registration is officially open for Oct. 5-7, 2026 in Reston, VA.
Technical sessions. Keynotes. CTF challenge. Networking. All focused on counteracting emerging threats.
Register: https://t.co/GXS0zebji5
.@SecurityWeek featured VulnCheck Canary Intelligence findings showing active exploitation of CVE-2026-5027, a Langflow flaw that can enable unauthenticated RCE. Attackers are using it to drop test files to victim systems.
Full story: https://t.co/jCHxnjFMYf
VulnCheck’s Landon Rice spoke with @CyberScoopNews about CVE-2026-20245, an actively exploited Cisco SD-WAN zero-day. He shared because exploitation needs existing privileges, attackers rely on prior bugs or a new initial access vector to reach escalation: https://t.co/ljUNCLU08R
VulnCheck’s Mike Price spoke with @InfosecurityMag about AI-driven vulnerability discovery, patching approaches across the EU and US, and why security teams need to move beyond scan-ticket-remediate toward exploit intelligence-driven operations: https://t.co/YWyZquSjEz