Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure.
The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026–25089 (CVSS score: 9.1).
“An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests,” Fortinet said.
A 90 minute interview about AI and our human future.
Dr. Hugo de Garis is a computer scientist, AI researcher, and former professor known for his early work on evolvable hardware, artificial brains, and the long-term risks of superintelligent machines. He coined and popularized the idea of the “Artilect War,” a future conflict between those who want to build godlike artificial intellects and those who believe such systems pose an existential threat to humanity. In the interview, he describes himself as trained in pure mathematics and theoretical physics, formerly a computer science professor, and now focused on broader questions about AI, cosmology, civilization, and the future of humanity.
The interview with Prof. Hugo de Garis centers on his long-standing warning that humanity may face an “Artilect War,” a civilizational conflict over whether to build godlike artificial intellects vastly superior to humans. De Garis argues that future computation, potentially extending from nanotech to femtotech and beyond, could produce minds trillions of trillions of times more capable than ours. He distinguishes between Cosmists, who want to build such beings to expand intelligence into the universe, and Terrans, who oppose them because superintelligence may eliminate or marginalize humanity. He personally remains torn, admiring the cosmic grandeur of posthuman intelligence while recognizing the existential danger.
The conversation also covers AI timelines, recursive self-improvement, AI alignment, the U.S.-China race, the Fermi paradox, simulation theory, cyborgs, cryonics, AI-generated content, the decline of universities, and the future of work. De Garis is impressed by current AI systems, treating them almost as intellectual companions, but he doubts that humanity can guarantee long-term control over recursively improving machines. The central theme is that the question “Should humanity build artilects?” may become the defining political and moral problem of the twenty-first century.
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2026–11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine.
“Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page,” reads a description of the flaw in the NIST’s National Vulnerability Database (NVD).
A security researcher has released a new Microsoft Defender zero-day exploit named “RoguePlanet” just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday.
The researcher, known as Nightmare Eclipse, says the new vulnerability affects fully patched Windows 10 and Windows 11 devices, allowing attackers to spawn a command prompt with SYSTEM privileges via a Microsoft Defender race condition vulnerability.
The researcher shared a proof-of-concept exploit on Tuesday afternoon in a self-hosted Git repository after saying that GitHub and GitLab repositories hosting their exploits had previously been removed by Microsoft.
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones).
This argument injection vulnerability has yet to be assigned a CVE ID, can only be exploited by authenticated attackers without admin privileges, and affects all Gogs releases up to and including 0.14.2 and 0.15.0+dev.
They can exploit this vulnerability to compromise the targeted server, read any repository (including private repos), steal credentials, move laterally to other systems on the network, and alter any hosted source code.
WASHINGTON — Quantum Space, a company led by a former NASA administrator that is developing highly maneuverable spacecraft for national security missions, will go public by merging with a special purpose acquisition company, or SPAC.
Quantum Space announced June 8 that it will merge with Inflection Point Acquisition Corp. VI, a SPAC traded on the Nasdaq exchange. The companies expect the deal to close in the fourth quarter, with Quantum Space then trading on the Nasdaq under the ticker symbol QSPC.
The deal includes a $300 million investment, known as a private investment in public equity, or PIPE, by Inflection Point into Quantum Space. The SPAC also has $253 million in trust that would go to Quantum Space, assuming none of its shareholders redeem their shares. The deal would value Quantum Space at more than $1.1 billion if there are no SPAC redemptions.
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.
The vulnerability in question is CVE-2026–3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12. A patch for the flaw was released on March 18, 2026, with version 1.9.13.
“This is due to the Calculation Addon’s process_filter function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval,” Wordfence said.
“A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system,” Cisco said in an advisory.
The network security company said the vulnerability is the result of insufficient validation of user-supplied input, which an attacker could exploit by uploading a crafted file to the affected system. This, in turn, could permit the attacker to perform command injection attacks and elevate their privileges as the root user.
“To exploit this vulnerability, the attacker must have netadmin privileges on the affected system,” Cisco added. “This would require valid credentials or exploitation of CVE-2026–20182 or CVE-2026–20127. Cisco is not aware of successful exploitation by other methods.”
