Hackers exploit critical PTC Windchill PLM software flaw
CSO Online 26.06.2026 23:32
Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and consumer goods.
The vulnerability, tracked as CVE-2026-12569, is an unsafe deserialization flaw that enables remote code execution. It’s located in the web-based Windchill PDMLink product data management component and is rated 9.3 severity on the CVSS scale.
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
The Hacker News 26.06.2026 13:57
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems.
CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared within a day of the CVE assignment on June 16. Red Hat rates the flaw as
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
The Hacker News 26.06.2026 13:53
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.
Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon's AI coding assistant handled Model Context Protocol (MCP) servers.
Wiz
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
The Hacker News 26.06.2026 12:31
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability in question is
Kritische Systemdatenlücke bedroht Netzwerkbetriebssystem Arista EOS
Heise Security 26.06.2026 07:53
Unter anderem eine kritische Sicherheitslücke gefährdet Netzwerkkomponenten mit Arista EOS. Noch sind nicht alle Updates verfügbar.
Windows 10: ESU-Updates bis Oktober 2027 verlängert
Heise Security 25.06.2026 15:17
Microsoft hat das ESU-Programm für Privatkunden ohne große Vorankündigung um ein weiteres Jahr verlängert.