⚠️ LiveThreat Vulnerability Brief — Jun 05, 2026
📊 7 vulnerabilities & exploits tracked impacting the supply chain
━━━━━━━━━━━━━━━━━━━━━━
💥 Critical RCE in Magento Mirasvit Cache Warmer Extension (CVE‑2026‑45247) Threatens E‑Commerce Supply Chain
CISA added CVE‑2026‑45247 to its KEV catalog after confirming active exploitation of a critical remote‑code‑execution flaw in the Mirasvit Cache Warmer extensio…
🔗 https://www.livethreat.ai/intelligence/cisa-adds-exploited-magento-rce-flaw-cve-2026-45247-to-kev-catalog-28401
💥 Critical PHP Object Injection in Mirasvit Full Page Cache Warmer for Magento (CVE‑2026‑45247) Enables Remote Code Execut…
CISA has added CVE‑2026‑45247, a critical unauthenticated PHP object‑injection in Mirasvit Full Page Cache Warmer for Magento, to its KEV catalog. The flaw allo…
🔗 https://www.livethreat.ai/intelligence/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog-28626
💥 Critical SSRF Vulnerability (CVE-2026-20230) in Cisco Unified Communications Manager Allows Unauthenticated Remote File …
Cisco Unified Communications Manager (UCM) and Unified CM SME contain a critical SSRF flaw (CVE‑2026‑20230) that lets unauthenticated attackers write files to t…
🔗 https://www.livethreat.ai/intelligence/critical-cisco-unified-cm-bug-patched-as-public-exploit-code-emerges-28627
💥 Researcher Publishes VS Code Zero‑Day Exploit Allowing GitHub Token Theft via github.dev
A researcher released a critical zero‑day in Visual Studio Code’s browser‑based editor that lets attackers steal GitHub OAuth tokens and gain unrestricted acces…
🔗 https://www.livethreat.ai/intelligence/researcher-drops-a-new-vs-code-zero-day-after-losing-trust-in-microsoft-s-disclosure-process-28460
⚠️ Meta AI Support Chatbot Flaw Enables Instant Instagram Account Takeovers
A design flaw in Meta’s AI‑driven Instagram support chatbot let attackers reset passwords and hijack accounts without technical skill. High‑profile brands and p…
🔗 https://www.livethreat.ai/intelligence/meta-s-own-ai-chatbot-to-blame-for-instagram-accounts-being-stolen-in-seconds-28681
💥 Zero-Day in GitHub.dev Allows Attackers to Harvest OAuth Tokens and Access Private Repos
🔗 https://www.livethreat.ai/intelligence/new-github-zero-day-exposed-developer-tokens-to-attackers-28700
⚠️ Microsoft 365 Android Apps Contain Debug Flag Allowing Silent Token Harvesting
🔗 https://www.livethreat.ai/intelligence/microsoft-365-android-apps-had-a-token-flaw-it-teams-should-check-now-28547
━━━━━━━━━━━━━━━━━━━━━━
🛡️ How many of your vendors are running these affected systems?
📖 View all → https://www.livethreat.ai/vulnerabilities
🔔 Follow LiveThreat for daily TPRM intelligence
#Cybersecurity #ThreatIntel #TPRM #InfoSec #VendorRisk #BreachWatch #DoNotBeLarry #VerisqAI #LiveThreat