Cisco’s 10.0 vulnerability, Microsoft email spammed, Chrome vulnerability surge

Cisco has announced the existence of a vulnerability with a CVSS score of 10.0, which can enable unauthenticated attackers to gain site admin privileges in its Cisco Secure Workload Cluster Software in both SaaS and on-prem environments, by sending crafted API requests to vulnerable systems. The CVE numbered vulnerability (CVE-2026-20223) comes down to “weak validation and authentication checks in internal REST API endpoints.” This means attackers don’t require credentials, user interaction, or any significant effort to exploit the bug. Cisco…