Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026,…
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic…
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000…
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active…
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial…
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user…
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS)…
Gitea Vulnerability Exposes Private Container Images without Authentication
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows…
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in…
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan,…
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel…
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across…
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw,…
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to…
Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode…
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex…
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote…
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.…
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The…
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to…
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The…
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local…
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9…
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that…
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to…
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a…
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public…
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject…
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege…
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active…
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst…
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been…
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent…
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a…
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local…
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that…
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and…
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed…
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and…
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized…
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and…
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor…