Archive
All articles, newest first. Page 16.
Microsoft Patch Tuesday: Legacy MSMQ Flaw Enables Local SYSTEM Escalation
The May 12, 2026, security update addresses CVE-2026-33838, an elevation-of-privilege vulnerability in Windows Message Queuing (MSMQ).…
Apple Patches Remote Code Execution Vulnerability in macOS USD Library
A newly disclosed out-of-bounds write flaw (ZDI-26-314) in the Universal Scene Description library could allow remote attackers to exe…
Siemens Simcenter Femap: Malicious IPT Files Trigger RCE via Heap Overflow
Siemens has patched a high-severity heap overflow vulnerability in Simcenter Femap’s Datakit library. The flaw allows remote code exec…
Apple Fixes WebKit Zero-Days Exploited in 'Extremely Sophisticated' Attacks
Apple has issued emergency security updates for Safari 26.2 and iOS 18.7.3 to remediate two critical WebKit vulnerabilities (CVE-2025-…
GitHub Enterprise RCE: A Single 'git push' Puts Corporate Backends at Risk
CVE-2026-3854 allows Remote Code Execution on GitHub Enterprise Server via user-controlled push options. Reports indicate that 88% of…
Microsoft Exchange Zero-Day Exploited: Permanent Patch Restricted to ESU Customers
Microsoft has confirmed active in-the-wild exploitation of CVE-2026-42897 affecting Exchange on-premise servers. CISA has issued a hig…
Burst Statistics Under Fire: Over 7,400 Attacks Blocked in 24 Hours
Threat actors are actively exploiting a critical authentication bypass (CVE-2026-8181) in the Burst Statistics WordPress plugin to hij…
Mistral AI Hit by Supply Chain Attack; 450 Repositories Put Up for Sale
Mistral AI has confirmed a supply chain compromise involving contaminated SDKs and abused SLSA provenance. The threat actor TeamPCP is…
OpenAI Confirms Corporate Devices Compromised in TanStack Supply Chain Attack
OpenAI has confirmed that two corporate devices were breached following the May 11 TanStack npm supply chain attack. While internal cr…
Cisco SD-WAN Zero-Day: 'Ghost Peers' Infiltrated Controllers Since 2023
CVE-2026-20127 in Cisco Catalyst SD-WAN controllers allowed a sophisticated threat actor to impersonate trusted peers for over three y…
GitHub RCE: Crafted 'git push' Commands Compromised Backend Servers
CVE-2026-3854: An X-Stat header injection vulnerability in GitHub enabled remote code execution via a single push operation. Approxima…
Critical PAN-OS Zero-Day CVE-2026-0300: Unauthenticated Root RCE Hits Exposed Firewalls
CVE-2026-0300: An unauthenticated root RCE vulnerability in the PAN-OS Captive Portal has seen active exploitation since April 9. Whil…
CVE-2026-7482: Technical Analysis of Ollama’s Memory Leak Vulnerability via GGUF
Technical breakdown of CVE-2026-7482 in Ollama. Discovered by Cyera, the vulnerability enables unauthenticated remote attackers to exf…
Yarix Y-Report 2026: Critical Security Events Surge 62% as Italy Falls to 6th in Global Ransomware Rankings
The Yarix Y-Report 2026 documents 522,486 security events and a 62% spike in critical threats, highlighting an increasingly aggressive…
CVE-2026-44338: Working Exploit Scanner for PraisonAI Deployed in Under 4 Hours
The first automated scanner targeting PraisonAI was detected less than four hours after the disclosure of CVE-2026-44338. The authenti…
May Patch Tuesday: AI-Driven Discovery Pushes 2026 Vulnerability Count Past 500
Microsoft's May 12, 2026, update addresses more than 130 vulnerabilities, revealing the impact of its internal MDASH AI system. The to…
Fragnesia Flaw Enables Local Root via Linux Page Cache Corruption
CVE-2026-46300 allows local root escalation on Linux by corrupting read-only files in memory. With a public PoC available and patches…
ClawHavoc, Critical CVEs, and Agentic AI: Why Q1 2026 Shifted the Threat Model
The agentic AI ecosystem is under siege. From the coordinated ClawHavoc supply chain campaign to critical RCE vulnerabilities in Claud…
May 2026 Patch Tuesday: AI-Driven Discovery Marks a Turning Point in Vulnerability Management
Microsoft and industry partners address over 130 vulnerabilities as AI systems like MDASH and Project Glasswing accelerate the discove…
Microsoft MDASH Deployment Identifies 16 Windows Flaws via 100+ AI Agents
Microsoft’s MDASH, an agentic multi-model system, discovered 16 vulnerabilities—including four critical RCEs—patched in the May 2026 u…
CVE-2026-41940: Global Campaign Targets cPanel Authentication Bypass to Deploy Cross-Platform Backdoors
Threat actor Mr_Rot13 is actively exploiting CVE-2026-41940 in cPanel/WHM to deploy the 'Filemanager' backdoor. With over 2,000 IPs in…
BitLocker Zero-Day: Encrypted Drives Unlocked via USB and WinRE — No Credentials Needed
A new proof-of-concept named YellowKey enables BitLocker bypasses on Windows 11 and Server editions by exploiting the Windows Recovery…
Škoda Germany Data Breach: Online Store Offline After Password Hashes Exposed
Škoda has confirmed a cyberattack on its German online store. While customer data and password hashes were exposed, forensic investiga…
Exim 'Dead.Letter' Vulnerability: Critical RCE Risk for GnuTLS-Based Builds
CVE-2026-45185 is a use-after-free vulnerability in the Exim SMTP BDAT parser that allows unauthenticated RCE on GnuTLS-compiled serve…