Archive
All articles, newest first. Page 17.
Exim 'Dead.Letter' Vulnerability: Critical RCE Risk for GnuTLS-Based Builds
CVE-2026-45185 is a use-after-free vulnerability in the Exim SMTP BDAT parser that allows unauthenticated RCE on GnuTLS-compiled serve…
Google Uncovers First Confirmed AI-Generated Zero-Day Exploit Bypassing 2FA
Google has confirmed the discovery of the first zero-day exploit developed with AI assistance. The vulnerability, identified on May 11…
Foxconn Confirms North American Cyberattack; Nitrogen Ransomware Group Claims 8TB Data Breach
Foxconn has confirmed a cyberattack affecting several of its North American facilities. The Nitrogen ransomware group claims to have e…
West Pharmaceutical Services Hit by Ransomware, Disrupting Global Operations
West Pharmaceutical Services has confirmed a ransomware attack involving data exfiltration and systemic encryption, causing significan…
Microsoft May Patch Tuesday Fixes 120 Flaws, but DNS and Dynamics 365 Bugs Demand Priority
Microsoft’s May 2026 update fixes roughly 120 vulnerabilities, targeting critical gaps in DNS, Dynamics 365, and Office components. Wh…
Intel and AMD Patch 70 Vulnerabilities — Two Critical Data Center Flaws Fixed
Intel and AMD have issued advisories addressing approximately 70 vulnerabilities. Two critical flaws with CVSS scores exceeding 9.0 in…
OpenAI Unveils Daybreak: AI-Powered Cybersecurity with Tiered Access Controls
OpenAI has debuted Daybreak, a new AI cybersecurity platform featuring the GPT-5.5-Cyber model and a tiered governance framework desig…
Mini Shai-Hulud: 84 Malicious TanStack Packages Signed with Valid SLSA Level 3 Attestations
On May 11, 2026, the TeamPCP threat group compromised TanStack's CI/CD pipeline to inject 84 malicious npm versions. Despite carrying…
CVE-2026-3854: Critical GitHub RCE Leaves 88% of On-Premise Servers Exposed
Wiz Research has detailed CVE-2026-3854, a critical RCE vulnerability in GitHub’s internal Git pipeline. While GitHub.com was patched…
Dirty Frag LPE Chain: Deterministic Linux Root Access via Single Command
Dirty Frag exploits two Linux kernel vulnerabilities to achieve deterministic local privilege escalation to root. With a public PoC av…
Exim 'Dead.Letter' Vulnerability: Unauthenticated RCE Threatens GnuTLS-Based Mail Servers
A critical use-after-free vulnerability in Exim’s BDAT parser (CVE-2026-45185) allows for unauthenticated remote code execution on ser…
Google Identifies First AI-Generated Zero-Day Weaponized in the Wild
Google confirms the first documented case of an AI-developed zero-day exploit used in the wild, targeting a 2FA vulnerability in an op…
Google Disrupts AI-Generated Zero-Day: 2FA Bypass Found in Open-Source Tool
The Google Threat Intelligence Group (GTIG) has neutralized an AI-generated zero-day exploit targeting 2FA in a system administration…
CVE-2026-7482: Malicious GGUF Files Trigger Memory Leaks in Ollama
A heap out-of-bounds read vulnerability in Ollama allows unauthenticated remote attackers to exfiltrate the entire memory of the infer…
cPanel Auth Bypass Under Mass Attack: 2,000 IPs Exploiting CVE-2026-41940
The threat actor Mr_Rot13 is weaponizing CVE-2026-41940 to deploy backdoors and steal credentials from cPanel/WHM instances. Security…
Critical GitHub RCE: A Single Git Push Can Trigger Remote Code Execution
A critical RCE vulnerability (CVE-2026-3854) affecting GitHub.com and Enterprise Server allows arbitrary code execution via crafted gi…
Exim Patches Critical Unauthenticated RCE Vulnerability in GnuTLS-Linked Servers
CVE-2026-45185 allows unauthenticated remote code execution on Exim mail servers compiled with GnuTLS. Since there are no available wo…
Mini Shai-Hulud Worm: 170+ Packages Compromised as SLSA Protections Bypassed
The Mini Shai-Hulud worm has compromised over 170 npm and PyPI packages by exploiting GitHub Actions to generate valid SLSA attestatio…
Bleeding Llama: Why "On-Premises" Doesn't Mean "Safe" — CVE-2026-7482 and the 300,000 Exposed Servers
CVE-2026-7482 allows unauthenticated remote attackers to leak Ollama process memory via crafted GGUF files, exposing sensitive API key…
Active OAuth Redirection Attacks Targeting Government Entities via Entra ID
Microsoft has identified a phishing campaign exploiting OAuth 2.0 flows to deliver multi-stage malware to public sector organizations,…
Ivanti EPMM Authenticated RCE Under Active Exploitation; CISA Sets Patch Deadline
Ivanti has confirmed active exploitation of CVE-2026-6973 in its on-premises Endpoint Manager Mobile (EPMM) solution. The authenticate…
Active Exploitation of cPanel Vulnerability Deploys 'Filemanager' Backdoor
Threat actor Mr_Rot13 is weaponizing CVE-2026-41940 in cPanel/WHM to distribute the Filemanager backdoor. With over 2,000 IPs targetin…
Dirty Frag: Linux Kernel Vulnerability Chain Exploited in the Wild for Root Access
Dirty Frag chains two Linux kernel flaws to achieve deterministic local privilege escalation. With a public PoC available and active e…
Critical Palo Alto Networks PAN-OS RCE (CVE-2026-0300) Under Active Exploitation
A critical unauthenticated root RCE vulnerability in the PAN-OS User-ID Portal is being exploited in the wild. Unit 42 has confirmed t…