Archive
All articles, newest first. Page 7.
ZDI-26-337: X.Org Server Vulnerability Enables Root Escalation on Linux
CVE-2026-34003 identifies a buffer overflow in the X.Org Server's CheckKeyTypes() function, allowing local privilege escalation to roo…
Windows Narrator Braille: LPE Hidden in the Accessibility Path
CVE-2026-48565: Local escalation to SYSTEM via brlapi, the Windows Braille service frequently overlooked by enterprise patching cycles.
Kemp LoadMaster: Critical Pre-Auth RCE (CVSS 9.8) Triggers Urgent Patching
Progress Software has released a critical patch for Kemp LoadMaster following the coordinated disclosure of three pre-authentication R…
CVE-2026-3886: QEMU virtio-gpu Integer Overflow Enables Guest-to-Host Escape
An integer overflow in QEMU’s virtio-gpu driver allows local privilege escalation from guest to host with a CVSS score of 8.8. The ups…
ZDI-26-336: X.Org Bug Exposes Sensitive Data, Enables Root Escalation
An out-of-bounds (OOB) read in X.Org Server’s CheckKeyActions allows local users to disclose sensitive memory. While the CVSS 6.1 scor…
Adobe USD Plugin: GLTF Heap Overflow Enables Remote Code Execution
Adobe patches CVE-2026-48292, a CVSS 7.8 heap overflow in the usdGltf plugin. While no in-the-wild exploits are reported, 3D productio…
Microsoft June 2026 Patch Tuesday: 200 Flaws Fixed, 3 Public Zero-Days Addressed
Microsoft’s June 2026 security update addresses approximately 200 vulnerabilities, including three publicly disclosed zero-days: the '…
LiteLLM CVE-2026-42271: CISA Confirms Active Exploitation of CVSS 10.0 RCE Chain
CISA has added CVE-2026-42271 to its KEV catalog, confirming active exploitation of a command injection vulnerability in LiteLLM. When…
Gogs Patches Critical CVSS 9.4 Zero-Day; Over 2,300 Servers Exposed
Gogs 0.14.3 addresses a critical argument injection zero-day in the git rebase function. Default configurations allowing open registra…
Gogs Zero-Day RCE: CVSS 9.4 Critical Flaw Remains Unpatched After Two Months
A critical argument injection vulnerability in Gogs' git rebase functionality enables remote code execution. Despite disclosure to mai…
CVE-2026-23111: Single-Character Logic Error Grants Root Access on Linux
An inverted check in the nf_tables subsystem enables local privilege escalation and container breakouts. With public exploits already…
CVE-2026-50751: Check Point VPN Zero-Day Exploited by Qilin Affiliate; Patch Released June 8
A Qilin ransomware affiliate exploited a critical zero-day in Check Point VPN’s IKEv1 protocol for over a month. The flaw (CVSS 9.3) a…
Child Identity Theft: When the First Debt Arrives at 18
Child identity theft surged 40% between 2021 and 2024 according to the FTC. The most alarming factor is latency: stolen data remains d…
ChatGPT Lockdown Mode: OpenAI Curbs Agentic Features to Thwart Data Exfiltration
OpenAI rolls out an optional Lockdown Mode for ChatGPT, disabling live browsing, Deep Research, and Agent Mode to neutralize data exfi…
DockSec: The Open-Source AI Healing Containers, Not Just Scanning Them
DockSec, an OWASP Incubator project, leverages LLMs to correlate data from three Docker scanners and generate line-specific fixes. Its…
Microsoft Backtracks on Legal Threats Against Zero-Day Researcher Following Industry Backlash
Microsoft threatened criminal action against researcher Nightmare-Eclipse over six Defender zero-days, partially retracting its stance…
Edge Tab-Splitting and Invisible Phishing: The Pwn2Own Flaw
CVE-2026-45494: A Universal XSS in Microsoft Edge discovered by Orange Tsai leverages tab-splitting to mask malicious URLs. Update to…
C0XMO: Gafgyt Variant Targets DD-WRT Routers with Modular Scanner and Competitor-Killing Routine
The C0XMO variant of the Gafgyt botnet exploits CVE-2021-27137 in DD-WRT firmware, utilizing a modular architecture with a standalone…
Emphere Secures $2.1M to Automate Vulnerability Remediation with AI
Seattle-based startup Emphere raises $2.1 million to automate open-source vulnerability remediation as the NVD backlog exceeds 27,000…