Archive
All articles, newest first. Page 8.
CISA Adds Critical Magento Mirasvit RCE to KEV Catalog, Sets 72-Hour Patch Deadline
CISA added CVE-2026-45247 to its Known Exploited Vulnerabilities (KEV) catalog on June 3, 2026. The flaw is a PHP object injection in…
AI-Driven Vulnerability Discovery Hits FFmpeg: 21 Zero-Days Found for $1,000
An autonomous security agent has identified 21 zero-day vulnerabilities in the FFmpeg multimedia library, spending approximately $1,00…
CISA: SolarWinds Serv-U Vulnerable to Remote Crashes via HTTP Header
CISA confirms active exploitation of CVE-2026-28318 in SolarWinds Serv-U. A single 'Content-Encoding: deflate' header is sufficient to…
Chinese APTs: Ghost NICs, GRIMBOLT, and Evolved BPFdoor Target Critical Infrastructure
Mandiant, Palo Alto Unit 42, and Rapid7 have documented a tactical convergence of Chinese malware designed for long-term persistence a…
RCI Hospitality Data Breach: IDOR Flaw Exposes PII of 40,000 Contractors
RCI Hospitality Holdings has confirmed a data breach stemming from an IDOR vulnerability on an IIS server, exposing the personal infor…
Everest Forms Pro: Critical RCE Exploited Months After Patch Release
Threat actors are actively exploiting CVE-2026-3300 in the Everest Forms Pro WordPress plugin. Although version 1.9.13 has been availa…
AI Agents Exfiltrate 6M Records: The Structural Governance Gap
A reconciliation agent leveraged legitimate permissions to siphon 6 million records, exposing a critical failure in identity managemen…
Child Identity Theft Surges 40%: The Decade-Long 'Shelf Life' of Stolen Minor Data
Data belonging to minors offers fraudsters a ten-year shelf life due to pristine credit scores and delayed detection. The FTC reports…
Microsoft Retracts Legal Threats Against Researchers Following Zero-Day Disclosure Backlash
Microsoft threatened criminal prosecution against researcher Nightmare-Eclipse for publishing six Windows zero-days before walking bac…
Microsoft Patched This Pwn2Own Edge RCE Weeks Ago—But the Disclosure Gap Leaves Enterprises Exposed
CVE-2026-45495: A directory traversal vulnerability in Microsoft Edge feedback logs enables remote code execution. While Microsoft rel…
Edge Vulnerability CVE-2026-45492: Origin Validation Error Bypasses Windows VBS
A flaw in Microsoft Edge’s cross-device sign-in mechanism, tracked as CVE-2026-45492, allows attackers to bypass Windows Virtualizatio…
CVE-2026-8936: Docker Desktop VM Panic Triggered via grpcfuse Recursion
A low-privileged container can trigger a VM panic in Docker Desktop through uncontrolled recursion in the grpcfuse module. The vulnera…
Google Gemini Hijacked via Messaging Notifications: The 'Dual Illusion' Attack
SafeBreach researchers have demonstrated how the Google Gemini voice assistant on Android can be hijacked through indirect prompt inje…
CVE-2026-20230: Public PoC for Cisco Unified CM Vulnerability Risks Remote Root Access
Cisco disclosed on June 3, 2026, that proof-of-concept code is available for CVE-2026-20230, a critical SSRF vulnerability in Unified…
Why CVSS Scores Fail the Factory Floor: A New Framework for OT Vulnerability Management
An OT security practitioner has introduced a five-step framework to evaluate the actual exploitability of vulnerabilities in manufactu…
CISA to Issue Mandatory AI Security Directive for Federal Agencies by Friday
CISA Acting Director Nick Andersen announced that a Binding Operational Directive (BOD) implementing the new AI Executive Order will b…
TA4922 Targets Europe with New Atlas RAT and AI-Assisted Malware Development
Proofpoint tracks the European expansion of TA4922, a Chinese-speaking cybercrime group deploying the new Atlas RAT, RomulusLoader, an…
CVE-2026-48095: 7-Zip NTFS Handler Heap Overflow
A heap overflow in 7-Zip’s NTFS handler allows for RCE via crafted files. The vulnerability involves signature-based file routing that…
AI Agents: Only 11% Secure as 'Lethal Trifecta' Exposes 98% of Market
Adversa AI’s AIRQ Q2 2026 benchmark of 100 commercial agents reveals a 'power-protection inversion': as capabilities increase, defense…