CYBERSECCRITICAL

ZDI-26-438: RCE in Rockwell Arena Simulation via DOE File, Patch Available

The ZDI-26-438 vulnerability enables remote code execution in Rockwell Automation Arena Simulation through malicious DOE files. Coordi…

Jul 16, 2026views - 1.3k

CYBERSEC

ArcGIS Server Path Traversal Masqueraded as Moderate: CVSS Jumps from 7.5 to 9.8 in Two Days

Esri updated the CVE-2026-9181 record on July 8, 2026, raising the CVSS score from 7.5 to 9.8. The NVD–CNA discrepancy risked leaving…

Jul 14, 2026views - 1.6k

CYBERSEC

SAP Patches CVSS 9.9 ABAP Kernel Bug: Mandatory Downtime or SAP GUI for HTML Breaks

CVE-2026-44747 is an out-of-bounds write in the SAP NetWeaver ABAP kernel with total impact on confidentiality, integrity, and availab…

Jul 14, 2026views - 1.2k

microsoftZERO-DAY

Microsoft July 2026 Patch Tuesday: Record Vulnerability Volume Forces a Reckoning

Microsoft's July 2026 Patch Tuesday delivers a record-breaking number of vulnerabilities. Two zero-days are already under active explo…

Jul 14, 2026views - 1.3k

CYBERSECZERO-DAY

FortiBleed: 75,000 Firewalls at Risk from Stolen Credentials, Not a Zero-Day

FortiBleed hits already-patched FortiGate devices: credentials stolen in prior incidents enable administrative access without exploiti…

Jul 14, 2026views - 1.4k

ransomware

LVM: Weeks of Blackout After Ransomware Hits System Unpatched for Two Years

Latvia's state-owned forestry company Latvijas valsts meži (LVM) remains paralyzed weeks after a June 22 ransomware attack. Roughly tw…

Jul 09, 2026views - 1.3k

CYBERSEC

AssuranceAmerica: 7 Million Driver's Licenses Exposed, No Credit Monitoring Offered

A single compromised employee account opened access to nearly 7 million driver's license numbers. AssuranceAmerica is not offering cre…

Jul 09, 2026views - 1.3k

agentic

Agentic AI: A Lone Attacker Compromises Enterprise AWS in 72 Hours

Sygnia documents the first operational case of a lone threat actor using AI-assisted workflows to compress an enterprise AWS attack fr…

Jul 08, 2026views - 1.4k

linuxEXPLOIT

GhostLock: 15-Year Linux Kernel Bug Now Publicly Exploitable, Guarantees Root

CVE-2026-43499 enables root escalation and container escape on nearly every Linux distribution since 2011. Nebula Security published t…

Jul 08, 2026views - 1.4k

CYBERSECEXPLOIT

Gartner: By 2028, 60% of Enterprises Will Drop Annual Pentesting for Continuous Validation

Gartner formalizes the COST framework for continuous vulnerability validation. Exploit time has compressed to under 10 hours, and 53%…

Jul 08, 2026views - 1.2k

CYBERSEC

Accenture Confirms Data Breach: 35 GB of Data Up for Sale by Threat Actor '888'

Accenture has confirmed a security breach after threat actor '888' listed 35 GB of allegedly stolen data for sale on a cybercrime foru…

Jul 07, 2026views - 1.8k

malware

CAI Worm Kills Rival Cloud Malware, Steals Credentials

The CAI cloud-native worm eliminates TeamPCP and PCPJack processes to monopolize compromised hosts, marking an escalation in criminal…

Jul 07, 2026views - 1.4k