Cybersecurity
Cybersecurity collects analysis on vulnerabilities, exploits, patch management, ransomware, supply chain, AI security and threat intelligence. These articles help IT professionals, developers and security analysts follow operational threats, vendor updates and technical trends.

SharePoint Critical RCE via Cryptographic Signature Flaw: The Token Danger
CVE-2026-50522 enables unauthenticated remote code execution on SharePoint Server by bypassing cryptographic verification on session t…

SharePoint On-Premises Under Attack: Three Days to Patch Actively Exploited RCE
Microsoft confirmed active exploitation of CVE-2026-58644 in SharePoint Server on-premises. CISA added the flaw to the KEV catalog wit…

Delta Electronics DTM Soft: Project BIN Files Become RCE Attack Vector
The ZDI-26-404 flaw in Delta Electronics DTM Soft industrial engineering software enables remote code execution via deserialization of…

X.Org Server: GLX Use-After-Free Bug Enables Local Root Escalation on Linux
A use-after-free vulnerability in the CommonMakeCurrent function allows a local attacker to escalate privileges to root. The flaw was…

Windows WMI: ZDI-26-415 Vulnerability Allows Escalation to SYSTEM
CVE-2026-49805 in Windows WMI Providers enables local privilege escalation to SYSTEM. Microsoft has released patches and rates exploit…

ZDI-26-416: Hyper-V netvsc.sys Bug Lets Local VM Attacker Escalate to Kernel
The ZDI-26-416 vulnerability in Microsoft Hyper-V's netvsc.sys driver allows a low-privilege attacker inside a Windows VM to escalate…

Adobe Creative Cloud Update Service Turned Into Privilege Escalation Weapon
ZDI-26-419 reveals a vulnerability in AdobeUpdateService that allows local privilege escalation from low-privilege user to SYSTEM on W…

MSI Center: LPE Vulnerability in NTIOLib_X64.sys Kernel Driver
ZDI-26-430 discloses a local privilege escalation to SYSTEM in the NTIOLib_X64.sys driver used by MSI Center. The flaw affects OEM har…

Synology DS925+: Pre-Auth Root RCE via Weak Redis Passwords — Patch Available
ZDI-26-423 discloses a pre-authentication vulnerability in the MailPlus Redis component of the Synology DiskStation DS925+. Reversible…

NVIDIA NeMo Framework: RCE Vulnerability in ML Checkpoints
An unsafe deserialization flaw in NVIDIA NeMo Framework checkpoints enables remote code execution. User interaction is required, but t…

G DATA Total Security: LPE in Backup Service, SYSTEM Compromised via Symlink
ZDI-26-432 (CVE-2026-13268, CVSS 7.8) details a symbolic link following attack in the G DATA Total Security Backup Service. Here is th…

ZDI-26-438: RCE in Rockwell Arena Simulation via DOE File, Patch Available
The ZDI-26-438 vulnerability enables remote code execution in Rockwell Automation Arena Simulation through malicious DOE files. Coordi…