Cybersecurity
Threats, vulnerabilities, malware and defense: the technical security desk.
CVE-2026-20230: Public PoC for Cisco Unified CM Vulnerability Risks Remote Root Access
Cisco disclosed on June 3, 2026, that proof-of-concept code is available for CVE-2026-20230, a critical SSRF vulnerability in Unified…
Why CVSS Scores Fail the Factory Floor: A New Framework for OT Vulnerability Management
An OT security practitioner has introduced a five-step framework to evaluate the actual exploitability of vulnerabilities in manufactu…
CISA to Issue Mandatory AI Security Directive for Federal Agencies by Friday
CISA Acting Director Nick Andersen announced that a Binding Operational Directive (BOD) implementing the new AI Executive Order will b…
TA4922 Targets Europe with New Atlas RAT and AI-Assisted Malware Development
Proofpoint tracks the European expansion of TA4922, a Chinese-speaking cybercrime group deploying the new Atlas RAT, RomulusLoader, an…
CVE-2026-48095: 7-Zip NTFS Handler Heap Overflow
A heap overflow in 7-Zip’s NTFS handler allows for RCE via crafted files. The vulnerability involves signature-based file routing that…
AI Agents: Only 11% Secure as 'Lethal Trifecta' Exposes 98% of Market
Adversa AI’s AIRQ Q2 2026 benchmark of 100 commercial agents reveals a 'power-protection inversion': as capabilities increase, defense…
Acer Wave 7: Critical Zero-Days Exposed, Patch Not Expected Until Late June
Acer confirms two vulnerabilities (CVSS 10.0 and 9.8) in its Wave 7 router, involving cleartext credential leaks and a persistent back…
Microsoft Refuses to Patch Windows Search URI Flaw Enabling NTLM Hash Theft
Huntress has disclosed an unpatched vulnerability in the Windows search: URI handler that allows attackers to steal NTLMv2 hashes via…
Trump Signs AI Executive Order: 30-Day Voluntary Review for Frontier Models
The executive order establishes a voluntary framework for pre-release government access to advanced AI models, tasking the NSA with mo…
Kemp LoadMaster API Flaw Enables Authenticated RCE: CVSS 8.8 Vulnerability Patched
CVE-2026-3517 in Progress Software Kemp LoadMaster allows authenticated users to execute arbitrary code via command injection in the c…
CVE-2026-0826: Root RCE Vulnerability Hits HP Poly Enterprise VoIP Phones
A critical stack-based buffer overflow in HP Poly Voice's SDP parsing allows unauthenticated remote code execution with root privilege…
AI Zero-Days and OT Vulnerabilities: ESET’s May 2026 Security Briefing
Tony Anscombe’s latest roundup highlights critical failures in Polish water plants, Google’s discovery of the first AI-generated zero-…