CYBERSECCRITICAL

OpenSSL: Double-Free in OCSP Stapling — The Gap Between Theoretical Risk and Official Rating

CVE-2026-35188 is a double-free in OpenSSL's OCSP stapling verification. ZDI calls it RCE; the official CVE record rates it Moderate.…

Jul 16, 2026views - 1.2k

VULNCRITICAL

7-Zip XZ Parser RCE Vulnerability: Opening an Archive Is Enough

A heap-based buffer overflow in 7-Zip's XZ parser enables remote code execution. The flaw, tracked as ZDI-26-444 and CVE-2026-14266, t…

Jul 16, 2026views - 1.5k

CYBERSECCRITICAL

Pre-Auth RCE in Autel EV Chargers: OCPP Protocol Becomes Attack Vector

Critical vulnerability in Autel MaxiCharger AC Elite Home: integer underflow in OCPP protocol enables unauthenticated remote code exec…

Jul 16, 2026views - 1.4k

CYBERSEC

ArcGIS Server Path Traversal Masqueraded as Moderate: CVSS Jumps from 7.5 to 9.8 in Two Days

Esri updated the CVE-2026-9181 record on July 8, 2026, raising the CVSS score from 7.5 to 9.8. The NVD–CNA discrepancy risked leaving…

Jul 14, 2026views - 1.6k

CYBERSEC

SAP Patches CVSS 9.9 ABAP Kernel Bug: Mandatory Downtime or SAP GUI for HTML Breaks

CVE-2026-44747 is an out-of-bounds write in the SAP NetWeaver ABAP kernel with total impact on confidentiality, integrity, and availab…

Jul 14, 2026views - 1.2k

microsoftZERO-DAY

Microsoft July 2026 Patch Tuesday: Record Vulnerability Volume Forces a Reckoning

Microsoft's July 2026 Patch Tuesday delivers a record-breaking number of vulnerabilities. Two zero-days are already under active explo…

Jul 14, 2026views - 1.3k

CYBERSECZERO-DAY

SonicWall SMA 1000: Two Actively Exploited Zero-Days and a Patch That Isn't Enough

SonicWall patched two zero-days under active exploitation in SMA 1000 Series appliances, but the vendor mandates full re-imaging or re…

Jul 14, 2026views - 1.3k

CYBERSEC

Microsoft Revokes 11 Legacy UEFI Shims: Secure Boot Bypassed via Signed Bootloaders

Eleven Microsoft-signed UEFI shim bootloaders allowed Secure Boot bypass on any trusting system. Revocation arrived with the June 2026…

Jul 14, 2026views - 1.3k

CYBERSECZERO-DAY

SharePoint JWT Bypass and the AI Agent That Rewrites Zero-Day Discovery

Microsoft patched a SharePoint authentication bypass (CVE-2026-55040) discovered by Rapid7 using agentic AI. The CVSS 5.3 rating masks…

Jul 14, 2026views - 1.3k

vpn

US Sanctions First VPN Provider: Anonymity as Criminal Infrastructure

The Treasury Department sanctions First VPN Service and its Ukrainian administrator for supporting ransomware groups. It marks the fir…

Jul 14, 2026views - 1.7k

CYBERSECZERO-DAY

FortiBleed: 75,000 Firewalls at Risk from Stolen Credentials, Not a Zero-Day

FortiBleed hits already-patched FortiGate devices: credentials stolen in prior incidents enable administrative access without exploiti…

Jul 14, 2026views - 1.4k

CYBERSEC

Security Vendor Jscrambler Becomes Supply-Chain Vector: 5 Malicious npm Versions

Threat actors compromised Jscrambler's npm publishing credentials and released five malicious versions of the jscrambler package conta…

Jul 13, 2026views - 1.3k