Cybersecurity
Cybersecurity collects analysis on vulnerabilities, exploits, patch management, ransomware, supply chain, AI security and threat intelligence. These articles help IT professionals, developers and security analysts follow operational threats, vendor updates and technical trends.

OpenSSL: Double-Free in OCSP Stapling — The Gap Between Theoretical Risk and Official Rating
CVE-2026-35188 is a double-free in OpenSSL's OCSP stapling verification. ZDI calls it RCE; the official CVE record rates it Moderate.…

7-Zip XZ Parser RCE Vulnerability: Opening an Archive Is Enough
A heap-based buffer overflow in 7-Zip's XZ parser enables remote code execution. The flaw, tracked as ZDI-26-444 and CVE-2026-14266, t…

Pre-Auth RCE in Autel EV Chargers: OCPP Protocol Becomes Attack Vector
Critical vulnerability in Autel MaxiCharger AC Elite Home: integer underflow in OCPP protocol enables unauthenticated remote code exec…

ArcGIS Server Path Traversal Masqueraded as Moderate: CVSS Jumps from 7.5 to 9.8 in Two Days
Esri updated the CVE-2026-9181 record on July 8, 2026, raising the CVSS score from 7.5 to 9.8. The NVD–CNA discrepancy risked leaving…

SAP Patches CVSS 9.9 ABAP Kernel Bug: Mandatory Downtime or SAP GUI for HTML Breaks
CVE-2026-44747 is an out-of-bounds write in the SAP NetWeaver ABAP kernel with total impact on confidentiality, integrity, and availab…

Microsoft July 2026 Patch Tuesday: Record Vulnerability Volume Forces a Reckoning
Microsoft's July 2026 Patch Tuesday delivers a record-breaking number of vulnerabilities. Two zero-days are already under active explo…

SonicWall SMA 1000: Two Actively Exploited Zero-Days and a Patch That Isn't Enough
SonicWall patched two zero-days under active exploitation in SMA 1000 Series appliances, but the vendor mandates full re-imaging or re…

Microsoft Revokes 11 Legacy UEFI Shims: Secure Boot Bypassed via Signed Bootloaders
Eleven Microsoft-signed UEFI shim bootloaders allowed Secure Boot bypass on any trusting system. Revocation arrived with the June 2026…

SharePoint JWT Bypass and the AI Agent That Rewrites Zero-Day Discovery
Microsoft patched a SharePoint authentication bypass (CVE-2026-55040) discovered by Rapid7 using agentic AI. The CVSS 5.3 rating masks…

US Sanctions First VPN Provider: Anonymity as Criminal Infrastructure
The Treasury Department sanctions First VPN Service and its Ukrainian administrator for supporting ransomware groups. It marks the fir…

FortiBleed: 75,000 Firewalls at Risk from Stolen Credentials, Not a Zero-Day
FortiBleed hits already-patched FortiGate devices: credentials stolen in prior incidents enable administrative access without exploiti…

Security Vendor Jscrambler Becomes Supply-Chain Vector: 5 Malicious npm Versions
Threat actors compromised Jscrambler's npm publishing credentials and released five malicious versions of the jscrambler package conta…