Cybersecurity
Cybersecurity collects analysis on vulnerabilities, exploits, patch management, ransomware, supply chain, AI security and threat intelligence. These articles help IT professionals, developers and security analysts follow operational threats, vendor updates and technical trends.
Progress Software Patches High-Severity Command Injection in Kemp LoadMaster (ZDI-26-319)
An authenticated command injection vulnerability in the customLocation parameter of Kemp LoadMaster carries a CVSS score of 8.8. While…
Adobe ColdFusion: Security Update Addresses Reported Authentication Bypass
Advisory ZDI-26-263 describes a reported remote authentication bypass in Adobe ColdFusion. With a CVSS score of 6.5, the vulnerability…
Cisco SD-WAN: Potential Targeted Activity Involving Controllers
A report describes potential exploitation of SD-WAN vulnerabilities, noting activity attributed to a group designated as UAT-8616 and…
OpenAI Codex: Reported Sandbox Escape Disclosed (ZDI-26-305)
A reported sandbox escape in OpenAI Codex (ZDI-26-305) could potentially allow code execution via specific JavaScript repositories. Th…
Apple macOS USD Library Flaw Enables Information Disclosure and Exploit Chaining
A vulnerability in the macOS Universal Scene Description (USD) library (ZDI-26-315) allows for out-of-bounds reads and potential code…
Docker Desktop ECI Flaw: High-Severity LPE Vulnerability Enables Container Escapes
A vulnerability in Docker Desktop’s Enhanced Container Isolation (ECI) allows for local privilege escalation with a CVSS score of 8.8.…
Nimbus Manticore: Iranian APT Leverages AI-Assisted Backdoors to Target Aviation and Software Sectors
The Iranian threat group Nimbus Manticore has expanded its operations, targeting aviation and software entities across Saudi Arabia, A…
India’s CERT-In Mandates 12-Hour Patch Window to Counter AI-Driven Exploitation
A new 38-page blueprint from CERT-In slashes the remediation window to just 12 hours for exposed systems, citing the rapid weaponizati…
7-Eleven Data Breach Exposes 185,000 Records Following Extortion Attempt
Verified reports confirm that 185,300 unique records were compromised after an unauthorized party accessed 7-Eleven’s franchisee docum…
CISA Adds Drupal SQL Injection Vulnerability to KEV Catalog Following Mass Exploitation
CISA has added the CVE-2026-9082 SQL injection flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The move follows re…
F-Secure Leverages Android Accessibility for Scam Defense: A High-Privilege Trade-off
F-Secure Internet Security for Android utilizes Accessibility Services permissions to monitor URLs in Chrome and block phishing, highl…
CVE-2026-5426: KnowledgeDeliver LMS Targeted by Zero-Day ViewState Exploit
Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS have enabled unauthenticated RCE attacks. Threat actors deployed the BLUEBEAM…