CYBERSEC

X.Org Server: GLX Use-After-Free Bug Enables Local Root Escalation on Linux

A use-after-free vulnerability in the CommonMakeCurrent function allows a local attacker to escalate privileges to root. The flaw was…

Jul 17, 2026views - 65

VULNCRITICAL

7-Zip XZ Parser RCE Vulnerability: Opening an Archive Is Enough

A heap-based buffer overflow in 7-Zip's XZ parser enables remote code execution. The flaw, tracked as ZDI-26-444 and CVE-2026-14266, t…

Jul 16, 2026views - 1.5k

CYBERSEC

Microsoft Revokes 11 Legacy UEFI Shims: Secure Boot Bypassed via Signed Bootloaders

Eleven Microsoft-signed UEFI shim bootloaders allowed Secure Boot bypass on any trusting system. Revocation arrived with the June 2026…

Jul 14, 2026views - 1.3k

malware

Operation Muck and Load: 222 GitHub Repositories Weaponized to Distribute Windows Malware

A threat actor built a network of 222 GitHub repositories across 190 accounts to distribute Windows malware via malicious Go modules.…

Jul 10, 2026views - 1.7k

CYBERSECCVE

CISA Orders 3-Day Patch for CVE-2026-55255 in Langflow

An IDOR in Langflow's /api/v1/responses endpoint lets authenticated attackers steal LLM and cloud credentials from other users' flows.…

Jul 08, 2026views - 1.5k

linuxEXPLOIT

GhostLock: 15-Year Linux Kernel Bug Now Publicly Exploitable, Guarantees Root

CVE-2026-43499 enables root escalation and container escape on nearly every Linux distribution since 2011. Nebula Security published t…

Jul 08, 2026views - 1.4k

VULN

X.Org Server: A Forgotten Bug Returns as Privilege Escalation — The ZDI-26-395 Case

A use-after-free flaw in SyncChangeCounter enables local privilege escalation to root on X.Org Server. The bug mirrors a pattern alrea…

Jul 07, 2026views - 1.3k

zeroEXPLOIT

Exploitarium: The Speed Paradox — Public Exploits for Already-Patched Flaws

Pseudonymous researcher 'bikini' dumped 30+ zero-day PoCs on GitHub without coordinated disclosure. CVE-2026-55200 in libssh2 had a fi…

Jul 07, 2026views - 1.4k

VULN

Januscape: 16-Year-Old KVM Bug Enables Guest-to-Host Escape on Intel and AMD

CVE-2026-53359 strikes the shared shadow MMU code in Linux KVM used by both Intel and AMD. The flaw has existed since 2010 and require…

Jul 06, 2026views - 1.2k

CYBERSEC

Cisco Talos Releases ClamAV 1.5.3 and 1.4.5: Seven Legacy Vulnerabilities Patched

ClamAV 1.5.3 and 1.4.5 address vulnerabilities in PE file, archive, and disk image parsers. Two bugs survived roughly 20 years in crit…

Jul 05, 2026views - 1.3k

CYBERSECZERO-DAY

Bad Epoll: Linux Kernel Bug Roots Android, Escapes Chrome Sandbox

CVE-2026-46242 is a race condition in the Linux kernel's epoll subsystem that allows an unprivileged user to gain root privileges. The…

Jul 03, 2026views - 1.2k

VULNZERO-DAY

ZDI-26-396: Reversed Operator in X.Org Server Opens Door to Arbitrary Read

An elementary coding error in X.Org Server allows out-of-bounds reads with potential escalation: the details of ZDI-26-396.

Jul 02, 2026views - 1.4k