CYBERSEC

Attack Surface 2026: 42% of Companies Have Databases Exposed to the Internet

Intruder's report on 3,000 organizations reveals the midmarket paradox: growing companies with enterprise-scale attack surfaces and SM…

Jun 20, 2026views - 1.5k

VULNCVE

X.Org Server UAF CVE-2026-34001: Local Root Escalation on Linux

ZDI-26-335 discloses a use-after-free in X.Org Server's SyncTriggerList: CVSS 7.8, local attack with no user interaction, X.Org patch…

Jun 19, 2026views - 980

CYBERSEC

Klue Breach: Dormant OAuth Credential Opens Multi-Victim Door to Salesforce

The Icarus extortion group exfiltrated CRM data from Klue customers by abusing stolen OAuth tokens. Cybersecurity vendor Huntress conf…

Jun 18, 2026views - 1.1k

infostealer

The 'robase' Malware Empties Entire Roblox Games: From Hat Theft to Digital Business Seizure

A malware campaign using the Python package 'robase' steals authenticated session tokens from Roblox developers via Discord social eng…

Jun 18, 2026views - 785

ai

vbdec Disassembler Becomes Local AI Server via COM/ROT

Cisco Talos demonstrates how exposing vbdec's object model to the Windows Running Object Table enables local agentic automation withou…

Jun 18, 2026views - 1.1k

CYBERSEC

MySQL Exposed at 26%: The 2026 Top 10 Attack Surface Exposures

Intruder's 2026 ASM Index reveals exposed databases and admin panels as primary vectors. Time-to-exploit has collapsed to a single day…

Jun 17, 2026views - 1.2k

CYBERSEC

Malicious JetBrains Plugins Steal AI API Keys: 70,000 Downloads

A coordinated campaign of 15 malicious plugins on the JetBrains Marketplace exfiltrates AI API keys from developers' IDEs. Roughly 70,…

Jun 17, 2026views - 852

CYBERSECZERO-DAY

X.Org Server: Root LPE via XkbSetCompatMap; Patch Released

CVE-2026-33999 in X.Org Server enables local privilege escalation to root. Discovered by ZDI, the fix follows a coordinated disclosure…

Jun 13, 2026views - 934

linuxCRITICAL

ZDI-26-360: RCE Vulnerability in MATE’s Atril Document Viewer Patched in Version 1.26.4

A heap-based buffer overflow in the Atril EPUB parser (MATE Desktop) allows for remote code execution. The vulnerability is addressed…

Jun 11, 2026views - 735

VULN

ZDI-26-337: X.Org Server Vulnerability Enables Root Escalation on Linux

CVE-2026-34003 identifies a buffer overflow in the X.Org Server's CheckKeyTypes() function, allowing local privilege escalation to roo…

Jun 10, 2026views - 946

CYBERSEC

ZDI-26-336: X.Org Bug Exposes Sensitive Data, Enables Root Escalation

An out-of-bounds (OOB) read in X.Org Server’s CheckKeyActions allows local users to disclose sensitive memory. While the CVSS 6.1 scor…

Jun 10, 2026views - 1.3k

CYBERSECZERO-DAY

Gogs Zero-Day RCE: CVSS 9.4 Critical Flaw Remains Unpatched After Two Months

A critical argument injection vulnerability in Gogs' git rebase functionality enables remote code execution. Despite disclosure to mai…

Jun 09, 2026views - 994