Patch
Curated coverage and analysis in this editorial area.
Apple macOS USD Library Flaw Enables Information Disclosure and Exploit Chaining
A vulnerability in the macOS Universal Scene Description (USD) library (ZDI-26-315) allows for out-of-bounds reads and potential code…
Docker Desktop ECI Flaw: High-Severity LPE Vulnerability Enables Container Escapes
A vulnerability in Docker Desktop’s Enhanced Container Isolation (ECI) allows for local privilege escalation with a CVSS score of 8.8.…
India’s CERT-In Mandates 12-Hour Patch Window to Counter AI-Driven Exploitation
A new 38-page blueprint from CERT-In slashes the remediation window to just 12 hours for exposed systems, citing the rapid weaponizati…
CISA Adds Drupal SQL Injection Vulnerability to KEV Catalog Following Mass Exploitation
CISA has added the CVE-2026-9082 SQL injection flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The move follows re…
CVE-2026-5426: KnowledgeDeliver LMS Targeted by Zero-Day ViewState Exploit
Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS have enabled unauthenticated RCE attacks. Threat actors deployed the BLUEBEAM…
Trend Micro: CISA Adds Exploited Apex One Zero-Day to KEV Catalog with June 4 Deadline
CVE-2026-34926 affects on-premise Apex One installations. This directory traversal zero-day is under active exploitation, prompting CI…
CISA Adds Microsoft Defender DoS Flaw to KEV Catalog with June 3 Deadline
CISA has added CVE-2026-45498, a Denial of Service vulnerability in Microsoft Defender, to its Known Exploited Vulnerabilities catalog…
May 2026 Patch Tuesday: 137 Flaws and the Domain Controller Threat
Microsoft's May 2026 security update addresses 137 vulnerabilities, including 31 critical flaws. While no zero-days were reported, una…
macOS USD Library Bug ZDI-26-315 Exposes System Memory, Patch Issued May 12
Apple has addressed ZDI-26-315, an out-of-bounds read vulnerability in the macOS Universal Scene Description (USD) library. Rated CVSS…
TrendAI Fixes Actively Exploited Apex One Zero-Day; CISA Sets June 4 Patch Deadline
TrendAI has issued critical patches for CVE-2026-34926, a directory traversal vulnerability in Apex One on-premises installations curr…
Kemp LoadMaster Vulnerability: Authenticated RCE Found in customLocation Parameter
Advisory ZDI-26-319 reveals a command injection flaw in Progress Software’s Kemp LoadMaster. Authenticated users can exploit the custo…
Drupal Fixes 'Highly Critical' SQL Injection Vulnerability Impacting PostgreSQL
Drupal has released urgent security patches for CVE-2026-9082, an unauthenticated SQL injection flaw. The vulnerability specifically t…