Vulnerabilities
Curated coverage and analysis in this editorial area.
Anthropic Grants ENISA Access to Mythos: A Strategic Shift for EU Cybersecurity
Anthropic is granting ENISA access to its Mythos model for vulnerability discovery. As the first EU entity to join Project Glasswing,…
Tina Peters Released: Election Insider Threat Becomes Political Flashpoint
Colorado Governor Jared Polis commutes the sentence of former clerk Tina Peters. CyberScoop and The Independent detail her release, th…
Insight Launches Managed Exposure Defense to Combat AI-Driven Exploit Speed
Insight consolidates CTEM, enterprise patching, supply chain risk, surge engineering, and XDR into a unified managed service designed…
Audit Slams NIST Over NVD Collapse: 27,000 CVE Backlog and $200,000 in Wasted Funds
A Department of Commerce OIG audit documents the systemic failure of the National Vulnerability Database pipeline, revealing a backlog…
Microsoft Patched a Critical SharePoint RCE but Omitted the CVE from Official Documentation
CVE-2026-45659, a CVSS 8.8 SharePoint Server RCE, was missing from Microsoft’s May 2026 security update list. While the patch was dist…
CERT-In Mandates 12-Hour Patching Window to Combat AI-Driven Exploits
India’s national cyber agency, CERT-In, has established a new 12-hour remediation standard for internet-facing and 'crown jewel' syste…
Critical Flowise RCE: Exploit Code Released for CVSS 9.9 Vulnerability
Obsidian Security has published proof-of-concept exploit code for CVE-2026-40933, a critical RCE vulnerability in Flowise. The flaw le…
CIFSwitch: Linux Kernel Bug Grants Root Access on CentOS and Rocky Linux
CIFSwitch enables local privilege escalation to root across multiple Linux distributions. While a public PoC is available and an upstr…
CVE-2026-0257: Active Exploitation Confirmed for GlobalProtect Authentication Bypass
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257 affecting PAN-OS GlobalProtect. CISA has added the vulnerability…
California AG Sues 23andMe Over Alleged Ransom Negotiations and Deception in 6.9M Record Breach
Attorney General Rob Bonta alleges the company engaged in undisclosed ransom negotiations while publicly downplaying a 2023 credential…
ChatGPhish: ChatGPT Summaries Weaponized as Phishing Traps
The ChatGPhish vulnerability exploits ChatGPT's renderer to inject malicious links and QR codes during web page summarization. OpenAI…
Cyber Brief: Trump Mobile Breach, FIFA Phishing Surge, and CISA Supply Chain Alerts
Three major security incidents converge ahead of the 2026 World Cup: Trump Mobile confirms a third-party data breach, Group-IB uncover…