Vulnerabilities
Curated coverage and analysis in this editorial area.
LLM Agent Conducts Autonomous Post-Exploitation via Marimo RCE
Sysdig documents the first case of an LLM agent completely replacing a human operator in post-exploitation following a critical RCE on…
Chrome 148: Google Patches 151 Vulnerabilities, Including 22 Critical Flaws
Google has released Chrome 148, addressing 151 security vulnerabilities with 22 rated at maximum criticality. The update includes over…
FortiClient EMS: EKZ Infostealer May Target VPN Management Channels
CVE-2026-35616 (CVSS 9.8): Compromised FortiClient EMS platforms could be transformed into malware delivery vehicles. Attacks in May 2…
Palo Alto Networks Sets Patch Record as Frontier AI Reshapes Vulnerability Discovery
Palo Alto Networks has released its May 2026 Patch Wednesday, disclosing 26 CVEs across more than 130 products. For the first time, th…
7-Zip CVE-2026-48095: NTFS Heap Overflow Enables Vtable Hijacking
A critical heap buffer overflow in 7-Zip 26.00 allows for Remote Code Execution (RCE) via specially crafted NTFS files, regardless of…
Siemens Simcenter Femap Memory Corruption Vulnerability: Coordinated Disclosure Set for May 2026
A high-severity memory corruption vulnerability in Simcenter Femap’s IPT file parser (ZDI-26-317) leaves users with a nine-month expos…
Progress Software Patches High-Severity Command Injection in Kemp LoadMaster (ZDI-26-319)
An authenticated command injection vulnerability in the customLocation parameter of Kemp LoadMaster carries a CVSS score of 8.8. While…
Adobe ColdFusion: Security Update Addresses Reported Authentication Bypass
Advisory ZDI-26-263 describes a reported remote authentication bypass in Adobe ColdFusion. With a CVSS score of 6.5, the vulnerability…
Cisco SD-WAN: Potential Targeted Activity Involving Controllers
A report describes potential exploitation of SD-WAN vulnerabilities, noting activity attributed to a group designated as UAT-8616 and…
OpenAI Codex: Reported Sandbox Escape Disclosed (ZDI-26-305)
A reported sandbox escape in OpenAI Codex (ZDI-26-305) could potentially allow code execution via specific JavaScript repositories. Th…
Apple macOS USD Library Flaw Enables Information Disclosure and Exploit Chaining
A vulnerability in the macOS Universal Scene Description (USD) library (ZDI-26-315) allows for out-of-bounds reads and potential code…
Docker Desktop ECI Flaw: High-Severity LPE Vulnerability Enables Container Escapes
A vulnerability in Docker Desktop’s Enhanced Container Isolation (ECI) allows for local privilege escalation with a CVSS score of 8.8.…