Vulnerabilities
Curated coverage and analysis in this editorial area.
India’s CERT-In Mandates 12-Hour Patch Window to Counter AI-Driven Exploitation
A new 38-page blueprint from CERT-In slashes the remediation window to just 12 hours for exposed systems, citing the rapid weaponizati…
CISA Adds Drupal SQL Injection Vulnerability to KEV Catalog Following Mass Exploitation
CISA has added the CVE-2026-9082 SQL injection flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The move follows re…
CVE-2026-5426: KnowledgeDeliver LMS Targeted by Zero-Day ViewState Exploit
Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS have enabled unauthenticated RCE attacks. Threat actors deployed the BLUEBEAM…
300 WordPress Zero-Days in 72 Hours for $20: The Falling Economic Threshold of the Bug
TrendAI and CHT Security researchers have uncovered over 300 critical zero-day vulnerabilities in 72 hours using an AI pipeline develo…
Windows Hit by Post-Patch Tuesday Zero-Day Blitz
Security researcher Chaotic Eclipse has disclosed three new Windows zero-day vulnerabilities following the May 2026 Patch Tuesday. To…
YellowKey: Microsoft Issues Emergency Mitigations for BitLocker Bypass
Microsoft issued temporary mitigations on May 20 for CVE-2026-45585, a BitLocker bypass vulnerability exploited through the Windows Re…
Trend Micro: CISA Adds Exploited Apex One Zero-Day to KEV Catalog with June 4 Deadline
CVE-2026-34926 affects on-premise Apex One installations. This directory traversal zero-day is under active exploitation, prompting CI…
DocketWise Data Breach: 143,480 Impacted via Third-Party Repository Exposure
Legal-tech platform DocketWise has notified 143,480 individuals of a data breach involving cloned third-party repositories. The incide…
The Oncology Institute Discloses Patient Data Breach Linked to Third-Party Vendor
The Oncology Institute (TOI) confirmed in an SEC filing that unauthorized actors accessed patient data through a third-party software…
Radiology Associates of Richmond Discloses Breach Affecting 266,000 Following Nine-Month Investigation
Radiology Associates of Richmond has confirmed a July 2025 data breach impacting over 266,000 patients. The disclosure follows a nine-…
CISA Adds Microsoft Defender DoS Flaw to KEV Catalog with June 3 Deadline
CISA has added CVE-2026-45498, a Denial of Service vulnerability in Microsoft Defender, to its Known Exploited Vulnerabilities catalog…
CVE-2026-41091: Microsoft Defender Engine Exploited for SYSTEM Privilege Escalation
A link-following vulnerability in the Microsoft Malware Protection Engine enables local privilege escalation to SYSTEM. An analysis of…