Vulnerabilities
Curated coverage and analysis in this editorial area.
CISA Adds Critical Langflow Vulnerability (CVE-2025-34291) to KEV Catalog Following Active Exploitation
CISA has added CVE-2025-34291, a critical origin validation flaw in the Langflow platform, to its Known Exploited Vulnerabilities cata…
Anthropic’s Project Glasswing Unearths 10,000 Flaws, Triggering 'Patching Paralysis'
Project Glasswing identified over 10,000 critical vulnerabilities in just one month. As Anthropic’s Claude Mythos model accelerates di…
CVE-2026-48172: Critical Root Escalation in LiteSpeed cPanel Plugin Under Active Attack
A critical vulnerability in LiteSpeed’s cPanel plugin allows for privilege escalation to root. We break down the mechanism and provide…
Apple Patches macOS RCE Vulnerability in USD Library (ZDI-26-314)
A critical out-of-bounds write in the macOS USD library could allow remote code execution through malicious 3D files. Apple released a…
macOS USD Library Bug ZDI-26-315 Exposes System Memory, Patch Issued May 12
Apple has addressed ZDI-26-315, an out-of-bounds read vulnerability in the macOS Universal Scene Description (USD) library. Rated CVSS…
AI Unearths 300 WordPress Zero-Days for $20 Each: The Human Triage Crisis
A high-efficiency AI pipeline has discovered over 300 critical zero-day vulnerabilities in WordPress plugins at an estimated cost of $…
Cloud Atlas Upgrades Arsenal: Novel Backdoors and Stealth RDP Patching for Cyber-Espionage
Between 2025 and 2026, the Cloud Atlas APT deployed previously undocumented backdoors, VBCloud and PowerShower, alongside modified sys…
TrendAI Fixes Actively Exploited Apex One Zero-Day; CISA Sets June 4 Patch Deadline
TrendAI has issued critical patches for CVE-2026-34926, a directory traversal vulnerability in Apex One on-premises installations curr…
Unit 42: Frontier AI Models Exploiting Open-Source Transparency to Automate Supply Chain Attacks
Frontier AI models are demonstrating the autonomous reasoning required to identify vulnerabilities in open-source code and orchestrate…
Kemp LoadMaster Vulnerability: Authenticated RCE Found in customLocation Parameter
Advisory ZDI-26-319 reveals a command injection flaw in Progress Software’s Kemp LoadMaster. Authenticated users can exploit the custo…
PoC Zealot: Autonomous AI Executes End-to-End GCP Cloud Attack
Unit 42’s Zealot project demonstrates how multi-agent AI systems can autonomously chain SSRF, credential theft, and BigQuery exfiltrat…
Chrome Internal Bug Reports Surge to 200+ as Google Leans on AI
Google addressed more than 200 internally discovered vulnerabilities in Chrome between March and May 2026. The spike aligns with the c…