Vulnerabilities
Curated coverage and analysis in this editorial area.
Drupal Fixes 'Highly Critical' SQL Injection Vulnerability Impacting PostgreSQL
Drupal has released urgent security patches for CVE-2026-9082, an unauthenticated SQL injection flaw. The vulnerability specifically t…
Microsoft Defender Zero-Days Under Active Attack; CISA Mandates Patching by June 3
Microsoft has confirmed that two vulnerabilities in Microsoft Defender are being actively exploited in the wild. CISA has added both f…
CVE-2026-46333: Nine-Year-Old Linux Kernel Flaw Enables Root Escalation
Qualys researchers have disclosed CVE-2026-46333, a Linux kernel vulnerability dormant since 2016 that enables local privilege escalat…
Ransomware 2026: Extortion Tactics Pivot Beyond File Encryption
Kaspersky’s May 12, 2026 report reveals a fundamental shift in the threat landscape: as encryption loses its leverage, attackers are p…
CVE-2025-68670: Pre-auth RCE Vulnerability Identified in xrdp Server Domain Field
A technical breakdown of CVE-2025-68670: A stack buffer overflow within xrdp's domain name processing logic enables unauthenticated re…
Mirai Variant Targets EOL TP-Link Routers via Flawed Exploit for Valid Vulnerability
Unit 42 has identified active exploitation attempts targeting CVE-2023-33538 on end-of-life TP-Link routers. While current in-the-wild…
Frontier AI: The Shift from Coding Assistant to Autonomous Threat Agent
Research from Unit 42 reveals that frontier AI models now possess the autonomous reasoning capabilities of full-spectrum security rese…
CISA Faces Congressional Scrutiny After Months-Long AWS GovCloud Credential Leak on GitHub
Senator Maggie Hassan has demanded a classified briefing from CISA following the discovery of a public GitHub repository that exposed…
Italian Revenue Agency Phishing: Cloned SPID Portal Uses Pre-filled Emails to Target Public Sector
CERT-AGID has identified a targeted phishing campaign against the Italian Revenue Agency (Agenzia delle Entrate) featuring cloned SPID…