Vulnerabilities
Curated coverage and analysis in this editorial area.
RCI Hospitality Data Breach: IDOR Flaw Exposes PII of 40,000 Contractors
RCI Hospitality Holdings has confirmed a data breach stemming from an IDOR vulnerability on an IIS server, exposing the personal infor…
Everest Forms Pro: Critical RCE Exploited Months After Patch Release
Threat actors are actively exploiting CVE-2026-3300 in the Everest Forms Pro WordPress plugin. Although version 1.9.13 has been availa…
Child Identity Theft Surges 40%: The Decade-Long 'Shelf Life' of Stolen Minor Data
Data belonging to minors offers fraudsters a ten-year shelf life due to pristine credit scores and delayed detection. The FTC reports…
Microsoft Retracts Legal Threats Against Researchers Following Zero-Day Disclosure Backlash
Microsoft threatened criminal prosecution against researcher Nightmare-Eclipse for publishing six Windows zero-days before walking bac…
Microsoft Patched This Pwn2Own Edge RCE Weeks Ago—But the Disclosure Gap Leaves Enterprises Exposed
CVE-2026-45495: A directory traversal vulnerability in Microsoft Edge feedback logs enables remote code execution. While Microsoft rel…
Edge Vulnerability CVE-2026-45492: Origin Validation Error Bypasses Windows VBS
A flaw in Microsoft Edge’s cross-device sign-in mechanism, tracked as CVE-2026-45492, allows attackers to bypass Windows Virtualizatio…
CVE-2026-8936: Docker Desktop VM Panic Triggered via grpcfuse Recursion
A low-privileged container can trigger a VM panic in Docker Desktop through uncontrolled recursion in the grpcfuse module. The vulnera…
Google Gemini Hijacked via Messaging Notifications: The 'Dual Illusion' Attack
SafeBreach researchers have demonstrated how the Google Gemini voice assistant on Android can be hijacked through indirect prompt inje…
CVE-2026-20230: Public PoC for Cisco Unified CM Vulnerability Risks Remote Root Access
Cisco disclosed on June 3, 2026, that proof-of-concept code is available for CVE-2026-20230, a critical SSRF vulnerability in Unified…
Why CVSS Scores Fail the Factory Floor: A New Framework for OT Vulnerability Management
An OT security practitioner has introduced a five-step framework to evaluate the actual exploitability of vulnerabilities in manufactu…
CVE-2026-48095: 7-Zip NTFS Handler Heap Overflow
A heap overflow in 7-Zip’s NTFS handler allows for RCE via crafted files. The vulnerability involves signature-based file routing that…
Acer Wave 7: Critical Zero-Days Exposed, Patch Not Expected Until Late June
Acer confirms two vulnerabilities (CVSS 10.0 and 9.8) in its Wave 7 router, involving cleartext credential leaks and a persistent back…