Vulnerabilities
Curated coverage and analysis in this editorial area.
Microsoft Refuses to Patch Windows Search URI Flaw Enabling NTLM Hash Theft
Huntress has disclosed an unpatched vulnerability in the Windows search: URI handler that allows attackers to steal NTLMv2 hashes via…
Kemp LoadMaster API Flaw Enables Authenticated RCE: CVSS 8.8 Vulnerability Patched
CVE-2026-3517 in Progress Software Kemp LoadMaster allows authenticated users to execute arbitrary code via command injection in the c…
CVE-2026-0826: Root RCE Vulnerability Hits HP Poly Enterprise VoIP Phones
A critical stack-based buffer overflow in HP Poly Voice's SDP parsing allows unauthenticated remote code execution with root privilege…
Tuskira Unveils Quell: AI Agent Designed to Mitigate Zero-Days Before Patches Exist
Tuskira has launched Quell, an AI agent that maps attack paths and orchestrates compensating controls to neutralize zero-day threats a…
CISA Warns of Active Exploitation for Two-Year-Old Oracle WebLogic Flaw
CISA has added CVE-2024-21182 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of an Oracle WebLog…
BadBone: Dormant AI Backdoor Evades Six Major Security Defenses
BadBone research demonstrates that backdoors in pre-trained AI models remain invisible until customized, maintaining a 0.10% attack su…
Gitea Bug Exposed Private Container Images for Four Years
CVE-2026-27771: A critical flaw in Gitea’s container registry left approximately 31,750 instances vulnerable for nearly four years. Di…
Anthropic Grants ENISA Access to Mythos: A Strategic Shift for EU Cybersecurity
Anthropic is granting ENISA access to its Mythos model for vulnerability discovery. As the first EU entity to join Project Glasswing,…
Tina Peters Released: Election Insider Threat Becomes Political Flashpoint
Colorado Governor Jared Polis commutes the sentence of former clerk Tina Peters. CyberScoop and The Independent detail her release, th…
Insight Launches Managed Exposure Defense to Combat AI-Driven Exploit Speed
Insight consolidates CTEM, enterprise patching, supply chain risk, surge engineering, and XDR into a unified managed service designed…
Audit Slams NIST Over NVD Collapse: 27,000 CVE Backlog and $200,000 in Wasted Funds
A Department of Commerce OIG audit documents the systemic failure of the National Vulnerability Database pipeline, revealing a backlog…
Microsoft Patched a Critical SharePoint RCE but Omitted the CVE from Official Documentation
CVE-2026-45659, a CVSS 8.8 SharePoint Server RCE, was missing from Microsoft’s May 2026 security update list. While the patch was dist…