Vulnerabilities
Curated coverage and analysis in this editorial area.
CERT-In Mandates 12-Hour Patching Window to Combat AI-Driven Exploits
India’s national cyber agency, CERT-In, has established a new 12-hour remediation standard for internet-facing and 'crown jewel' syste…
Critical Flowise RCE: Exploit Code Released for CVSS 9.9 Vulnerability
Obsidian Security has published proof-of-concept exploit code for CVE-2026-40933, a critical RCE vulnerability in Flowise. The flaw le…
CIFSwitch: Linux Kernel Bug Grants Root Access on CentOS and Rocky Linux
CIFSwitch enables local privilege escalation to root across multiple Linux distributions. While a public PoC is available and an upstr…
CVE-2026-0257: Active Exploitation Confirmed for GlobalProtect Authentication Bypass
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257 affecting PAN-OS GlobalProtect. CISA has added the vulnerability…
California AG Sues 23andMe Over Alleged Ransom Negotiations and Deception in 6.9M Record Breach
Attorney General Rob Bonta alleges the company engaged in undisclosed ransom negotiations while publicly downplaying a 2023 credential…
ChatGPhish: ChatGPT Summaries Weaponized as Phishing Traps
The ChatGPhish vulnerability exploits ChatGPT's renderer to inject malicious links and QR codes during web page summarization. OpenAI…
Cyber Brief: Trump Mobile Breach, FIFA Phishing Surge, and CISA Supply Chain Alerts
Three major security incidents converge ahead of the 2026 World Cup: Trump Mobile confirms a third-party data breach, Group-IB uncover…
LLM Agent Conducts Autonomous Post-Exploitation via Marimo RCE
Sysdig documents the first case of an LLM agent completely replacing a human operator in post-exploitation following a critical RCE on…
Chrome 148: Google Patches 151 Vulnerabilities, Including 22 Critical Flaws
Google has released Chrome 148, addressing 151 security vulnerabilities with 22 rated at maximum criticality. The update includes over…
FortiClient EMS: EKZ Infostealer May Target VPN Management Channels
CVE-2026-35616 (CVSS 9.8): Compromised FortiClient EMS platforms could be transformed into malware delivery vehicles. Attacks in May 2…
Palo Alto Networks Sets Patch Record as Frontier AI Reshapes Vulnerability Discovery
Palo Alto Networks has released its May 2026 Patch Wednesday, disclosing 26 CVEs across more than 130 products. For the first time, th…
7-Zip CVE-2026-48095: NTFS Heap Overflow Enables Vtable Hijacking
A critical heap buffer overflow in 7-Zip 26.00 allows for Remote Code Execution (RCE) via specially crafted NTFS files, regardless of…