Vulnerabilities
Curated coverage and analysis in this editorial area.
YellowKey: Microsoft Issues Emergency Mitigations for BitLocker Bypass
Microsoft issued temporary mitigations on May 20 for CVE-2026-45585, a BitLocker bypass vulnerability exploited through the Windows Re…
Trend Micro: CISA Adds Exploited Apex One Zero-Day to KEV Catalog with June 4 Deadline
CVE-2026-34926 affects on-premise Apex One installations. This directory traversal zero-day is under active exploitation, prompting CI…
DocketWise Data Breach: 143,480 Impacted via Third-Party Repository Exposure
Legal-tech platform DocketWise has notified 143,480 individuals of a data breach involving cloned third-party repositories. The incide…
The Oncology Institute Discloses Patient Data Breach Linked to Third-Party Vendor
The Oncology Institute (TOI) confirmed in an SEC filing that unauthorized actors accessed patient data through a third-party software…
Radiology Associates of Richmond Discloses Breach Affecting 266,000 Following Nine-Month Investigation
Radiology Associates of Richmond has confirmed a July 2025 data breach impacting over 266,000 patients. The disclosure follows a nine-…
CISA Adds Microsoft Defender DoS Flaw to KEV Catalog with June 3 Deadline
CISA has added CVE-2026-45498, a Denial of Service vulnerability in Microsoft Defender, to its Known Exploited Vulnerabilities catalog…
CVE-2026-41091: Microsoft Defender Engine Exploited for SYSTEM Privilege Escalation
A link-following vulnerability in the Microsoft Malware Protection Engine enables local privilege escalation to SYSTEM. An analysis of…
CISA Adds Critical Langflow Vulnerability (CVE-2025-34291) to KEV Catalog Following Active Exploitation
CISA has added CVE-2025-34291, a critical origin validation flaw in the Langflow platform, to its Known Exploited Vulnerabilities cata…
Anthropic’s Project Glasswing Unearths 10,000 Flaws, Triggering 'Patching Paralysis'
Project Glasswing identified over 10,000 critical vulnerabilities in just one month. As Anthropic’s Claude Mythos model accelerates di…
CVE-2026-48172: Critical Root Escalation in LiteSpeed cPanel Plugin Under Active Attack
A critical vulnerability in LiteSpeed’s cPanel plugin allows for privilege escalation to root. We break down the mechanism and provide…
Apple Patches macOS RCE Vulnerability in USD Library (ZDI-26-314)
A critical out-of-bounds write in the macOS USD library could allow remote code execution through malicious 3D files. Apple released a…
macOS USD Library Bug ZDI-26-315 Exposes System Memory, Patch Issued May 12
Apple has addressed ZDI-26-315, an out-of-bounds read vulnerability in the macOS Universal Scene Description (USD) library. Rated CVSS…