Vulnerabilities
Curated coverage and analysis in this editorial area.
AI Unearths 300 WordPress Zero-Days for $20 Each: The Human Triage Crisis
A high-efficiency AI pipeline has discovered over 300 critical zero-day vulnerabilities in WordPress plugins at an estimated cost of $…
Cloud Atlas Upgrades Arsenal: Novel Backdoors and Stealth RDP Patching for Cyber-Espionage
Between 2025 and 2026, the Cloud Atlas APT deployed previously undocumented backdoors, VBCloud and PowerShower, alongside modified sys…
TrendAI Fixes Actively Exploited Apex One Zero-Day; CISA Sets June 4 Patch Deadline
TrendAI has issued critical patches for CVE-2026-34926, a directory traversal vulnerability in Apex One on-premises installations curr…
Unit 42: Frontier AI Models Exploiting Open-Source Transparency to Automate Supply Chain Attacks
Frontier AI models are demonstrating the autonomous reasoning required to identify vulnerabilities in open-source code and orchestrate…
Kemp LoadMaster Vulnerability: Authenticated RCE Found in customLocation Parameter
Advisory ZDI-26-319 reveals a command injection flaw in Progress Software’s Kemp LoadMaster. Authenticated users can exploit the custo…
PoC Zealot: Autonomous AI Executes End-to-End GCP Cloud Attack
Unit 42’s Zealot project demonstrates how multi-agent AI systems can autonomously chain SSRF, credential theft, and BigQuery exfiltrat…
Chrome Internal Bug Reports Surge to 200+ as Google Leans on AI
Google addressed more than 200 internally discovered vulnerabilities in Chrome between March and May 2026. The spike aligns with the c…
Drupal Fixes 'Highly Critical' SQL Injection Vulnerability Impacting PostgreSQL
Drupal has released urgent security patches for CVE-2026-9082, an unauthenticated SQL injection flaw. The vulnerability specifically t…
Microsoft Defender Zero-Days Under Active Attack; CISA Mandates Patching by June 3
Microsoft has confirmed that two vulnerabilities in Microsoft Defender are being actively exploited in the wild. CISA has added both f…
CVE-2026-46333: Nine-Year-Old Linux Kernel Flaw Enables Root Escalation
Qualys researchers have disclosed CVE-2026-46333, a Linux kernel vulnerability dormant since 2016 that enables local privilege escalat…
Ransomware 2026: Extortion Tactics Pivot Beyond File Encryption
Kaspersky’s May 12, 2026 report reveals a fundamental shift in the threat landscape: as encryption loses its leverage, attackers are p…
CVE-2025-68670: Pre-auth RCE Vulnerability Identified in xrdp Server Domain Field
A technical breakdown of CVE-2025-68670: A stack buffer overflow within xrdp's domain name processing logic enables unauthenticated re…