§Topic · CVE & Vulnerabilities
CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatches
Loading
§Topic · CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatchesZero-day CVE-2026-20245 was exploited for months before Cisco patching; rapid mitigation and monitoring recommended.
OAuth token theft in Klue supply chain enables access to Salesforce data; investigation ongoing.
Russian IAB-led campaign exploits FortiGate devices to harvest over 110 million credentials; high-risk for enterprises deploying Fortinet gear.
Spyder and MaXSS flaws in AI-powered Chrome extensions enable session hijacks and data access.
CVE-2026-8713 in Avada/fusion builder enables file-deletion and potential RCE on affected sites.
CISA warns federal agencies to patch CVE-2026-20253 quickly due to unauthenticated RCE risk.
Fortinet credential theft campaign impacts half of internet-facing Firewalls and VPNs; urgency to rotate creds and patch exposed devices.
WordPress plugin supply-chain compromise delivers infected releases; audit plugins and CI/CD.
OAuth abuse via Klue integration enables CRM data exfiltration; review third-party app grants and tokens.
Unvalidated input allowed OS access and privilege escalation; apply Cisco ISE patches immediately.
Fortinet VPN credential exposure affects ~73k devices; patch now and rotate credentials to reduce risk.
DragonForce uses Teams relays to conceal C2 traffic. Review Team relay configs and enforce network segmentation and EDR visibility.
A three-stage path (SearchLeak) enables exfiltration of emails and MFA data via trusted Copilot links. Restrict Copilot usage and tighten monitoring.
Open-source OS command injection vector seen against Ivanti Sentry; monitor for privilege escalation attempts and honeypot triggers.
Chrome 149 patches 28 flaws, including use-after-free issues; hardening Chrome remains a priority for enterprise endpoints.
Critical RCE chain in Splunk enables unauthenticated remote code execution via PostgreSQL sidecar; immediate patching and access controls are essential.
High-severity Langflow path traversal allows arbitrary file writes; patching recommended immediately.
GreatXML exposes Windows BitLocker bypass via recovery XML, highlighting recovery-Partition risks.
Binding Directive 26-04 compels remediation of critical flaws within three calendar days for federal agencies.
New directive requires prioritization of patching based on KEV risk; federal agencies must focus on the most dangerous, known exploited vulnerabilities.
Get these articles delivered to your inbox.
Subscribe free