§Topic · CVE & Vulnerabilities
CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatches
Loading
§Topic · CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatchesJune 2026 cycle patches 198 flaws, including 3 zero-days actively exploited; prioritize critical systems first.
Critical Serv-U vulnerability actively exploited; apply vendor patches and segment file-transfer services.
Massive Chrome fix patching numerous critical/high flaws; prioritize browser patching and user awareness.
Critical Linux kernel flaw being actively exploited; remediation and KEV tracking require immediate patching and monitoring.
Critical RCE in Magento extension actively exploited; urgent patching recommended for e-commerce sites.
Vulnerability enables token theft from GitHub via a simple interaction; affects developer workflows.
A single-click payload can exfiltrate GitHub OAuth tokens from vulnerable repos via VS Code workflows.
Attackers could trigger dangerous actions on Google Gemini by poisoned notifications, enabling control over smart devices and calls.
A single code setting bypassed protections exposing billions of Microsoft Android app downloads; immediate review of token/access handling recommended.
Google Android patches address a exploited zero-day plus 123 other flaws; prioritize devices exposed to internet or corporate networks.
Active exploitation of a two-year-old WebLogic vulnerability highlights persistent middleware risk. Patch guidance and KEV-aligned advisories are essential.
Authenticated pull-request variant enables remote code execution. Apply upstream patches and restrict PR flows.
Chrome 148 patches 151 vulnerabilities, including critical RCE flaws. Urge immediate browser updates across endpoints.
Active exploitation of PAN-OS auth bypass CVE-2026-0257. Exploit can enable remote access without authentication; prioritize patching and access control.
Active exploitation of FortiClient EMS; apply hotfixes and verify endpoint integrity to prevent credential theft.
High-severity RCE in Gogs; patch and rotate credentials; monitor exploit attempts and review access controls.
Microsoft SharePoint Server remote code execution vulnerability disclosed and patched as CVE-2026-45659.
SQL injection vulnerability in Drupal actively exploited; federal guidance to patch promptly.
Get these articles delivered to your inbox.
Subscribe free