§Topic · CVE & Vulnerabilities
CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatches
Loading
§Topic · CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatchesProgress Software patches a critical MOVEit Automation flaw that could bypass authentication. Immediate action recommended to apply updates.
Exim fixes address memory corruption, crash and data leakage risks across widely used mail servers.
Technical PoC publicly released for CVE-2026-41940; vast exploitation activity observed in wild, enabling pre-authentication access and server compromise.
April 2026 Windows 11 update breaks third-party backup software; assess vendor patches and rollback options to avoid data loss.
A maximum severity remote code execution flaw in the Gemini CLI and related GitHub Actions could allow attackers to run code on host systems. Apply patches immediately.
Active exploitation of a critical auth bypass in cPanel/WHM has been observed in the wild for months, enabling unauthorized admin access. Patch and containment efforts are underway.
RCE in GitHub's internal git infra could allow full server compromise; authenticated access required.
Critical pre-auth SQL injection in LiteLLM openly exploited in the wild, exposing cloud credentials.
VECT 2.0 acts more as a data wiper due to encryption nonce flaws; recovery unlikely even for attackers.
Flawed Entra ID role could enable privilege escalation; Microsoft issued patches after discovery by researchers.
Two actively exploited SimpleHelp remote-support flaws pose direct access risks to networks.
State-sponsored actors chain CVEs to backdoor FXOS/ASA devices; FIRESTARTER persists after patches.
New Windows RPC flaw PhantomRPC enables LPE with multiple exploitation paths; disclosed at Black Hat Asia 2026.
SD-WAN vulnerabilities being exploited; patch cadence and network segmentation remain critical.
North Korean-linked actors exploited DeFi infrastructure to steal $290M in a high-profile crypto heist; organizations should review cross-chain and bridge trust controls.
Legacy FTP exposure persists; organizations urged to decommission or secure gateways.
Edge update breaks right-click paste in Teams; workaround and patch ETA provided by vendor.
Remote code execution CVE-2026-34197 exploited in the wild; upgrade and rotate credentials advised.
Unauthenticated command execution demonstrated; patch recommended and mitigations outlined.
Get these articles delivered to your inbox.
Subscribe free