Advertisement
WordPress Sites Targeted via Kirki and Burst Statistics Vulnerabilities
Attackers are exploiting unauthenticated stored XSS in Kirki and Burst Statistics plugins to achieve privilege escalation and website takeover.
Hardening Automatic Tank Gauge Systems Against Cyber Threats
CISA and partners warn of active cyber threats targeting Automatic Tank Gauge (ATG) systems. Learn to secure critical infrastructure assets now.
CVE-2025-48595: Android June 2026 Update Patches Exploited Zero-Day
Google's June 2026 security update fixes 124 vulnerabilities, including CVE-2025-48595, a zero-day privilege escalation flaw under active exploitation.
Android June 2024 Update: CVE-2024-32896 Zero-Day Exploit Patched
Google fixes 124 vulnerabilities including an actively exploited Pixel firmware zero-day and critical RCE flaws in the June 2024 Android security update.
CVE-2024-10642: WP Maps Pro Exploited to Create WordPress Admin Accounts
Attackers are exploiting a critical privilege escalation flaw in the WP Maps Pro WordPress plugin to create rogue admin accounts without authentication.
CVE-2024-52336: How CIFSwitch Grants Root Access on Linux Systems
The CVE-2024-52336 vulnerability, known as CIFSwitch, allows local privilege escalation to root by abusing CIFS key requests in the Linux kernel.
CVE-2024-50498: Patch Exploited LiteSpeed cPanel Plugin Zero-Day
CISA warns of active exploitation of CVE-2024-50498 in LiteSpeed cPanel plugins, allowing attackers to execute scripts with root privileges. Patch now.
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation - Patch Now
Exploitation of CVE-2026-48172 in the LiteSpeed cPanel plugin allows local users to gain root access. Organizations should update to version 1.2.2 immediately.
Cisco Secure Workload RCE via CVE-2025-20165 — Mitigation Guide
Cisco patches a critical 9.8 CVSS vulnerability in Secure Workload REST APIs that allows unauthenticated attackers to gain Site Admin privileges.
Microsoft Defender CVE-2026-41091 Privilege Escalation Exploited
Microsoft warns of active exploitation of CVE-2026-41091 in Defender, a privilege escalation flaw allowing attackers to gain SYSTEM privileges on Windows.
CVE-2026-46333: Nine-Year-Old Linux Kernel Privilege Escalation Flaw
A long-standing Linux kernel flaw, CVE-2026-46333, allows local users to achieve root access and disclose sensitive data on major Linux distributions.
CVE-2026-9082: Drupal Core RCE via Database API (PostgreSQL)
A highly critical flaw, CVE-2026-9082, in Drupal Core's database abstraction API allows RCE, privilege escalation, and info disclosure on PostgreSQL sites. Patch