Advertisement
CVE-2026-27668: Privilege Escalation in Siemens RUGGEDCOM CROSSBOW
Authenticated User Administrators can escalate privileges in Siemens RUGGEDCOM CROSSBOW SAM-P versions prior to 5.8. Update to mitigate CVE-2026-27668 risks.
CVE-2026-5387: AVEVA Pipeline Simulation Privilege Escalation
Unauthenticated attackers can exploit CVE-2026-5387 in AVEVA Pipeline Simulation <=2025_SP1_build_7.1.9497.6351 to modify critical ICS simulation parameters and training
Microsoft Defender RedSun Zero-Day PoC Grants SYSTEM Privileges
Security researcher Chaotic Eclipse releases the RedSun zero-day PoC for Microsoft Defender, enabling local privilege escalation to SYSTEM on Windows devices.
CVE-2022-21882: CISA Warns of Windows Task Host Exploit in the Wild
CISA adds CVE-2022-21882 to the KEV catalog. Learn how to mitigate this Windows Task Host privilege escalation vulnerability affecting Win32k.sys.
Microsoft Patch Update: Zero-Day Privilege Elevation Dominates
Microsoft's latest patch update addresses 165 vulnerabilities, with over half being privilege elevation flaws, including two actively exploited zero-days.
Palo Alto Networks & SonicWall High-Severity Privilege Escalation Patches
Palo Alto Networks and SonicWall have issued patches for high-severity vulnerabilities allowing privilege escalation to administrator. Immediate patching is advised.
Windows BlueHammer Zero-Day Exploit: Local Privilege Escalation Analysis
A leaked BlueHammer exploit targets an unpatched Windows vulnerability, allowing local attackers to gain SYSTEM privileges. Analysis and mitigation guide inside.
CVE-2026-35616: Critical FortiClient EMS API Bypass Exploited
Fortinet releases out-of-band patches for CVE-2026-35616, a critical API access bypass in FortiClient EMS enabling unauthenticated privilege escalation.
TrueConf Zero-Day: Exploitation Against Asian Governments
A Chinese threat actor is actively exploiting a TrueConf video conferencing zero-day to conduct reconnaissance and achieve privilege escalation against Asian government
Kerberos Relay Attacks via DNS CNAME Abuse: Detection and Mitigation
Examine Kerberos relay attacks leveraging DNS CNAME abuse for authentication bypass. Understand detection strategies and essential mitigations to protect Active
Google Vertex AI Over-Privilege: Data Theft & Cloud Intrusion Risk
Palo Alto Networks researchers found over-privileged AI agents in Google Vertex AI could be exploited for data exfiltration and access to restricted cloud infrastructure.
Schneider Electric Plant iT/Brewmaxx RCE via Multiple Redis Vulnerabilities
Multiple critical and high-severity vulnerabilities in Schneider Electric Plant iT/Brewmaxx 9.60+ (Redis component) enable RCE and privilege escalation, affecting