Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
Pwn2Own Berlin: Microsoft Exchange, Windows 11 Zero-Day Exploits
Zero-day vulnerabilities in Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux demonstrated at Pwn2Own Berlin. Runtime Rebel details the impact.
Funnel Builder WordPress Plugin Exploited for Credit Card Skimming
Critical vulnerability in Funnel Builder WordPress plugin actively exploited to inject credit card skimming JavaScript into WooCommerce checkout pages.
April 2026 CVE Landscape: Prioritizing 37 High-Impact Vulnerabilities
Runtime Rebel analyzes Recorded Future's April 2026 CVE landscape, highlighting 37 high-impact vulnerabilities for urgent remediation amidst rising risks.
CVE-2024-2123 & CVE-2024-2510: Avada Builder Patch Guidance
Critical flaws in Avada Builder WordPress plugin (CVE-2024-2123, CVE-2024-2510) allow for credential theft and LFI. Immediate update to version 3.11.7 required.
OpenClaw "Claw Chain" Flaws: Data Theft and Persistence Risks
Researchers at Cyera have identified the Claw Chain, a set of four OpenClaw vulnerabilities enabling data theft, privilege escalation, and persistent access.
Bypassing AI-Based Age Verification via Facial Obfuscations
Research reveals that AI-driven age estimation systems can be bypassed using physical facial alterations, highlighting flaws in biometric verification models.
20 Years of Cybersecurity: Strategic Insights from Industry Pioneers
Leading cybersecurity experts reflect on two decades of evolving threats, bug bounties, and the critical transition toward identity-centric security models.
CVE-2026-42897: Microsoft Exchange Server Zero-Day Exploited in Wild
Microsoft warns of CVE-2026-42897, a critical Exchange Server zero-day exploited in the wild. Implement Extended Protection mitigations immediately to secure systems.
CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability
Microsoft warns of CVE-2024-49040, a zero-day spoofing vulnerability in Exchange Server exploited to bypass security filters and impersonate trusted senders.
PAN-OS RCE via CVE-2024-3400 — Critical Vulnerability Mitigation Guide
Exploit analysis and mitigation for CVE-2024-3400, a critical command injection flaw in Palo Alto Networks PAN-OS GlobalProtect allowing unauthenticated RCE.
Cisco SD-WAN RCE via CVE-2026-20182 — Mitigation Guide
Cisco patches CVE-2026-20182, the sixth SD-WAN zero-day exploited in 2026. Learn how threat actor UAT-8616 leverages this flaw for targeted attacks.
Chrome 148 Update: Patching Critical Use-After-Free Vulnerabilities
Google releases Chrome 148 addressing critical-severity use-after-free vulnerabilities. Learn how these memory corruption bugs impact browser security and remediation