Coverage
Vulnerabilities
903 articles on vulnerability disclosures and exploits
Advertisement

CVE-2026-48558: SimpleHelp OIDC Authentication Bypass & Malware
Threat actors are actively exploiting CVE-2026-48558, a critical SimpleHelp OpenID Connect authentication bypass vulnerability, to deploy TaskWeaver and Djinn Stealer

Critical Flaw Exposes Indian Government Data in National Portal
A critical vulnerability and several others exposed private data within Indian government systems, allowing potential takeover of a national portal.

Djinn Stealer Targets Cloud & AI Credentials via SimpleHelp CVE-2026-48558
Analysis of Djinn Stealer, an infostealer delivered via critical SimpleHelp CVE-2026-48558, targeting cloud and AI development credentials.
Critical SimpleHelp Vulnerability Exploited for Malware Delivery
A critical vulnerability in SimpleHelp is actively exploited to deploy malware, targeting credentials, SSH keys, and crypto wallets. Immediate patching is essential.

CVE-2026-8037: Progress Kemp LoadMaster Pre-Auth RCE Threat
A critical pre-authentication RCE (CVE-2026-8037) in Progress Kemp LoadMaster allows unauthenticated attackers to execute root commands via a crafted API request. Patch
CVE-2024-2821: Critical RCE in Daktronics Controllers — Patch Now
Critical vulnerabilities (CVE-2024-2821, CVE-2024-2822, CVE-2024-2823) in Daktronics Venus 1500 and Vanguard controllers allow remote hacking of highway signs and
ShinyHunters Breach NAIC via PeopleSoft Zero-Day: Public Data Stolen
ShinyHunters exploited an Oracle PeopleSoft zero-day to breach NAIC, exfiltrating public data, logs, and configuration files. Review PeopleSoft security.
Nissan Breach: Oracle PeopleSoft Zero-Day Exploited by ShinyHunters
Nissan discloses a data breach impacting current and former employees, attributed to an exploited Oracle PeopleSoft zero-day vulnerability linked to the ShinyHunters
Weak RSA Keys with Many Zeros Found In-the-Wild: Factoring Risk
New research reveals a class of weak RSA keys containing many zero bits, making them vulnerable to factoring. These keys are present in TLS, SSH, and PGP deployments,
DirtyClone: Linux Kernel Privilege Escalation via Page Cache Manipulation
DirtyClone, a variant of DirtyFrag, allows unprivileged local users to exploit a Linux kernel flaw to manipulate the page cache and achieve root privileges.

libssh2 1.11.1 RCE via CVE-2026-55200 — Mitigation Guide
Exploit analysis and mitigation for CVE-2026-55200, a critical client-side RCE in libssh2 affecting versions up to 1.11.1. Public PoC now available.

Declining Confidence in Autonomous Penetration Testing: 2024 Analysis
Security leaders are re-evaluating autonomous penetration testing due to accuracy concerns, shifting focus toward human-led automated security validation.