Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
APT28 Exploits Incomplete Windows Patch: Zero-Click Attacks Persist
An incomplete Windows patch leaves systems vulnerable to zero-click attacks. Russia-linked APT28 exploited this against Ukraine and EU. Learn how to defend.
Malicious AI Prompt Injection Attacks: Google Red Team Insights
Google reports a surge in AI prompt injection attacks, highlighting low-sophistication attempts and strategies for mitigating indirect prompt injection risks.
OpenSSH 9.8 Logic Error: Root Access via Certificate Principals
OpenSSH 9.8 fixes a 15-year-old logic flaw in certificate parsing that could allow unauthorized privilege escalation and root shell access via crafted names.
Anthropic Claude Mythos: Scaling Vulnerability Discovery and Remediation
Claude Mythos Preview accelerates vulnerability discovery, forcing security teams to rethink remediation workflows and automated patch validation.
Firefox CVE-2026-6770: Tor Browser Fingerprinting Patch Guidance
Firefox 150 and Tor Browser 15.0.10 address CVE-2026-6770, a fingerprinting vulnerability that risks de-anonymizing users on privacy-focused networks.
CISA KEV Update: Samsung, SimpleHelp, and D-Link Flaws Exploited
CISA adds four vulnerabilities to its Known Exploited Vulnerabilities catalog, including Samsung MagicINFO 9 and D-Link DIR-823X flaws. Patching is required.
CISA KEV Catalog Adds Exploited Samsung and SimpleHelp Vulnerabilities
CISA adds four exploited flaws in SimpleHelp, Samsung MagicINFO 9, and D-Link routers to its KEV catalog, mandating remediation by May 2026.
Zimbra XSS Attacks: Over 10,000 Servers Vulnerable — Patch Now
Ongoing cross-site scripting (XSS) attacks exploit a flaw in Zimbra Collaboration Suite (ZCS), leaving over 10,000 online servers vulnerable.
Ivanti EPMM RCE via CVE-2025-22514: Technical Analysis and Patching
Critical security alert for Ivanti EPMM: CVE-2025-22514 and CVE-2025-22515 allow remote command injection and file uploads. Patch to version 12.1.0.1 immediately.
LMDeploy SSRF: CVE-2026-33626 Exploit and Mitigation Guide
Attackers are actively exploiting CVE-2026-33626, a high-severity SSRF in LMDeploy, to access sensitive LLM data. Learn how to detect and patch this flaw.
CVE-2024-52317: Critical File Upload Bug in Breeze Cache — Patch Now
Attackers are actively exploiting a critical unauthenticated file upload vulnerability (CVE-2024-52317) in the Breeze Cache WordPress plugin.
CVE-2025-65856: Authentication Bypass in Xiongmai XM530 IP Cameras
Critical authentication bypass (CVE-2025-65856) in Xiongmai XM530 IP Camera firmware allows unauthenticated remote access to video streams and sensitive data.