Coverage
Vulnerabilities
903 articles on vulnerability disclosures and exploits
Advertisement
Cisco Unified Communications Manager: Urgent Patch for Active Exploitation
CISA mandates urgent patching for an actively exploited vulnerability in Cisco Unified Communications Manager, posing immediate risk to federal agencies and beyond.
Amazon Q Flaw: Cloud Credential Theft via Malicious Repositories
AWS patches a critical Amazon Q flaw enabling cloud credential theft via malicious repositories. Understand its impact and recommended mitigations.

Amazon Q Developer RCE via CVE-2026-12957 - Cloud Credential Theft
High-severity CVE-2026-12957 in Amazon Q Developer allowed malicious repositories to execute arbitrary code and steal cloud credentials upon workspace trust. Patch now.

CVE-2026-46331: Linux pedit COW Exploit Grants Root Access
A critical Linux kernel flaw, 'pedit COW' (CVE-2026-46331), allows local unprivileged users to gain root access via an out-of-bounds write. Public exploits exist.
Linux Foundation's Project Akrites: Bolstering Open Source Security
Project Akrites aims to streamline vulnerability management across open source projects, enhancing reporting, patching, and disclosure processes for critical software.

CVE-2026-43503: Linux Kernel DirtyClone Flaw Grants Root Access
DirtyClone (CVE-2026-43503) is a Linux kernel privilege escalation allowing local users to gain root access via cloned network packets. Patch now.
Turla's STOCKSTAY Backdoor: Analysis of Campaigns & WinRAR Exploit
Google Threat Intelligence details STOCKSTAY, Turla's .NET backdoor for espionage targeting Ukraine and Europe, leveraging RDP & CVE-2025-8088.
CVE-2022-25247: PTC Windchill RCE Exploited in the Wild
CISA warns of active exploitation of CVE-2022-25247, an RCE flaw in PTC Windchill PLM software. Learn how to detect and mitigate this critical threat.

Cisco CUCM SSRF Flaw: Rapid Exploitation & Root Privilege Escalation
Attackers are rapidly weaponizing a Cisco Unified CM server-side request forgery (SSRF) flaw, escalating privileges to root. Immediate patching is critical.

ThreatsDay Bulletin: Proxyware, Legacy Flaws, and AI Crime Trends
Analysis of recent cybersecurity threats including smart TV proxyware, a 24-year curl bug, and AI-driven cybercrime trends impacting enterprise security.
LLM Prompt Injection: Role Confusion Exposes Core Architectural Flaws
An in-depth analysis of LLM prompt injection, detailing how 'role confusion' in model representations undermines tag-based security and demands architectural solutions.
Analyzing Internet Background Radiation and Automated Scanning Trends
An analysis of automated cybercrime traffic and internet background radiation, detailing how botnets exploit vulnerabilities like CVE-2017-17215.