Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
Communicating AI's Impact on Vulnerability Discovery to Boards
Security leaders must articulate AI-driven vulnerability trends and strategic resource needs to their boards, translating technical risks into business impact.
CVE-2022-4304: Hitachi Energy GMS600 Timing Side Channel Vulnerability
Hitachi Energy GMS600 versions 1.3.0-1.3.1 affected by CVE-2022-4304, an OpenSSL timing side channel leading to TLS decryption. Patch to 1.3.2 now.
ABB Terra AC Wallbox <=1.8.33 Buffer Overflows: Patch Now
CISA warns of three buffer overflow vulnerabilities (CVE-2025-10504, CVE-2025-12142, CVE-2025-12143) in ABB Terra AC Wallbox EV chargers, leading to potential remote
AI-Assisted macOS Kernel Exploit on Apple M5 Hardware
Security researchers used Anthropic’s Mythos AI to develop a macOS kernel memory corruption exploit for the Apple M5 chip in just five days. Patch now.
Chromium RCE Risk: Unfixed Flaw Allows Background JavaScript
Google accidentally exposed details of an unfixed Chromium flaw. This enables RCE via persistent background JavaScript execution, affecting many browsers.
Linux Rootkits and Router Zero-Day Exploits: ThreatsDay Analysis
Recent intelligence highlights a surge in Linux rootkits and router zero-day vulnerabilities targeting trusted system components and AI-driven intrusions.
Cisco Secure Workload RCE via CVE-2025-20165 — Mitigation Guide
Cisco patches a critical 9.8 CVSS vulnerability in Secure Workload REST APIs that allows unauthenticated attackers to gain Site Admin privileges.
Microsoft Defender CVE-2026-41091 Privilege Escalation Exploited
Microsoft warns of active exploitation of CVE-2026-41091 in Defender, a privilege escalation flaw allowing attackers to gain SYSTEM privileges on Windows.
CISA KEV Update: New Microsoft Defender and Legacy Flaws Exploited
CISA adds seven vulnerabilities, including CVE-2026-41091 and CVE-2026-45498, to the Known Exploited Vulnerabilities catalog. Patch now to prevent compromise.
Software Supply Chain Security: Addressing Visibility Gaps
An analysis of the growing software supply chain crisis, focusing on the acceleration of vulnerability exploitation and the lack of systemic visibility.
CVE-2024-21338: Microsoft Defender Zero-Day Exploited by Lazarus
Microsoft patches two zero-day vulnerabilities in Defender and SmartScreen exploited by Lazarus Group for privilege escalation and malware delivery.
CVE-2026-46333: Nine-Year-Old Linux Kernel Privilege Escalation Flaw
A long-standing Linux kernel flaw, CVE-2026-46333, allows local users to achieve root access and disclose sensitive data on major Linux distributions.