Vulnerabilities

RondoDox botnet exploits 2018 ASUS router vulnerability to hijack over 1 million devices.

CISA adds Drupal core SQL injection vulnerability CVE-2026-9082 to KEV catalog

Microsoft patches two exploited Defender zero-days allowing privilege escalation and DoS attacks.

Microsoft releases mitigation for YellowKey BitLocker zero-day disclosed by Nightmare Eclipse.

Verizon's 2026 DBIR finds vulnerability exploitation now top breach entry point, surpassing stolen credentials.

Pwn2Own Berlin 2026 concludes with 47 zero-day exploits demonstrated and $1.3M in payouts.

Active in-the-wild exploitation of critical NGINX heap buffer overflow CVE-2026-42945 begins days after patch release.

Microsoft failed to properly patch 2020 Windows CVE, allowing Nightmare Eclipse exploitation.

Daily dark web threat intelligence digest reporting multiple breaches, CVEs, and exposed credentials across global

Cisco SD-WAN maximum severity vulnerability exploited in active attacks.

CVE-2026-20182 critical Cisco SD-WAN authentication bypass under active exploitation

Cisco patches critical SD-WAN Controller authentication bypass (CVE-2026-20182) exploited in active zero-day attacks.

Pwn2Own Berlin 2026 day one: researchers exploit 24 zero-days in Windows 11, Edge, Linux, and AI tools for $523K.

Weekly threat roundup: PAN-OS RCE exploited, Mythos cURL bug, AI tokenizer attacks, and 10+ security stories.

Egyptian mutreasury payment gateway breached; admin credentials and API keys exposed across 28+ universities.

Microsoft warns of exploitable misconfigurations in cloud-native AI apps on Kubernetes enabling RCE and data leaks.

Linux kernel vulnerability CVE-2026-46300 (Fragnesia) allows local privilege escalation to root.

Siemens Ruggedcom Rox OS command injection vulnerability allows authenticated RCE with root privileges.

Siemens Ruggedcom Rox improper access control flaw allows authenticated remote file read with root privileges

F5 patches over 50 vulnerabilities in BIG-IP, BIG-IQ, and NGINX products.

Hackers probed PraisonAI authentication bypass CVE-2026-44338 within 3.75 hours of disclosure.

Anonymous researcher discloses two Windows zero-days: BitLocker bypass (YellowKey) and CTFMON privilege escalation

Broadcom patches high-severity TOCTOU privilege escalation flaw in VMware Fusion.

Researcher publicly discloses YellowKey BitLocker bypass and GreenPlasma privilege escalation zero-days in Windows.

CVE-2026-42945: Critical heap buffer overflow RCE PoC released for NGINX ngx_http_rewrite_module

Municipality of Agrinio breached; 28 databases exposed via SQL injection attack.

Claude Mythos Preview and GPT-5.5 break autonomous cyber capability benchmarks, solving previously unsolvable attack

Researcher releases PoC exploits for YellowKey BitLocker bypass and GreenPlasma privilege escalation zero-days.

Microsoft patches critical zero-click Outlook RCE vulnerability CVE-2026-40361 affecting enterprises.

Fortinet and Ivanti patch 18 vulnerabilities including three critical code execution flaws.

Intel and AMD release 70 vulnerability patches across product portfolios on May 2026 Patch Tuesday.

Siemens, Schneider Electric, and CISA publish May 2026 Patch Tuesday advisories for ICS vulnerabilities.

Microsoft announces MDASH, an AI agentic system that discovered 16 new Windows vulnerabilities including four Critical

Two new Microsoft Windows zero-day vulnerabilities disclosed with codenames GreenPlasma and YellowKey.

Microsoft patches 137 vulnerabilities in May Patch Tuesday, including 13 critical flaws.

Microsoft patches 137 vulnerabilities including 30 critical; Adobe addresses 52 vulnerabilities with 27 critical in May

Researcher discloses two Microsoft vulnerabilities via GitHub, threatens escalation.

Microsoft May 2026 Patch Tuesday fixes 120 flaws with 17 critical vulnerabilities, no zero-days.

Microsoft patches 137 vulnerabilities including critical flaws in Azure, Windows, and Office products.

Škoda Auto discloses data breach after attackers exploited unspecified vulnerability in German online shop.

Adobe patches 52 vulnerabilities across 10 products, including critical code execution flaws.

Rejected Pwn2Own Berlin 2026 researchers publicly disclose zero-days for Firefox, NVIDIA, and AI platforms.

Threat actor releases two new exploitation tools: YellowKey (BitLocker bypass) and GreenPlasma (Windows privilege

Apple patches 60+ iOS/iPadOS and 80+ macOS vulnerabilities including WebKit issues.

ABB Automation Builder Gateway for Windows exposes PLC networks via insecure default remote access on port 1217.

SAP releases May 2026 patches for 15 vulnerabilities including two critical flaws in Commerce Cloud and S/4HANA.

OpenAI launches Daybreak, an AI-powered platform for vulnerability detection and patch validation.

CVE-2026-41940 cPanel flaw exploited to deploy Filemanager backdoor across 2,000+ attacker IPs.

Google TIG documents first confirmed AI-engineered zero-day exploit by threat actors

Google discloses first known zero-day 2FA bypass likely developed using AI by unknown threat actors.