Zero-day

Drupal SQL injection vulnerability CVE-2026-9082 now actively exploited in attacks.

Researchers used Anthropic's Mythos AI to discover and exploit macOS kernel memory corruption flaw on Apple M5.

Microsoft acknowledges YellowKey BitLocker bypass vulnerability and releases mitigations.

Hackers actively exploit Nginx Rift (CVE-2026-42945) heap buffer overflow in NGINX and F5 products.

Pwn2Own Berlin 2026 awards $1.3M for 47 zero-day exploits across enterprise and AI products.

PoC code published for critical NGINX heap buffer overflow vulnerability (CVE-2026-42945).

Hackers deploy XWorm RAT v7.4 via PyInstaller with AMSI patching to bypass Windows security.

Authentication bypass vulnerability in Burst Statistics WordPress plugin allows admin account takeover.

Nightmare Eclipse releases MiniPlasma vulnerability (CVE-2020-17103) in Windows Cloud Files Mini Filter Driver

Cisco SD-WAN Controller/Manager CVE-2026-20182 critical auth bypass under active exploitation

Cisco patches critical auth bypass in Catalyst SD-WAN Controller actively exploited for admin access.

Weekly threat roundup: PAN-OS RCE exploited, Mythos cURL bug, AI tokenizer attacks, and 10+ security stories.

18-year-old NGINX heap buffer overflow vulnerability allows DoS and potential RCE.

mutreasury payment gateway breach exposes admin credentials, API keys, and student data from 28+ Egyptian universities;

CISA adds CVE-2026-20182 Cisco SD-WAN authentication bypass to KEV Catalog as actively exploited.

Siemens ROS# path traversal vulnerability (CVE-2026-41551) allows arbitrary file access in versions before 2.2.2.

Siemens gWAP RCE vulnerability via Axios library prototype pollution gadget chain

Critical OS command injection in Universal Robots Polyscope 5 allows unauthenticated remote code execution.

Siemens Ruggedcom Rox OS command injection vulnerability allows authenticated RCE with root privileges.

Siemens SENTRON 7KT PAC1261 Data Manager HTTP request smuggling flaw allows admin token theft

Siemens Ruggedcom Rox input validation flaw allows authenticated RCE with root privileges.

PraisonAI CVE-2026-44338 auth bypass exploited within hours of disclosure

Fragnesia Linux kernel flaw (CVE-2026-46300) enables local privilege escalation to root.

18-year-old NGINX rewrite module heap buffer overflow enables unauthenticated RCE

Fortinet patches critical RCE flaws in FortiSandbox and FortiAuthenticator.

Fuji Electric Tellus 5.0.2 kernel driver flaw allows local privilege escalation (CVE-2026-8108)

ABB AC500 V3 PLC critical stack buffer overflow in CMS cryptographic parsing (CVE-2025-15467)

Copy.Fail Linux kernel LPE vulnerability disclosed; affects Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora.

CVE-2026-31431 Copy Fail: 732-byte Linux kernel LPE affecting all major distros since 2017

'Dirty Frag' Linux privilege escalation vulnerability discovered, similar to Dirty Pipe flaw.

Weekly security recap covers Linux RAT, macOS stealer, WebSocket skimmers, and active exploitation of Ivanti and Palo

9-year-old Dirty Frag Linux kernel vulnerability enables unprivileged root access; public PoC released.

Dirty Frag Linux privilege escalation vulnerability possibly exploited in wild attacks.

Critical out-of-bounds read in Ollama allows remote memory leak affecting 300K+ servers.

Dirty Frag LPE chain exploits two Linux kernel page-cache vulnerabilities to escalate to root.

Dirty Frag Linux LPE vulnerability in kernel page-cache xfrm-ESP subsystem disclosed

Ransomware negotiator sentenced for $56M attacks; DPRK IT fraud disrupted; PCPJack targets cloud credentials; Palo Alto

Dirty Frag Linux kernel vulnerability enables reliable privilege escalation from unprivileged user to root.

Dirty Frag Linux LPE chains two page-cache write bugs for root access on major distros

ClaudeBleed vulnerability in Claude Chrome extension allows data exfiltration via guardrail bypass.

CISA adds BerriAI LiteLLM SQL injection vulnerability to Known Exploited Vulnerabilities catalog.

Pentest-Tools releases free scanner for CVE-2026-41940, critical cPanel auth bypass actively exploited for 3 weeks.

CVE-2025-68670: Pre-auth RCE in xrdp server via buffer overflow in UTF-16 conversion.

Unpatched Linux kernel Dirty Frag LPE vulnerability enables root access across major distributions.

CVE-2026-0300 buffer overflow in PAN-OS User-ID portal enables unauthenticated RCE.

Microsoft discloses RCE vulnerabilities in Semantic Kernel AI agent framework via prompt injection.

Ivanti EPMM CVE-2026-6973 RCE under active exploitation requires admin auth.

Weekly threat bulletin covers MicroStealer, ICS flaws, supply chain defenses, and North Korea cybercrime case.

Gemini CLI vulnerability allowed prompt injection to enable supply chain attacks via GitHub issues.

Google patches CVSS 10 Gemini CLI vulnerability allowing prompt injection RCE via GitHub issues.