2026Vulnerability

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

AndyC 29 May 2026

Ravie LakshmananMay 28, 2026Vulnerability / Endpoint Security Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient...

Gitea Vulnerability Exposes Private Container Images without Authentication

AndyC 27 May 2026

Ravie LakshmananMay 27, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform...

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

AndyC 27 May 2026

Ravie LakshmananMay 26, 2026Vulnerability / Enterprise Security Microsoft has rolled out updates to fix a remote code execution vulnerability impacting...

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

AndyC 26 May 2026

Ravie LakshmananMay 26, 2026Vulnerability / Threat Intelligence A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System...

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

AndyC 26 May 2026

Ravie LakshmananMay 25, 2026Vulnerability / Web Security Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS...

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

AndyC 24 May 2026

Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active...

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

AndyC 24 May 2026

Ravie LakshmananMay 23, 2026Vulnerability / Website Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched...

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

AndyC 22 May 2026

Ravie LakshmananMay 22, 2026Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security...

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

AndyC 22 May 2026

Ravie LakshmananMay 22, 2026Vulnerability / Network Security Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload...

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

AndyC 20 May 2026

Ravie LakshmananMay 19, 2026Vulnerability / Website Security Drupal has issued an alert stating that it intends to release a "core...

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

AndyC 20 May 2026

Ravie LakshmananMay 19, 2026Vulnerability / Email Security Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade...

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

AndyC 19 May 2026

Ravie LakshmananMay 18, 2026Vulnerability / Software Security Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities...

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

AndyC 17 May 2026

Ravie LakshmananMay 16, 2026Vulnerability / Website Security A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come...

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

AndyC 16 May 2026

Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that...

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

AndyC 15 May 2026

Ravie LakshmananMay 15, 2026Vulnerability / Credential Theft The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed...

2026Vulnerability

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Gitea Vulnerability Exposes Private Container Images without Authentication

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

This month in security with Tony Anscombe – May 2026 edition

ESET APT Activity Report Q4 2025–Q1 2026

What to consider before asking an AI chatbot for health advice

BTMOB: A stealthy RAT burrowing deep into Android devices

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed