2026Vulnerability

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

AndyC 6 May 2026

Ravie LakshmananMay 05, 2026Vulnerability / Network Security Threat actors are actively exploiting a critical security flaw impacting an open-source content...

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

AndyC 5 May 2026

Ravie LakshmananMay 05, 2026Vulnerability / Network Security A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA)...

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

AndyC 5 May 2026

Ravie LakshmananMay 04, 2026Vulnerability / Enterprise Software Progress Software has released updates to address two security flaws in MOVEit Automation,...

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

AndyC 5 May 2026

Ravie LakshmananMay 04, 2026Vulnerability / Network Security A previously unknown threat actor has been observed targeting government and military entities...

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

AndyC 3 May 2026

Ravie LakshmananMay 03, 2026Vulnerability / Container Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently...

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

AndyC 30 April 2026

Ravie LakshmananApr 29, 2026Vulnerability / Web HostingcPanel has released security updates to address a security issue impacting various authentication paths...

Hacking

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

AndyC 30 April 2026

Ravie LakshmananApr 29, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security...

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

AndyC 29 April 2026

Ravie LakshmananApr 29, 2026Vulnerability / Cloud Security In yet another instance of threat actors quickly jumping on the exploitation bandwagon,...

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

AndyC 29 April 2026

Ravie LakshmananApr 28, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and...

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

AndyC 29 April 2026

Ravie LakshmananApr 28, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging...

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

AndyC 29 April 2026

Ravie LakshmananApr 28, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging...

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

AndyC 28 April 2026

Ravie LakshmananApr 28, 2026Vulnerability / Identity Management An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID...

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

AndyC 28 April 2026

Ravie LakshmananApr 28, 2026Vulnerability / Threat Intelligence Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting...

Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages

AndyC 24 April 2026

Ravie LakshmananApr 23, 2026Vulnerability / Encryption Apple has rolled out a software fix for iOS and iPadOS to address a...

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

AndyC 23 April 2026

Ravie LakshmananApr 22, 2026Vulnerability / Cryptography Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that...

2026Vulnerability

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

This month in security with Tony Anscombe – May 2026 edition

ESET APT Activity Report Q4 2025–Q1 2026

What to consider before asking an AI chatbot for health advice

BTMOB: A stealthy RAT burrowing deep into Android devices

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed