Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Ravie LakshmananApr 22, 2026Vulnerability / Cryptography Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that...
LakshmananApr
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Ravie LakshmananApr 22, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE...
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
Ravie LakshmananApr 22, 2026Vulnerability / Container Security A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium...
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Ravie LakshmananApr 21, 2026Network Security / Vulnerability Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters...
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
Ravie LakshmananApr 21, 2026Insider Threat / Cybercrime A third individual who was employed as a ransomware negotiator has pleaded guilty...
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
Ravie LakshmananApr 21, 2026Mobile Security / Artificial Intelligence Cybersecurity researchers have discovered a new iteration of an Android malware family...
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Ravie LakshmananApr 21, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE),...
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
Ravie LakshmananApr 21, 2026Network Security / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight...
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
Ravie LakshmananApr 20, 2026Open Source / Server Security A critical security vulnerability has been disclosed in SGLang that, if successfully...
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Ravie LakshmananApr 20, 2026Cybersecurity / Hacking Monday’s recap shows the same pattern in different places. A third-party tool becomes a...
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Ravie LakshmananApr 20, 2026Artificial Intelligence / Vulnerability Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context...
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
Ravie LakshmananApr 20, 2026Cloud Security / Data Breach Web infrastructure provider Vercel has disclosed a security breach that allows bad...
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Ravie LakshmananApr 18, 2026IoT Security / Vulnerability Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link...
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Ravie LakshmananApr 17, 2026Vulnerability / Endpoint Security Huntress is warning that threat actors are exploiting three recently disclosed security flaws...
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
Ravie LakshmananApr 17, 2026Vulnerability Management The National Institute of Standards and Technology (NIST) has announced changes to the way it...
