CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover
A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload and execute arbitrary PHP files...
Vulnerability
Digital Hygiene for High-Profile Individuals
NisosDigital Hygiene for High-Profile Individuals In an era of constant connectivity, digital vulnerability isn’t limited to corporate executives. Any...
Microsoft Patches Windows Flaw Causing VPN Disruptions
Image: AndersonPiza/Envato Microsoft has patched a vulnerability in the Windows Remote Access Connection Manager (RasMan) service that was being exploited...
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
Ravie LakshmananFeb 05, 2026Workflow Automation / Vulnerability A new, critical security vulnerability has been disclosed in the n8n workflow automation...
Security Researchers Breach Moltbook in Record Time
Security researchers from cloud cybersecurity firm Wiz disclosed a critical vulnerability in Moltbook, a newly launched social network designed for...
Using AI Agents to Separate Real Risk From Vulnerability Noise
Snir Ben Shimol, CEO and co-founder of Zest Security, talks about why vulnerability and exposure management has become one of...
Flaw in Broadcom Wi-Fi Chipsets Illuminates Importance of Wireless Dependability and Business Continuity
A wireless vulnerability affecting Broadcom Wi-Fi chipsets represents a timely warning for organizations that need always-on wireless access and a prime example of how...
Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock
In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with...
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Open Source A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js...
Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic
What Is CVE-2026-21962? CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy...
Critical SmarterMail vulnerability under attack, no CVE yet
Critical SmarterMail vulnerability under attack, no CVE yet Pierluigi Paganini January 22, 2026 A SmarterMail flaw (WT-2026-0001) is under active...
Smashing Security podcast #451: I hacked the government, and your headphones are next
In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more...
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Ravie LakshmananJan 21, 2026Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that,...
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
Ravie LakshmananJan 20, 2026Web Security / Vulnerability Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME)...
