Old Docker authorization bypass pops up despite previous patch
Researchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems...
CVE
20 articles
Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data
A high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE...
HPE Aruba Private 5G Vulnerability Opens Door to Credential Theft Attacks
A newly disclosed security flaw in HPE Aruba Networking Private 5G Core On-Prem is putting enterprise networks at severe risk of credential theft. Documented...
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public discl...
New React Server Components Flaw Could Let Attackers Trigger DoS
A newly disclosed high-severity vulnerability in React Server Components could allow unauthenticated attackers to trigger a Denial of Service (DoS) condition...
Juniper Networks Default Credential Vulnerability Allows Unauthorized Full Access
Juniper Networks has issued a critical security alert regarding a severe vulnerability in its Support Insights (JSI) Virtual Lightweight Collector (vLWC). Tr...
APT28 deploys PRISMEX malware in espionage campaign against Ukraine and allies
The campaign, uncovered by Trend Micro and attributed to APT28 (also known as Fancy Bear and Pawn Storm), exploits newly disclosed vulnerabilities, including...
Contemporary Controls BASC 20T
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the ...
Technical Details Released for Critical Cisco SSM Command Execution Vulnerability
Security researchers have published technical details regarding a highly critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-Prem). Tr...
CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint Manager Mobile (...
Palo Alto Cortex XSOAR Flaw in Microsoft Teams Integration Lets Attackers Access Data
Palo Alto Networks has released a high-priority security update to address a serious vulnerability in its Cortex XSOAR and Cortex XSIAM platforms. Tracked as...
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
The U.S.
FortiGate CVE-2025-59718 Exploitation: Incident Response Findings
Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving exploitation of CVE-2025-59718 against a vulnerable FortiGate appliance...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-1340 Ivanti End...
Multiple OpenSSL Flaws Expose Sensitive Data in RSA KEM Handling
A newly disclosed flaw in OpenSSL could allow attackers to access sensitive data stored in application memory. Tracked as CVE-2026-31790, this moderate-sever...
Docker Authorization Bypass Flaw Exposed Hosts to Potential Attackers
A high-severity security vulnerability has been discovered in Docker Engine, exposing hosts to potential authorization bypass attacks. Tracked as CVE-2026-34...
Flatpak 1.16.4 fixes sandbox escape and three other security flaws
Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.
Claude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQ
An AI assistant recently uncovered a critical remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that went unnoticed for 13 years. Tracked ...
OpenSSL 3.6.2 lands with eight CVE fixes
OpenSSL 3.6.
Active exploitation of max severity Flowise bug threatens broad compromise
More than 12,000 internet-exposed instances of open-source AI agent builder Flowise could be compromised by the ongoing exploitation of the maximum-severity ...