CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-8398 Daemon...
CVE
20 articles
CISA Warns LiteSpeed cPanel Plugin Vulnerability Is Being Exploited in Attacks
CISA has issued an urgent warning after adding a critical vulnerability in the LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, ...
Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters
A critical Windows kernel vulnerability, CVE-2026-40369, allows any unprivileged process, including a browser renderer sandbox, to increment arbitrary kernel...
Gitea Vulnerability Exposes Private Container Images without Authentication
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remo...
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.
A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microso...
Microsoft SharePoint Server Flaw Enables Remote Code Execution Attacks
Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow attackers to execute arbitrary code remotely, raising signifi...
Drupal bug added to CISA list of known exploited vulnerabilities
Drupal SQL injection flaw CVE-2026-9082 added to CISA KEV as active attacks target sites.
Critical vulnerability in Universal Robots' PolyScope OS allows remote command execution
The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.
Zero-click attack hijacks WhatsApp accounts on iOS 16
The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 within the ImageIO framework and potentially CVE-2025-55177, to gain unauthorized ...
Ghost CMS vulnerability exploited in large-scale campaign
The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48172 LiteSpeed...
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without r...
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity...
Memcached SASL Flaw Exposes Usernames to Enumeration Attacks
A newly identified vulnerability in Memcached has raised concerns among security professionals after researchers confirmed a timing side-channel flaw that al...
Ghost CMS Vulnerability Exploited to Infect 700 Sites With ClickFix Malware
Hackers are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) to compromise websites and distribute ClickFix malware t...
Apache CXF Flaw Exposes Systems to LDAP Injection Attacks
Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, poten...
ConnectWise Automate Flaw Allows Hackers to Evade Security Controls
ConnectWise has released a security update to address a high-severity vulnerability in its ConnectWise Automate remote monitoring and management (RMM) platfo...
Hackers Abuse KnowledgeDeliver LMS Flaw to Install BLUEBEAM Web Shell
Hackers are actively exploiting a critical vulnerability in the KnowledgeDeliver Learning Management System (LMS) to deploy the BLUEBEAM web shell, according...
Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites
Attackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. Threat actors are actively...
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attack...