Windows Netlogon 0-Click RCE Vulnerability Under Active Exploitation
Microsoft’s May 2026 Patch Tuesday release has taken a critical turn after security researchers confirmed that a high-risk Windows Netlogon vulnerability is ...
CVE
20 articles
CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers
CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17.
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ghos...
Palo Alto PAN-OS Authentication Bypass Vulnerability Actively Exploited in the Wild
A critical authentication-bypass vulnerability affecting Palo Alto Networks PAN-OS and Prisma Access is being actively exploited by malicious actors. In resp...
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation i...
Metasploit Wrap Up 05/29/2026
More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users.
CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog
The vulnerabilities include compromised versions of Daemon Tools Lite (CVE-2026-8398), TanStack npm packages (CVE-2026-45321), and the Nx Console extension (...
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Pr...
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access followin...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-0257 Palo Alto ...
New infostealer reaches enterprise devices through FortiClient EMS vulnerability
Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise ...
Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems
Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s...
Samba Security Flaw Lets Attackers Execute Code Remotely
A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on ...
OpenVPN Connect macOS Vulnerability Allows Remote Command Execution
OpenVPN has released a critical security update for its macOS client after researchers uncovered a vulnerability that could allow remote command execution on...
Hackers exploit FortiClient EMS flaw to push infostealer malware
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented c...
CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks
A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing mal...
Hackers Pivot from marimo RCE to Internal Database Using LLM Agent
A newly observed intrusion demonstrates how attackers are replacing static playbooks with AI-driven agents that adapt in real time. The attack began on May 1...
U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog
U.S.
Gitea Container Registry Vulnerability Could Lead to Private Image Exposure
A critical vulnerability, tracked as CVE-2026-27771, has been discovered in Gitea’s built-in container registry, allowing unauthenticated remote attackers to...
Critical Notepad++ Flaw Could Enable Remote Code Execution Attacks
Notepad++ has released version 8.9.