Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer
ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users.
Vulnerability Disclosure
20 articles
Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin
On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more t...
CISA directive orders agencies to prioritize vulnerability patching in a new way
A vulnerability that meets all four criteria would need to be fixed within three days, for instance. The post CISA directive orders agencies to prioritize vu...
June Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’
June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do l...
AISLE Snapshot keeps source code under enterprise control during vulnerability scanning
AISLE has introduced AISLE Snapshot, a new offering that gives regulated and security-sensitive enterprises access to frontier-class vulnerability detection ...
Microsoft ships largest Patch Tuesday on record, with one bug under active attack
The release comes after Microsoft’s security leadership acknowledged last month that AI tools are driving a surge in vulnerability discovery across the indus...
ServiceNow Patches Vulnerability Exploited Against Some Customers
The company updated hosted customer instances to patch a security issue it reportedly had known about since April 7. The post ServiceNow Patches Vulnerabilit...
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly...
Rubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacks
Rubrik has unveiled Autonomous Business Recovery (ABR) for Cloud Applications, the agentic cyber resilience solution that recovers cloud applications from da...
F5 adds AI-powered threat detection and API security for on-premises environments
F5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates...
No Patch Planned for Exploited Arista EOS Vulnerability
Organizations are advised to apply vendor-supplied mitigations or discontinue the vulnerable devices. The post No Patch Planned for Exploited Arista EOS Vuln...
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf)...
AI-driven computer worm demonstrates autonomous network exploitation
The AI worm, tested on an isolated 33-host network, demonstrated a significant ability to adapt and exploit.
CISA to reevaluate risk prioritization for critical infrastructure and federal agencies
CISA is set to release a binding operational directive for federal agencies, aiming to revise vulnerability management practices.
A Record-Breaking Patch Tuesday for June 2026
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of f...
OpenSSL Patches High-Severity Vulnerability Found With AI
A total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI. The post OpenSSL Patch...
XBOW tests Anthropic's Mythos Preview for offensive security
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model perfo...
Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation
Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours Wi...
Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Cat...
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domai...