Microsoft patches 138 vulnerabilities as AI-driven discovery accelerates
Microsoft is poised to set a new record for yearly patching by having released patches for over 130 vulnerabilities as part of its May Patch Tuesday release,...
Vulnerability Disclosure
20 articles
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonA...
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypas...
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS
GitLab has issued an urgent security update to neutralize a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silen...
High-Severity Vulnerability Patched in VMware Fusion
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware ...
PoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code Execution
A critical vulnerability in NGINX’s source code, hidden since 2008, has finally been exposed, and a working exploit is already in the wild. Security research...
Packagist Warns: Update Composer Now After GitHub Actions Token Leak
A sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD lo...
New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks
A critical, stealthy vulnerability is lurking deep within Exim, the software powering a massive share of the world’s email infrastructure. Sitting exposed on...
PoC Exploit Released for Fragnesia Linux Flaw Enabling Root Access
A newly discovered Linux local privilege escalation vulnerability, dubbed “Fragnesia,” is sending shockwaves through the cybersecurity community. This critic...
Critical Fortinet FortiSandbox Vulnerability Enables Code Execution Attacks
The ultimate irony in cybersecurity has just struck the very tool designed to catch and isolate deadly malware has become an open door for hackers. A newly d...
[webapps] Apache HertzBeat 1.8.0 - Remote Code Execution
Apache HertzBeat 1.8.
NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals
NVD enrichment now covers only 15–20% of CVEs. Learn how Recorded Future Vulnerability Intelligence prioritizes risk using real attacker behavior signals.
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacke...
House committee chair calls on Instructure to testify in Canvas hack
ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.
Anthropic's AI finds one low-severity vulnerability in heavily audited curl codebase
Daniel Stenberg, the creator of curl, reviewed a Mythos analysis of 176,000 lines of C code, which claimed to have found five "confirmed" vulnerabilities.
200,000 WordPress Sites at Risk from Critical Authentication Bypass Vulnerability in Burst Statistics Plugin
On May 8, 2026, PRISM, Wordfence Threat Intelligence’s autonomous vulnerability research platform, discovered a critical Authentication Bypass vulnerability ...
Microsoft Teams Vulnerability Allows Hackers to Perform Spoofing Attacks
A newly discovered security flaw in Microsoft Teams for Android could allow attackers to carry out dangerous spoofing attacks. By exploiting improperly secur...
Defender's Guide to the Frontier AI Impact on Cybersecurity: May 2026 Update
Get the May 2026 update on Frontier AI-driven exploits. Learn the 4 immediate steps for agentic defense, vulnerability finding and security operations to out...
Grego AI launches with AI-powered vulnerability detection
The company's method, called Deep Invariant Analysis, scans entire codebases to map module and dependency connections.
When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
Overview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In Apr...