Critical Fortinet Forticlient EMS flaw now exploited in attacks
Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. [.
Vulnerability Disclosure
20 articles
Critical Grafana Flaws Allow Attackers to Achieve Remote Code Execution
Grafana Labs has rolled out critical security updates to address two severe vulnerabilities impacting its widely used analytics and interactive visualization...
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEAB...
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild
Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue. The post F5 BIG-IP DoS Flaw Upgraded to Cri...
ShipSec Studio brings open-source workflow orchestration to security operations
Security teams have long relied on a mix of shell scripts, cron jobs, and loosely connected tools to chain reconnaissance and vulnerability scanning work tog...
CISA Warns of Actively Exploited F5 BIG-IP Vulnerability in Ongoing Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited flaw in F5 BIG-IP systems. The vulner...
File read flaw in Smart Slider plugin impacts 500K WordPress sites
A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbi...
Open VSX Scanner Vulnerability Lets Malicious Extensions Go Live
Open VSX, the extension marketplace used by VS Code forks such as Cursor and Windsurf, recently fixed a critical vulnerability in its newly introduced pre-pu...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 16, 2026 to March 22, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
Security leaders say the next two years are going to be ‘insane’
Kevin Mandia, Morgan Adamski, and Alex Stamos tell CyberScoop that AI is finding bugs faster than anyone can fix them, exploit development is accelerating, a...
Why CVSS is No Longer Enough for Exposure Management
For years, cybersecurity professionals have relied on a familiar metric to dictate their day-to-day priorities: the Common Vulnerability Scoring System (CVSS...
BIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash Servers
The Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9 Domain Name Sy...
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Attackers have exploited a critical Langflow RCE within hours of disclosure, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to form...
Coruna iOS Exploit Kit Likely an Update to Operation Triangulation
Coruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago. The post Coruna iOS Exploit Kit Likely an Update to ...
Red Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized Access
Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility. Cybersecurity ...
Make OpenAI’s models misbehave and earn a reward
OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce...
Coruna exploit reveals evolution of Triangulation iOS exploitation framework
Kaspersky found Coruna iOS exploits reuse updated code from the 2023 Operation Triangulation attacks, suggesting a possible link. Kaspersky researchers disco...
Intruder's Chris Wallis on confidence, AI and the future of exposure management
Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continu...
Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
800,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Smart Slider 3 WordPress Plugin
On February 23, 2026, we received a submission for an Arbitrary File Read vulnerability in Smart Slider 3, a WordPress plugin with an estimated more than 800...