Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Vulnerability reports are arriving faster than GitHub can review them

Across the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub …

shield
AI vulnerability discovery is pushing 2026 CVEs toward 66,000

Vulnerability disclosures are piling up faster in 2026 than anyone expected at the start of the year. The running count for the first few months sits well above the original …

Android
Google fixes actively exploited Android vulnerability (CVE-2025-48595)

Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android …

Microsoft
Microsoft Defender Vulnerability Management gets a smarter exposure score

Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is …

NIST NVD
How NIST fumbled management of the National Vulnerability Database

A US federal watchdog has outlined how the National Institute of Standards and Technology (NIST) failed to effectively manage the growing backlog of unprocessed cybersecurity …

money
Boards want cyber risk in dollars, not CVE counts

In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. …

access
Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the …

dnsmasq
Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input …

cPanel
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)

The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing …

cPanel
cPanel zero-day exploited for months before patch release (CVE-2026-41940)

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers …

GitHub
88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854)

When researchers at Wiz reported an easily exploitable GitHub remote code execution flaw (CVE-2026-3854) on March 4, the company confirmed it within 40 minutes and pushed a …

NIST NVD
NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward

NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools