vulnerability
Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)
WatchTowr researchers have disclosed a technical analysis and a “Detection Artefact Generator” for CVE-2026-50751, an authentication bypass flaw in Check …
Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google …
Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)
Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the …
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure …
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the …
CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and …
Google fixes actively exploited Android vulnerability (CVE-2025-48595)
Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android …
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) …
Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257)
Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in “limited exploit …
New infostealer reaches enterprise devices through FortiClient EMS vulnerability
Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server …
Zapier exploit chain shows how known anti-patterns compose into critical risk
A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on …
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It …
Featured news
Resources
Don't miss
- Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)
- How to use NIST and ISO frameworks to govern AI agents
- The assembly line behind 1.5 million malicious domains
- AI sovereignty makes data centers strategic targets for cyber operations
- CISA orders federal agencies to “patch smarter”