vulnerability
Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)
Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or …
Tails 7.6.2 patches vulnerability that could expose saved files
The Tails Project released Tails v7.6.2, an emergency release of the popular open source secure portable operating system. What is Tails? Tails, which is based on Debian …
Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code …
Anthropic’s new AI model finds and exploits zero-days across every major OS and browser
Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now …
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote …
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)
A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on …
Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)
A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US …
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently …
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)
Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active …
32% of top-exploited vulnerabilities are over a decade old
Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining …
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)
Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The …
Unpatched ScreenConnect servers open to attack (CVE-2026-3564)
ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted …
Featured news
Resources
Don't miss
- Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
- Workplace stress in 2026 is still worse than before the pandemic
- NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
- Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards
- Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug