In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
Fortinet's latest patches for FortiSandbox and FortiAuthenticator might sound like tech jargon, but for anyone whose business relies on these security products, it's a wake-up call.
The Pwn2Own Berlin 2026 hacking contest saw a massive payout for security researchers, with nearly $1.3 million handed out for the discovery of 47 zero-day vulnerabilities. This year's event put a spotlight on enterprise technologies and the rapidly expanding AI landscape.
The internet's foundational web server, NGINX, is under fire. A critical flaw is already being weaponized in the wild, with implications ranging from service disruption to full system compromise.
Forget secure enclaves and complex mitigations. A new 0-click exploit chain for the Pixel 10 has emerged, demonstrating a profound vulnerability in how the device handles video decoding, allowing for complete kernel takeover.
Active Directory Certificate Services, a bedrock of enterprise security, is quietly becoming a favorite attack vector. Forget zero-days; attackers are leveraging misconfigurations to seize control.
Google just dropped Chrome 148, packing fixes for 79 vulnerabilities, a number that should give any user pause. But what's lurking in those 14 critical bugs?
Metasploit just dropped a persistent threat: a Vim plugin exploit. But that's not all – this wrap-up dives into new vulnerabilities and crucial fixes.
A serious security flaw is actively being exploited in on-premise Microsoft Exchange Server installations. CVE-2026-42897 allows attackers to execute JavaScript through specially crafted emails.
The digital scaffolding holding modern networks together is cracking. Cisco Catalyst SD-WAN systems are under siege, with critical authentication bypass vulnerabilities like CVE-2026-20182 being actively exploited by sophisticated threat actors.
The digital storefront is under siege again, and this time it's a popular WordPress plugin bleeding customer payment data. Active exploitation means the threat isn't hypothetical; it's happening now.
Four critical vulnerabilities in OpenClaw, chained together as 'Claw Chain,' have been detailed by researchers, enabling a cascade of severe security compromises. Attackers can now potentially exfiltrate data, seize elevated permissions, and plant persistent backdoors.
Nearly 4,000 attacks have slammed cPanel and WHM instances exploiting a critical authentication bypass. The vulnerability, rated 9.8, grants attackers remote control, but some providers claim to have customers covered.