In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
Centralized network control, designed for efficiency, has inadvertently created the ultimate honeypot for attackers. A new Cisco SD-WAN vulnerability serves as a stark reminder of this paradox.
Eighteen years. That's how long a critical flaw sat hidden in NGINX, the web server powering a third of the internet. Discovered recently, this vulnerability can be exploited for serious damage, from crashing servers to executing arbitrary code.
They talk a good game, these AI models, but they're getting it spectacularly wrong. And when 'wrong' means compromising critical infrastructure, we've got a problem.
Just when you thought the kernel was stable, another universal Linux privilege escalation flaw pops up. Fragnasia lets attackers break into root, no shell game required.
Just when you thought the virtualization world was catching its breath, Broadcom dropped a patch for VMware Fusion. A high-severity vulnerability, CVE-2026-41702, has been quietly fixed, but the implications linger.
Eighteen years. That's how long a critical NGINX vulnerability sat dormant, waiting to be found. Discovered by depthfirst, NGINX Rift (CVE-2026-42945) allows unauthenticated attackers to execute code remotely.
Another week, another Linux kernel vuln. This one’s a doozy, granting root access. Call it Fragnesia. It's the latest in a disturbing trend.
Exim, the ubiquitous mail server, has a gaping vulnerability. And it took AI seven days to help craft an exploit. That should worry everyone.
Your data's supposed to be safe. It's not. Two critical Windows zero-day exploits are now public, leaving BitLocker-protected drives vulnerable.
Microsoft’s Windows Autopatch has a fix for a bug that ignored admin policies and pushed drivers. EU users were the unfortunate test subjects.
Forget quarterly pentests. The latest data shows AI-driven attacks can breach systems in under two minutes. The question isn't if you're compliant, but what's actually getting through your defenses right now.
A wave of malicious packages has forced RubyGems.org, the central repository for Ruby libraries, to shut down new account registrations. This move highlights ongoing supply chain vulnerabilities that threaten developer workflows.