Security Articles

Stay ahead of emerging threats with expert analysis from 144 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Tuesday, June 16, 2026, the most urgent items for production stacks: a Palo Alto Networks GlobalProtect flaw, CVE-2026-0257, is under active exploitation — an authentication bypass in the GlobalProtect VPN portal (the gateway your remote staff log in through), meaning an attacker can slip past the login screen without valid credentials and reach your internal network, so apply Palo Alto's fix immediately and review the portal for unfamiliar sessions. The Oracle PeopleSoft zero-day CVE-2026-35273 is being used by the ShinyHunters extortion crew to break into more than 100 universities — a zero-day means a flaw the vendor had no patch ready for when attacks began, so the only defense is applying Oracle's emergency fix the moment it lands and watching for unfamiliar logins. Google has shipped an emergency patch for the Chrome V8 zero-day CVE-2026-11645, already under active exploitation through nothing more than a booby-trapped web page, so update every browser in your business today. The LiteLLM flaw CVE-2026-42271 has landed on the CISA Known Exploited Vulnerabilities (KEV) catalog — the U.S. government's list of bugs confirmed to be under real-world attack — and lets intruders run their own code on exposed AI gateways, the servers that broker requests between your apps and AI models. The Langflow bug CVE-2026-5027 is a path-traversal flaw — one that tricks a server into reaching files outside its intended folder — letting unauthenticated attackers plant code on roughly 7,000 internet-exposed AI servers. And the "Velvet Ant" espionage group quietly backdoored Linux PAM and OpenSSH — the components that handle logins on most Linux servers — to live undetected inside a single network for nearly a decade, a reminder that intrusion detection matters as much as patching. If your business runs Palo Alto GlobalProtect VPN, Oracle PeopleSoft, Chrome, self-hosted AI tooling like LiteLLM or Langflow, or Linux servers, these advisories require action now — start with the article-level remediation steps below.

Severity: All Critical High Medium Low
128 articles found
Featured Story
critical
May 29, 2026
criticalCVE AdvisoryVulnerability

CRITICAL: FortiClient EMS Bug CVE-2026-35616 Weaponized to Push EKZ Infostealer Across Managed Fleets

Threat actors are abusing CVE-2026-35616, a CVSS 9.1 pre-authentication API bypass in FortiClient EMS, to hijack endpoint management consoles and push the newly identified EKZ infostealer to every managed endpoint disguised as FortiEndpoint_Patch.exe. Patch to 7.4.7 immediately and hunt for indicators in EMS logs and on managed hosts.

By Danny MercerRead Full Article
high
CVE AdvisoryVulnerabilityMay 28, 2026

HIGH: Iranian MuddyWater APT Hits Nine Countries With Signed-Binary DLL Side-Loading Through SentinelOne and Fortemedia

Symantec and Carbon Black detail a Q1 2026 MuddyWater espionage campaign that breached nine organisations across nine countries on four continents, abusing signed SentinelOne and Fortemedia binaries for DLL side-loading and deploying ChromElevator, a Node.js implant, and the FileFiend exfiltration tool. The Iranian MOIS-linked group is moving toward quieter, more disciplined operations.

Read more
high
CVE AdvisoryVulnerabilityMay 23, 2026

HIGH: Drupal Core SQL Injection CVE-2026-9082 Hits CISA KEV Days After Disclosure

Drupal disclosed SA-CORE-2026-004 (CVE-2026-9082), a Highly Critical SQL injection in the core database abstraction API that lets unauthenticated attackers escalate privileges and reach remote code execution on PostgreSQL-backed sites. Imperva is tracking 15,000+ attack attempts against nearly 6,000 sites across 65 countries. CISA added the bug to KEV on May 22 with a federal patch deadline of May 27, 2026.

Read more
critical
CVE AdvisoryVulnerabilityMay 22, 2026

CRITICAL: Cisco Secure Workload Hit With CVSS 10.0 REST API Flaw That Hands Over Site Admin

Cisco disclosed CVE-2026-20223, a maximum severity CVSS 10.0 flaw in Secure Workload that allows unauthenticated remote attackers to gain Site Admin privileges by sending crafted requests to internal REST API endpoints. The vulnerability crosses tenant boundaries on both SaaS and on-premises deployments, has no workarounds, and is fixed in releases 3.10.8.3 and 4.0.3.17.

Read more
high
CVE AdvisoryVulnerabilityMay 21, 2026

HIGH: Microsoft Defender Burns Again as Two New Zero-Days Hit Active Exploitation

Microsoft confirmed on May 21 that CVE-2026-41091, a CVSS 7.8 link-following privilege escalation in the Microsoft Malware Protection Engine, and CVE-2026-45498, a denial-of-service flaw in the Defender Antimalware Platform, are both under active exploitation. CISA added both to the KEV catalog with a June 3 federal remediation deadline. Defender engine version 1.1.26040.8 and Antimalware Platform 4.18.26040.7 contain the fixes and ship automatically through definition updates.

Read more
high
CVE AdvisoryVulnerabilityMay 20, 2026

HIGH: Microsoft Ships Mitigation for YellowKey BitLocker Bypass Zero-Day (CVE-2026-45585)

Microsoft published mitigation guidance for CVE-2026-45585, the YellowKey BitLocker bypass zero-day publicly disclosed by researcher Chaotic Eclipse last week. The flaw lives in the FsTx Auto Recovery Utility inside Windows Recovery Environment and lets anyone with physical access and a USB stick spawn an unrestricted shell with the BitLocker-protected volume already mounted. Windows 11 24H2, 25H2, 26H1 and Windows Server 2025 are affected.

Read more
critical
CVE AdvisoryVulnerabilityMay 18, 2026

CRITICAL: 18-Year-Old NGINX Rewrite Module Flaw Hits Active Exploitation in Days

A heap buffer overflow lurking in NGINX's ngx_http_rewrite_module since 2008 went from coordinated disclosure to active in-the-wild exploitation in roughly seventy-two hours. CVE-2026-42945 affects every release from 0.6.27 through 1.30.0 across both Open Source and Plus, can crash worker processes trivially, and can reach remote code execution on hosts where ASLR is disabled. Patches are available in NGINX 1.30.1 and 1.31.0.

Read more
critical
CVE AdvisoryVulnerabilityMay 17, 2026

CRITICAL: Cisco Catalyst SD-WAN CVE-2026-20182 Hits CVSS 10.0 with Active Exploitation by UAT-8616

Cisco patched CVE-2026-20182, a CVSS 10.0 authentication bypass in Catalyst SD-WAN Controller and Manager that lets an unauthenticated remote attacker gain administrative access via the vdaemon peering service on UDP/12346. CISA added the flaw to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of May 17, 2026. Threat cluster UAT-8616 is actively exploiting it. No workarounds, only patches.

Read more
high
CVE AdvisoryVulnerabilityMay 16, 2026

HIGH: Microsoft Exchange Server XSS Flaw CVE-2026-42897 Under Active Attack

Microsoft Exchange Server CVE-2026-42897 is a cross-site scripting flaw in Outlook Web Access that lets a crafted email execute JavaScript in the victim OWA session. CISA added it to the Known Exploited Vulnerabilities catalog on May 15, 2026 after confirmed in-the-wild exploitation, with a May 29 federal mitigation deadline. Exchange Server 2016, 2019, and Subscription Edition are affected. Exchange Online is not. Microsoft scored it CVSS 8.1, and patches shipped in the May 2026 security update.

Read more
critical
CVE AdvisoryVulnerabilityMay 12, 2026

CRITICAL: cPanel WHM Authentication Bypass CVE-2026-41940 Exploited for Two Months Before Patch

cPanel and WHM are bleeding root through CVE-2026-41940, a CVSS 9.8 CRLF-injection authentication bypass that has been exploited in the wild since late February 2026. The April 28 patch is available now, but attackers running automated campaigns from over 2,000 source IPs have been deploying a cross-platform Go backdoor on compromised hosts for two months. Patch immediately and assume breach on any internet-exposed unpatched server.

Read more
high
CVE AdvisoryVulnerabilityMay 11, 2026

HIGH: Ivanti EPMM CVE-2026-6973 Under Active Exploitation, CISA Mandates 3-Day Federal Patch Deadline

Ivanti has confirmed in-the-wild exploitation of CVE-2026-6973, an authenticated remote code execution flaw in on-premises Endpoint Manager Mobile rated CVSS 7.2. CISA added the bug to its Known Exploited Vulnerabilities catalog on May 7 and gave federal agencies until May 10, 2026 to remediate. The exploitation pattern strongly suggests reuse of admin credentials harvested during the unauthenticated EPMM compromises disclosed in January 2026.

Read more
high
CVE AdvisoryVulnerabilityMay 9, 2026

Zara Joins the Anodot Casualty List as ShinyHunters Cashes In on Third-Party Trust

Inditex confirmed roughly 197,000 Zara customer records were exposed via Anodot, an Israeli AI analytics platform compromised by ShinyHunters. The crew used stolen authentication tokens to pivot into BigQuery instances of multiple downstream customers, hauling out 140GB from Zara alone. Email addresses, order IDs, SKUs, and support tickets leaked, but no payment data or passwords. The supply-chain pattern mirrors the 2024 Snowflake campaign.

Read more
high
CVE AdvisoryVulnerabilityMay 9, 2026

HIGH: 'Dirty Frag' Linux Kernel Bugs Hand Locals Root, One Half Already Patched, RxRPC Half Still Open (CVE-2026-43284, CVE-2026-43500)

Two Linux kernel page-cache write bugs collectively named Dirty Frag let any unprivileged local user pop a root shell in one command. CVE-2026-43284 in xfrm-ESP was patched May 8. CVE-2026-43500 in RxRPC is still unpatched. Microsoft has already seen active exploitation in the wild and a public proof-of-concept is on GitHub.

Read more

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

PreviousPage 2 of 7Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.