🚨 Important Security Alert! An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to e...

Linus Torvalds Critiques AI-Powered Bug Hunters for Linux Security Linux kernel boss Linus Torvalds has declared that the project’s security mailing list has become “almost entirely unmanageable” ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2026-7373 Rapid7 - Metasploit Pro...

Grafana Rejects Ransom Demand After Source Code Theft 🚨 Grafana Labs has reported that an attacker gained access to part of its GitHub environment using a compromised token, allowing them to downl...

Microsoft Rejects Critical Azure Vulnerability Report 🚨 A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report and blocking a CVE fro...

Security Update Guide - Loading The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component. If the vulnerable component is...

Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities 🚨 Two critical memory-safety vulnerabilities in PHP’s image-processing functions could allow attackers to leak sensitive heap ...

First Public Kernel Memory Corruption 🚀 Apple has spent five years developing hardware and software to make memory corruption exploits significantly harder. However, our engineers, in collaboratio...

Gamaredon’s Infection Chain: Spoofed Emails, GammaDrop and GammaLoad 🚀 Investigating Gamaredon’s abuse of CVE-2025-8088, we identified a dozen waves of spearphishing emails targeting Ukrainian sta...

Zero-day Exploit Bypasses Windows 11 BitLocker Protection 🚨 A zero-day exploit circulating online allows individuals with physical access to a Windows 11 system to bypass default BitLocker protect...

The Time of Much Patching is Coming 🚀 The reality is that software engineering is hard. Identifying and fixing bugs before they make it into production code is challenging. Source code peer review...

Tether Tron Trm Financial Crime Unit Freezes 450 Million in Crypto Funds 🚀 A financial crimes unit formed by three major cryptocurrency firms announced Thursday that it has frozen more than $450 m...

Welcome to Day One of Pwn2Own Berlin 2026! 🎉 Today, 22 entries took the Pwn2Own stage to target AI Databases, Coding Agents, Local Inferences, and a separate category for NVIDIA products. The worl...

PraisonAI Vulnerability Scanned Within Hours 🚨 A newly disclosed authentication bypass flaw (CVE-2026-44338) in PraisonAI drew near-instant probing, exposing risks from default-insecure AI APIs. J...

Kazuar: Anatomy of a Nation-State Botnet Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues t...

Quest KACE SMA Flaw CVE-2025-32975: A Critical Vulnerability 🚨 CVE-2025-32975 is a critical flaw in Quest KACE SMA, a tool used for endpoint management. If exploited, this vulnerability could impa...

Glances 4.5.2 - Command Injection Vulnerability 🚨 A high-severity command injection vulnerability has been identified in Glances versions prior to 4.5.3. These versions support dynamic configurati...

Coreruleset 4.21.0 - Firewall Bypass 🚨 An exploit titled ‘coreruleset 4.21.0 - Firewall Bypass’ has been published, detailing a critical vulnerability tracked as CVE-2026-21876 (EDB-ID: 52558). Th...

Major Security Vulnerabilities Found in MCP Servers 🚨 Security vulnerabilities in MCP servers for three popular database projects could allow attackers to execute unintended SQL statements on Apac...

AWS to Quick Admins: Access Control Issues and Customer Impact On May 12, Fog Security disclosed an authorization bypass in Amazon Quick, a BI service. AWS responded, stating that “no customer dat...