Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited
Microsoft says two Defender flaws have been exploited. CISA added both to…
Drupal Core CVE-2026-9082: PostgreSQL SQL Injection Patch
Drupal core CVE-2026-9082 is a highly critical PostgreSQL SQL injection flaw. Check…
ChromaDB CVE-2026-45829 Allows Pre-Auth Server Takeover
HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments…
MiniPlasma Windows Zero-Day PoC Gives Local Users SYSTEM Access
A public MiniPlasma proof-of-concept shows local privilege escalation to SYSTEM on fully…
Anthropic Mythos Helped Build a macOS M5 Kernel Exploit
Calif says researchers used Anthropic’s Mythos Preview to build a local macOS…
FunnelKit Checkout Skimmer Hits WooCommerce Payment Pages
Attackers are abusing vulnerable FunnelKit/Funnel Builder installations to inject checkout skimmers into…
Burst Statistics CVE-2026-8181 Exploited for WordPress Admin Takeover
Attackers are exploiting CVE-2026-8181 in the Burst Statistics WordPress plugin. Update to…
Exchange Server CVE-2026-42897 Exploited Through Crafted OWA Email
Microsoft says Exchange Server CVE-2026-42897 has exploitation detected. The current protection path…
Cisco Catalyst SD-WAN CVE-2026-20182 Exploited in Limited Attacks
Cisco patched CVE-2026-20182, a critical Catalyst SD-WAN authentication bypass under limited exploitation.…
Fragnesia CVE-2026-46300 Gives Linux Attackers Root Access
Fragnesia is a separate Linux kernel flaw in the Dirty Frag class.…
YellowKey BitLocker Bypass PoC Targets TPM-Only Windows 11 Drives
A public YellowKey proof-of-concept claims a BitLocker bypass path on Windows 11…
Microsoft Word Preview Pane RCE Bugs Put Outlook Users at Risk
Microsoft patched two critical Word RCE bugs where the Preview Pane is…