EMS Patch Trap
FortiClient EMS CVE-2026-35616 was abused to push EKZ Infostealer as a fake…
PAN-OS CVE-2026-0257 Patch
CISA added PAN-OS CVE-2026-0257 to KEV after exploitation. Check GlobalProtect portals and…
Gogs RCE Zero-Day: Check Open Registration
Rapid7 disclosed a critical unpatched Gogs RCE path. Check open registration, repository…
Ghost CMS Exploit Poisons 700 Sites for ClickFix Malware
Attackers are exploiting Ghost CMS CVE-2026-26980 to inject ClickFix loaders into trusted…
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited for Root Scripts
LiteSpeed says CVE-2026-48172 is being actively exploited in its user-end cPanel plugin.…
Langflow CVE-2025-34291: Token Hijack and RCE Added to CISA KEV
Langflow CVE-2025-34291 can turn a malicious webpage into account takeover and RCE…
Trend Micro Apex One CVE-2026-34926 Exploited in the Wild
Trend Micro patched an Apex One on-prem directory traversal flaw after observing…
Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited
Microsoft says two Defender flaws have been exploited. CISA added both to…
Drupal Core CVE-2026-9082: PostgreSQL SQL Injection Patch
Drupal core CVE-2026-9082 is a highly critical PostgreSQL SQL injection flaw. Check…
SonicWall CVE-2024-12802: MFA Bypass Still Exposes SSL-VPNs
SonicWall CVE-2024-12802 can leave SSL-VPN MFA bypassable when firmware is patched but…
ChromaDB CVE-2026-45829 Allows Pre-Auth Server Takeover
HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments…
YellowKey BitLocker Bypass PoC Targets TPM-Only Windows 11 Drives
A public YellowKey proof-of-concept claims a BitLocker bypass path on Windows 11…
