Don’t miss

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, vulnerability /

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) 2026-05-15 at 14:32 By Zeljka Zorz A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of […]

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) Read More »

Deepfake detection is losing ground to generative models

cybersecurity, deepfakes, Don't miss, News, research /

Deepfake detection is losing ground to generative models 2026-05-15 at 09:04 By Sinisa Markovic Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, frequencies, and biometric signals to answer that question, and the best of

Deepfake detection is losing ground to generative models Read More »

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

containers, Don't miss, exploit, Hot stuff, Linux, News, PoC, servers, vulnerability /

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) 2026-05-14 at 17:34 By Zeljka Zorz Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) Read More »

Vector embedding security gap exposes enterprise AI pipelines

AI, cybersecurity, Data exfiltration, Don't miss, GitHub, Hot stuff, News, research /

Vector embedding security gap exposes enterprise AI pipelines 2026-05-14 at 08:30 By Mirko Zorz Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector databases

Vector embedding security gap exposes enterprise AI pipelines Read More »

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days

Automox, Don't miss, Hot stuff, Microsoft, MS Office, News, Tenable, Trend Micro, Windows, Windows Server /

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days 2026-05-13 at 00:31 By Zeljka Zorz Microsoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days Read More »

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)

backdoor, cPanel, cybercrime, Don't miss, Hot stuff, Japan, News, vulnerability, web shell /

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) 2026-05-12 at 20:12 By Zeljka Zorz Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) Read More »

Amazon Quick authorization bypass let users reach blocked AI chat agents

AI, AWS, Don't miss, HackerOne, Hot stuff, News, vulnerability, vulnerability disclosure /

Amazon Quick authorization bypass let users reach blocked AI chat agents 2026-05-12 at 20:12 By Mirko Zorz Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those

Amazon Quick authorization bypass let users reach blocked AI chat agents Read More »

Download: The IT and security field guide to AI adoption

Don't miss, News, Tines, Whitepapers and webinars /

Download: The IT and security field guide to AI adoption 2026-05-12 at 17:35 By Help Net Security Security and IT teams are under pressure to adopt AI, but many are seeing the opposite of what was promised. Tools that demo well don’t hold up in real workflows. Complexity increases. Trust breaks down. And instead of

Download: The IT and security field guide to AI adoption Read More »

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)

continuous integration, Don't miss, Hot stuff, JetBrains, News, software delivery, vulnerability /

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) 2026-05-12 at 17:35 By Zeljka Zorz JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security patch. About CVE-2026-44413 CVE-2026-44413

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) Read More »

HEIDI: Free IDE security plugin for open-source vulnerability checks

Connecting Software, DevSecOps, Don't miss, LLMs, News, programming, software, software development, supply chain /

HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a

HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »

The hidden smart fridge risks that emerge years after purchase

Bosch, data collection, Don't miss, Endpoint Security, Features, hardware, Hot stuff, Internet of Things, LG, News, Privacy, research, Samsung /

The hidden smart fridge risks that emerge years after purchase 2026-05-12 at 09:28 By Mirko Zorz Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide,

The hidden smart fridge risks that emerge years after purchase Read More »

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

cybersecurity, Don't miss, Hot stuff, Linux, News, operating system, system hardening, vulnerability disclosure, vulnerability management /

Linux developers weigh emergency “killswitch” for vulnerable kernel functions 2026-05-11 at 16:48 By Zeljka Zorz Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the

Linux developers weigh emergency “killswitch” for vulnerable kernel functions Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

0-day, AI, APT, attack, cybercrime, cybersecurity, Don't miss, exploit, Google, Google Cloud, Hot stuff, Mandiant, News, report, Russian Federation, threats /

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

Rustinel: Open-source endpoint detection for Windows and Linux

Don't miss, Endpoint Security, GitHub, Hot stuff, Linux, News, open source, scanning, security telemetry, Windows /

Rustinel: Open-source endpoint detection for Windows and Linux 2026-05-11 at 08:51 By Mirko Zorz Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a

Rustinel: Open-source endpoint detection for Windows and Linux Read More »

Review: Foundations of Cybersecurity, 2nd edition

Don't miss, News, Reviews /

Review: Foundations of Cybersecurity, 2nd edition 2026-05-11 at 08:18 By Mirko Zorz Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet of Things, and AI. About the author Jason Andress

Review: Foundations of Cybersecurity, 2nd edition Read More »

Dirty Frag: Unpatched Linux vulnerability delivers root access

cybersecurity, Don't miss, exploit, Hot stuff, Linux, News, vulnerability /

Dirty Frag: Unpatched Linux vulnerability delivers root access 2026-05-08 at 18:03 By Zeljka Zorz A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka

Dirty Frag: Unpatched Linux vulnerability delivers root access Read More »

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)

0-day, Don't miss, endpoint management, Hot stuff, Ivanti, News, vulnerability /

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) 2026-05-08 at 13:30 By Zeljka Zorz Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) Read More »

Product showcase: NetGuard open-source firewall for Android

Android, Don't miss, firewall, Google Play, network monitoring, News, open source, Product showcase, software /

Product showcase: NetGuard open-source firewall for Android 2026-05-08 at 08:17 By Anamarija Pogorelec NetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to be chained, so the app uses the Android VPN service to route all

Product showcase: NetGuard open-source firewall for Android Read More »

What Mozilla learned running an AI security bug hunting pipeline on Firefox

AI, Anthropic, BH Consulting, Brian Honan, code analysis, Don't miss, Firefox, Hot stuff, Mozilla, News, strategy, tips /

What Mozilla learned running an AI security bug hunting pipeline on Firefox 2026-05-08 at 01:14 By Mirko Zorz Over the past several months, Mozilla ran an agentic harness powered by Claude Mythos Preview across Firefox’s source code, identifying 271 security bugs that were fixed in Firefox 150, with additional fixes shipped in versions 149.0.2 and

What Mozilla learned running an AI security bug hunting pipeline on Firefox Read More »

Scroll to Top