exploit

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) 2026-07-09 at 15:14 By Zeljka Zorz Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation vulnerability triggered by the RoguePlanet exploit. The vulnerability and the fix CVE-2026-50656 is due to improper link resolution before […]

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) Read More »

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) 2026-07-08 at 17:03 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The flaw was added to the agency’s Known Exploited Vulnerabilities catalog on Tuesday, July 7, nearly two weeks after

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) Read More »

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282) 2026-07-07 at 15:03 By Zeljka Zorz CVE-2026-48282, one of the maximum severity vulnerabilities patched in Adobe ColdFusion on June 30, 2026, has been targeted by attackers in the wild. Exploitation attempts were detected on July 2, through the honeypot sensors of cybersecurity threat-intelligence service KEVIntel, mere minutes after

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282) Read More »

New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones

New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones 2026-06-22 at 13:03 By Eduard Kovacs The vulnerability exploited by the Usbliter8 exploit cannot be patched and a PoC exploit has been released by researchers. The post New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones appeared first on SecurityWeek. This article is an

New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones Read More »

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) 2026-06-17 at 14:26 By Zeljka Zorz Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.” The vulnerability, which has been assigned

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) Read More »

Attackers are exploiting FortiSandbox vulnerabilities

Attackers are exploiting FortiSandbox vulnerabilities 2026-06-16 at 18:27 By Zeljka Zorz Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning came on Monday from threat intelligence company Defused, which said

Attackers are exploiting FortiSandbox vulnerabilities Read More »

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation 2026-06-09 at 18:18 By Ionut Arghire Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation Read More »

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) 2026-06-05 at 15:49 By Zeljka Zorz A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would require

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) Read More »

Exploit Code Published for Critical Flowise RCE Vulnerability

Exploit Code Published for Critical Flowise RCE Vulnerability 2026-05-30 at 18:55 By Ionut Arghire The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek. This article is an excerpt from

Exploit Code Published for Critical Flowise RCE Vulnerability Read More »

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) 2026-05-20 at 11:49 By Zeljka Zorz Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Read More »

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) 2026-05-18 at 16:32 By Zeljka Zorz A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) Read More »

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE 2026-05-18 at 13:58 By Ionut Arghire The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE Read More »

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  2026-05-18 at 08:02 By Eduard Kovacs Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  Read More »

PoC Code Published for Critical NGINX Vulnerability

PoC Code Published for Critical NGINX Vulnerability 2026-05-16 at 14:43 By Ionut Arghire Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

PoC Code Published for Critical NGINX Vulnerability Read More »

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) 2026-05-14 at 17:34 By Zeljka Zorz Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

Google Detects First AI-Generated Zero-Day Exploit

Google Detects First AI-Generated Zero-Day Exploit 2026-05-11 at 16:48 By Eduard Kovacs The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group. The post Google Detects First AI-Generated Zero-Day Exploit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Detects First AI-Generated Zero-Day Exploit Read More »

Dirty Frag: Unpatched Linux vulnerability delivers root access

Dirty Frag: Unpatched Linux vulnerability delivers root access 2026-05-08 at 18:03 By Zeljka Zorz A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka

Dirty Frag: Unpatched Linux vulnerability delivers root access Read More »

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) 2026-04-30 at 15:31 By Zeljka Zorz Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Read More »

Scroll to Top