vulnerabilities

| vulnerabilities | Jan 26, 2026

Microsoft 365 0day exploited: No full patch yet

Registry key chaos ftw...

Oracle | Jan 22, 2026

Oracle warns over easily exploitable CVSS 10 bug

Unpatched Fusion Middleware is how Oracle itself got hacked…

ServiceNow | Jan 14, 2026

ServiceNow AI vulnerability: Hardcoded password helped make anyone admin

Spin up rogue AI agents? All it took was a knowing an email address...

| vulnerabilities | Jan 08, 2026

Critical HPE bug exploited: Backdoor, or bad security testing?

Just an undocumented utility API exposed on a public management port without an active session requirement giving an attacker access to all your servers then?

Jan 05, 2026

A CVE explosion - and the lessons from it

8,000+ XSS bugs

vulnerabilities | Dec 28, 2025

MongoBleed exploitation: Community rallies to deliver detection logic, tools

Detection "requires somewhat complex logic which could be tricky to port into most SIEM detection engines..."

Security | Dec 18, 2025

Critical Cisco vulnerability exploited. No patch yet. Attackers gain persistence

A technical support case revealed a remote exploit of web-exposed spam quarantine management to gain root.

React | Dec 16, 2025

React2Shell exploits are going “wild” and even Microsoft is struggling

14 million attack attempts an hour says Cloudflare

| Patch Tuesday | Dec 10, 2025

December's Patch Tuesday brings an 0day - and prompt injection warnings

Microsoft patched 1,139 vulnerabilities in 2025. This month, look out for...

document.currentScript.parentNode.innerHTML = (parseInt(document.currentScript.closest('.iteration-container').dataset.length)).toString();