vulnerabilities

| Microsoft | May 28, 2026

Microsoft stirs a hornets nest over “criminal” zero day disclosure threats

A BitLocker "backdoor" remains unpatched, whilst "RedSun", "UnDefend, "BlueHammer" get exploited in the wild.

Cisco | May 15, 2026

Over 10 threat groups are now feasting on your Cisco SD-WAN

The latest open door? A CVSS 10 authentication bypass, for network on a plate

| Patch Tuesday | May 12, 2026

Pwn a CEO with a single email? Patch Tuesday brings nasty zero-click Outlook bug

Redmond "lists this as a Microsoft Word bug, which may or may not be entirely accurate... it is a genuine Outlook 0-click RCE"

| linux | May 04, 2026

Copy Fail exploitation has begun, and Brian Pak is sorry for the chaos

"The current coordination model really needs to be improved..."

| vulnerabilities | Apr 30, 2026

Linux bug “Copy Fail”: Short Python script gives root on… everything?

“A very stable and straightforward exploit” across distros, developed after Xint Code pointed an LLM at the Linux kernel for “about an hour”

vulnerabilities | Apr 29, 2026

The internet's control plane, cPanel is under attack

Pre-auth RCE to root with a few HTTP requests. First IOCs start landing...

Cisco | Apr 25, 2026

FIRESTARTER backdoor used for persistence on Cisco boxes in "widespread campaign

The only real way to spot the malware is memory analysis. Organisations can get a disk image by opening a Cisco Technical Assistance Center (TAC) case. Good luck, y'all.

ActiveMQ | Apr 23, 2026

Apache ActiveMQ bug chain gives pre-auth RCE, is getting exploited

Found with Claude, not in KEV yet...

| Security | Apr 16, 2026

Overstretched NIST to limit CVE enrichments

More than 100,000 CVE likely to be left without additional details after backlog reached breaking point.

document.currentScript.parentNode.innerHTML = (parseInt(document.currentScript.closest('.iteration-container').dataset.length)).toString();