CISA Expands Vulnerability Reporting
CISA has created a new pathway for researchers to report vulnerabilities to its Known Exploited Vulnerabilities catalog, enhancing its ability to identify and share critical threat information.
131 articles
CISA has created a new pathway for researchers to report vulnerabilities to its Known Exploited Vulnerabilities catalog, enhancing its ability to identify and share critical threat information.
CISA acting director Nick Andersen warns of the risks posed by open-source vulnerabilities and the need for urgent security improvements to prevent widespread attacks.
Google accidentally leaked details of an unfixed Chromium flaw that allows remote code execution on devices, impacting all Chromium-based browsers.
The UK's proposed cybercrime law reform would offer limited legal protections, leaving most security researchers vulnerable to prosecution.
GitHub's internal repositories were impacted after an employee device was compromised through a poisoned Visual Studio Code extension, with critical secrets rotated and the highest-impact credentials prioritized first.
A reported public exposure of sensitive CISA credential data on GitHub has raised concerns and prompted Congress to demand answers from the agency.
Identity alone is no longer sufficient for cybersecurity, as device security must share the load to prevent attacks, with 44.7% of breaches involving stolen credentials.
Microsoft released Rampart and Clarity, two new AI-powered tools to help developers design more secure software and assist incident responders in the face of ongoing breaches.
Microsoft has shared mitigations for the YellowKey Windows zero-day vulnerability, tracked as CVE-2026-45585, which grants access to protected drives.
Microsoft blames a recent macOS security update for non-dismissible location prompts in the Teams app on some macOS systems, affecting users who have enabled location access in their Teams settings.
Microsoft is introducing the Driver Quality Initiative to improve Windows 11 driver quality, focusing on safer user-mode drivers and better Windows Update catalog hygiene.
A previously unknown vulnerability in Huawei enterprise router software was exploited in a zero-day attack, causing a nationwide telecoms outage in Luxembourg last year.
Microsoft has disrupted a malware-signing-as-a-service operation that abused its Artifact Signing platform to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals.
New AI models like Anthropic's Mythos and OpenAI's Daybreak are generating a flood of vulnerability reports, but many are low-quality submissions without proof of concept.
A new Windows zero-day exploit dubbed 'MiniPlasma' gives attackers SYSTEM access on fully patched Windows systems, with a proof-of-concept released by researcher Chaotic Eclipse.
The Canvas breach exposed 3.65 terabytes of data from 275 million users, highlighting the need for robust SaaS security and identity governance.
Microsoft Edge will no longer load saved passwords into memory on startup, following a security researcher's disclosure of the browser's behavior.
Microsoft and other major software vendors released a record volume of security patches this month, addressing over 1,000 vulnerabilities, with 118 fixes from Microsoft alone.
A max-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller and Manager is being exploited by a persistent threat group, with a CVSS rating of 10 and potential for high-impact operations.
Microsoft rejected a critical Azure vulnerability report, claiming the issue was expected behavior, despite the researcher documenting a silent patch.
Two vulnerabilities in the Avada Builder plugin allow hackers to read arbitrary files and extract sensitive information from the database, potentially leading to site credential theft.
Microsoft Edge stores passwords in process memory, posing a significant risk to enterprise security, especially in shared environments.
TeamPCP hackers are selling nearly 450 Mistral AI code repositories for $25,000 after a supply-chain attack compromised the company's codebase management system.
Microsoft is introducing Cloud-Initiated Driver Recovery, a feature that automatically rolls back faulty Windows drivers delivered through Windows Update.
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages, affecting over 40,000 websites.
A critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, is being exploited in zero-day attacks, allowing attackers to gain administrative privileges on compromised devices.
An 18-year-old flaw in NGINX, tracked as CVE-2026-42945, can be exploited for denial of service and potential remote code execution under certain conditions.
OpenAI is taking actions to protect users after a supply chain attack corrupted the signing keys used to verify the company's applications, with macOS users required to update by June 12.
Hackers are exploiting a critical authentication bypass vulnerability in the Burst Statistics WordPress plugin, tracked as CVE-2026-8181, to gain admin-level access to websites.
OpenAI confirms a security breach in the recent TanStack supply chain attack, which impacted hundreds of npm and PyPI packages, with two employees' devices breached and code-signing certificates rotated as a precaution.
Hackers targeted a PraisonAI vulnerability less than four hours after public disclosure, with exploitation attempts starting within three hours and 44 minutes.
Microsoft and Palo Alto Networks used AI to discover dozens of vulnerabilities in their own code, highlighting the potential of AI in cybersecurity.
A critical vulnerability in Exim mailer, identified as CVE-2026-45185, allows remote code execution on affected Linux and Unix servers.
Sweet Security introduces Agentic AI Red Teaming to counter the 'Mythos Moment' with automated continuous red teaming built on detailed knowledge of each client's infrastructure.
Microsoft has released Windows 11 KB5089549 and KB5087420 cumulative updates to fix security vulnerabilities and add new features, including an Xbox mode on desktop.
The US House Committee on Homeland Security is investigating a massive breach at Instructure's Canvas platform, which impacted millions of students and educators.
Google has launched a feature for Android phones to make it harder for spyware vendors to hide, with a new intrusion logging feature that keeps track of possible intrusions for forensic purposes.
Android 17 will introduce several security and privacy features, including expanded protections against banking scam calls and device theft.
A test of Anthropic's Claude Mythos model found only one low-severity vulnerability in the open source data transfer tool curl, casting doubt on the AI company's claims.
Google has identified a zero-day exploit believed to have been developed using artificial intelligence, designed to bypass two-factor authentication on an open source web-based system administration tool.
Google researchers found a zero-day exploit likely generated using AI, targeting a popular open-source web administration tool to bypass two-factor authentication protection.
Changing passwords doesn't immediately invalidate old credentials across every authentication path in Active Directory and hybrid Entra ID environments, leaving a window for attackers to maintain access.
A rogue version of the CheckMarx Jenkins Application Security Testing plugin was published on the Jenkins Marketplace, containing credential-stealing malware.
A build application firewall may be the solution to prevent supply chain attacks by inspecting each package that enters the build process.
RansomHouse hackers have claimed responsibility for a breach of Trellix's source code repository, leaking screenshots as proof of the intrusion.
Attackers are exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile, with limited exploitation reported in the wild, requiring authenticated administrative access to implement.
Modern DLP controls often lack visibility into browser-based data movement, with 46% of sensitive file uploads sent to unsanctioned accounts.
The Trump administration is redirecting the CyberCorps Scholarship For Service program toward artificial intelligence, leaving current scholars uncertain about their future employability
The US government proposes 72-hour patch cycles for critical vulnerabilities, while a new Linux backdoor called PamDOORa is being marketed on a Russian cybercrime forum.
A flaw in the Claude Chrome extension allows any other plugin to hijack victims' AI, potentially extracting files and sending emails on behalf of users.
Ivanti warned customers to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile exploited in zero-day attacks, with over 850 IP addresses exposed online.
ShinyHunters extortion gang breached education technology giant Instructure, defacing Canvas login portals for hundreds of colleges and universities, threatening to leak stolen data if a ransom is not paid by May 12, 2026.
Suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability, tracked as CVE-2026-0300, for nearly a month, allowing unauthenticated attackers to execute arbitrary code with root privileges.
A critical zero-day vulnerability, CVE-2026-0300, is being exploited in the wild, affecting some Palo Alto Networks' customers' firewalls, allowing unauthenticated attackers to run code with root privileges.
Palo Alto Networks warns of a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal, tracked as CVE-2026-0300, which is being exploited in attacks.
A defense technology company exposed user records and military training materials through API endpoints lacking authorization checks, affecting hundreds of user records and sensitive course information.
DAEMON Tools devs confirm breach, release malware-free version after supply chain attack trojanized software, impacting thousands of systems worldwide.
Australia has launched a Cyber Incident Review Board to conduct independent reviews of major cyberattacks, focusing on systemic lessons rather than individual culpability.
Approximately 5.4 million end-of-life package versions are not being checked by security tools, leaving organizations vulnerable to exploits.
Joey Melo, a Principal Security Researcher at CrowdStrike, discusses his approach to hacking AI systems, focusing on controlling the experience without changing the rules.
Attackers are actively exploiting a Linux vulnerability, dubbed 'Copy Fail', which allows for total control of a system with authenticated local access, affecting mainstream Linux kernels built since 2017.
Microsoft Defender has incorrectly identified legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading to false-positive alerts and removal of certificates from Windows systems.
Microsoft confirms that the April 2026 security updates cause failures in third-party backup applications using the psmounterex.sys driver due to a VSS service timeout.
Anthropic's AI model Mythos discovered thousands of unknown software vulnerabilities, highlighting the risk of AI agents exploiting security flaws and impersonating humans.
A Brazilian tech firm specializing in DDoS protection has been linked to a botnet responsible for massive DDoS attacks against Brazilian ISPs, with evidence suggesting a security breach and potential competitor involvement.
A severe authentication bypass vulnerability in cPanel, tracked as CVE-2026-41940, is being actively exploited in the wild, affecting over 1.5 million instances.
Microsoft has released the KB5083631 optional cumulative update for Windows 11, including 34 changes and fixes, such as a new Xbox mode and improved security for batch files.
ConsentFix v3 attacks automate OAuth abuse against Microsoft Azure, using social engineering and phishing to obtain tokens and hijack accounts despite multi-factor authentication.
Cisco has released an open source tool, Model Provenance Kit, to help organizations address potential issues associated with the use of third-party AI models.
Microsoft has fixed a bug causing Remote Desktop security warnings to display incorrectly on devices with multiple monitors and different display scaling settings.
CISA has issued separate advisories for vulnerabilities in Zero Motorcycles electric bikes and Yadea T5 scooters that could allow attackers to upload malicious firmware or steal vehicles outright.
CrowdStrike has addressed a critical unauthenticated path traversal bug in its LogScale product, while Tenable patched a high-severity flaw in its Nessus scanner that could allow arbitrary file deletion and code execution with System privileges.
Over 10,500 Zimbra Collaboration Suite servers exposed to the internet are still unpatched against CVE-2025-48700, an actively exploited cross-site scripting flaw. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch within three days.
A newly disclosed vulnerability tracked as CVE-2026-41651, dubbed 'Pack2TheRoot,' allows local Linux users to gain root privileges through the PackageKit daemon. The high-severity flaw has existed for nearly 12 years and affects numerous popular distributions.
Microsoft is rolling out phishing-resistant passkey support for Entra-protected resources on Windows devices beginning late April, with general availability expected by mid-June 2026.
Attackers are actively exploiting CVE-2026-3844, a critical 9.8-severity vulnerability in the Breeze Cache WordPress plugin, enabling unauthenticated file uploads and potential remote code execution across hundreds of thousands of sites.
Apple pushed out-of-band security updates on April 22, 2026, to address CVE-2026-28950, a Notification Services bug that allowed deleted notifications to persist on iPhone and iPad devices.
More than 1,300 Microsoft SharePoint servers remain unpatched against CVE-2026-32201, a spoofing vulnerability that was exploited as a zero-day before patches arrived and continues to be abused in ongoing attacks.
CISA expanded its Known Exploited Vulnerabilities catalog by eight flaws on Monday, including three newly flagged issues in Cisco Catalyst SD-WAN Manager, Kentico Xperience, and Zimbra Collaboration Suite.
Pillar Security researchers discovered a vulnerability in Google's Antigravity AI developer tool that combined prompt injection with file-creation capabilities to bypass secure mode and grant attackers remote code execution.
Forescout Technologies has uncovered 20 new vulnerabilities in serial device servers from Silex and Lantronix, collectively dubbed BRIDGE:BREAK, enabling remote code execution, firmware tampering, and device takeovers in critical OT and healthcare environments.
Threat actors have spent over a year attempting to exploit CVE-2023-33538, a high-severity command injection flaw in discontinued TP-Link routers, but errors in their own exploit code have prevented any successful compromise, according to Palo Alto Networks.
Threat actors are actively exploiting three leaked Windows privilege escalation vulnerabilities in the wild, with only one patched so far. Huntress Labs confirmed all three exploits deployed in real attacks as of mid-April 2026.
A chained attack dubbed NomShub could allow adversaries to silently hijack developer machines through malicious repositories opened in Cursor AI, requiring no user interaction beyond a single click.
NIST has announced it will stop assigning severity scores and additional details to lower-priority vulnerabilities in the National Vulnerability Database, citing a 263% surge in submission volumes it can no longer keep pace with.
CISA has added CVE-2026-34197, a high-severity Apache ActiveMQ vulnerability discovered after 13 years, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch by April 30.
A critical Apache ActiveMQ Classic flaw tracked as CVE-2026-34197, dormant in the codebase for 13 years, is being actively exploited just weeks after patched versions were released. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal patch deadline of April 30.
A code regression introduced by a recent Microsoft Edge update has left Teams desktop users unable to paste content via right-click context menus. Microsoft is rolling out a staged fix while recommending keyboard shortcuts as a workaround.
A critical remote code execution flaw tracked as GHSA-xq3m-2v4x-88gg has been discovered in protobuf.js, a JavaScript library pulling nearly 50 million weekly npm downloads. Proof-of-concept exploit code is now public, though no active in-the-wild attacks have been observed.
Microsoft has confirmed that installing the April 2026 security update KB5082063 can cause LSASS crashes and endless restart loops on non-Global Catalog domain controllers in environments using Privileged Access Management.
A researcher calling themselves 'Chaotic Eclipse' has released a proof-of-concept exploit for a second Microsoft Defender zero-day dubbed 'RedSun,' which grants SYSTEM privileges on fully patched Windows 10, Windows 11, and Windows Server systems.
Splunk has released security fixes addressing a high-severity remote code execution vulnerability tracked as CVE-2026-20204 in Splunk Enterprise and Cloud Platform, along with several other flaws across its product lineup.
Microsoft is investigating why this month's KB5082063 security update is failing to install on certain Windows Server 2025 systems, with affected machines reporting error code 0x800F0983.
NIST has announced it will only enrich CVE records that meet specific priority criteria, abandoning its longstanding goal of processing every submitted vulnerability as submission volumes grow exponentially.
Overwhelmed by a growing flood of vulnerabilities, NIST has announced it will limit in-depth CVE analysis to those in CISA's known exploited vulnerabilities catalog, federal government software, and critical software under Executive Order 14028.
A critical unauthenticated vulnerability in Nginx UI's Model Context Protocol endpoint is being actively exploited in the wild, enabling attackers to fully take over web servers without credentials. Over 2,600 publicly exposed instances remain potentially vulnerable.
CISA has added CVE-2025-60710, a Windows Task Host privilege escalation vulnerability patched by Microsoft in November 2025, to its actively exploited vulnerabilities catalog, giving federal agencies two weeks to patch.
Microsoft has confirmed that installing the April 2026 KB5082063 security update can push certain Windows Server 2025 machines into BitLocker recovery mode on first reboot, affecting systems with specific Group Policy configurations.
Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa have all published new ICS security advisories, addressing vulnerabilities ranging from critical Wi-Fi flaws to privilege escalation and denial-of-service issues.
Microsoft's April 2026 Patch Tuesday addresses 167 security vulnerabilities, including an actively exploited SharePoint Server zero-day and the publicly disclosed BlueHammer flaw in Windows Defender. Google Chrome and Adobe Reader also received urgent security fixes this cycle.
Microsoft's April 2026 cumulative updates for Windows 10 and Windows 11 introduce new safeguards against phishing attacks that weaponize Remote Desktop Protocol (.rdp) files, including security warnings and disabled resource redirections by default.
Google has embedded a Rust-based DNS parser into the modem firmware of Pixel phones, starting with the Pixel 10 series, to eliminate an entire class of memory-safety vulnerabilities in a critical and remotely accessible attack surface.
SAP released 20 security notes on its April 2026 patch day, led by CVE-2026-27681, a critical 9.9-rated SQL injection vulnerability in Business Planning and Consolidation and Business Warehouse that enables arbitrary code execution.
A critical cryptographic validation bug in the widely deployed wolfSSL library allows improperly weak digests to be accepted during certificate verification, potentially letting attackers impersonate malicious servers. The flaw was patched in wolfSSL 5.9.1 on April 8, 2026.
OpenAI is rotating its macOS code-signing certificates after a compromised Axios npm package (version 1.14.1) was executed within a GitHub Actions workflow on March 31, 2026, potentially exposing credentials used to sign ChatGPT Desktop and other apps.
Adobe has pushed an out-of-band security update for Acrobat and Reader to address CVE-2026-34621, a zero-day vulnerability exploited in the wild since at least December that allows malicious PDFs to escape sandbox protections and execute arbitrary code.
A critical pre-authentication remote code execution vulnerability in the Marimo Python notebook platform was actively exploited within 10 hours of public disclosure, with attackers targeting cloud credentials and SSH keys.
Adobe has released out-of-band patches for a critical zero-day vulnerability in Acrobat and Reader, tracked as CVE-2026-34621 with a CVSS score of 9.6, which attackers have been exploiting since at least November 2025.
Fortinet has released an emergency hotfix for CVE-2026-35616, a critical 9.1-scored authentication bypass flaw in FortiClient EMS that is already being exploited in the wild. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch by April 9.
A cluster of software supply chain incidents — including Anthropic's accidental publication of over 500,000 lines of Claude Code source, plus attacks on Trivy, Axios, and KICS — reveal systemic failures in how development pipelines are secured.
Microsoft addressed 77 security vulnerabilities this Patch Tuesday, with no active zero-days but notable fixes including privilege escalation bugs, critical Office RCE flaws, and a first-of-its-kind CVE discovered by an autonomous AI penetration testing agent.
Palo Alto Networks researchers demonstrated how attackers can exploit excessive default permissions in Google Cloud's Vertex AI to steal credentials, exfiltrate sensitive data, and access restricted internal infrastructure.
Apple has broken with its usual patching practice by extending fixes for the DarkSword exploit chain to iOS 18 users who have not upgraded to iOS 26, following the tool's leak on GitHub on March 22.
Security vendor Noma disclosed 'GrafanaGhost,' an indirect prompt injection vulnerability in Grafana's AI assistant that could silently exfiltrate user data. Grafana has since patched the underlying image renderer flaw.
Chainguard has launched Factory 2.0, a rebuilt platform that uses agentic reconciliation bots and a controller/reconciler model to continuously harden open source artifacts across containers, libraries, GitHub Actions, and AI agent skills.
HackerOne suspended new vulnerability submissions to its Internet Bug Bounty program on March 27, citing a deepening imbalance between AI-accelerated bug discovery and the capacity of open source maintainers to fix reported flaws.
Anthropic unveiled Claude Mythos Preview on April 7, an LLM capable of finding and exploiting zero-days across major operating systems and browsers. The company's Project Glasswing initiative aims to keep the powerful model in defensive hands, but experts remain skeptical.
A researcher using the alias 'Chaotic Eclipse' publicly released a proof-of-concept exploit for an unpatched Windows zero-day called BlueHammer, citing frustration with Microsoft's Security Response Center. Security experts warn ransomware gangs and APT groups could weaponize the exploit within days.
Anthropic has launched Project Glasswing alongside Amazon, Apple, Microsoft, and others, deploying an unreleased AI model that has already uncovered thousands of previously unknown vulnerabilities—including bugs decades old.
A sophisticated zero-day vulnerability in Adobe Reader has been actively exploited since at least December, using maliciously crafted PDF files to steal data and potentially enable full system compromise.
Researchers from RSAC combined two adversarial techniques to circumvent Apple Intelligence's input and output filters, achieving a 76% success rate across 100 test prompts. Apple has since rolled out fixes in iOS 26.4 and macOS 26.4.
Researchers at Comparitech discovered 179 industrial control devices accessible without authentication via the Modbus protocol, as the US government warns of state-sponsored attacks targeting programmable logic controllers in critical infrastructure.
Microsoft researchers discovered a critical intent-redirection vulnerability in EngageLab's EngageSDK, a third-party Android SDK embedded in cryptocurrency wallet apps with over 30 million combined installs.
Google has launched Device Bound Session Credentials (DBSC) in Chrome 146 for Windows, cryptographically tying authentication sessions to a user's device so that stolen cookies become worthless to attackers.
A threat actor crafted a working exploit for a critical unauthenticated remote code execution vulnerability in the Python notebook platform Marimo just 9 hours and 41 minutes after its public disclosure, according to cloud security firm Sysdig.
Researchers at Machine Spirits uncovered nine vulnerabilities in the open source Orthanc DICOM server, tracked CVE-2026-5437 through CVE-2026-5445, enabling attackers to crash servers, leak sensitive data, and potentially execute arbitrary code remotely.
Juniper Networks has issued fixes for close to three dozen vulnerabilities across Junos OS and related products, including a critical 9.8-severity default password flaw that could hand attackers full control of affected devices.
Google has shipped Chrome 147 with fixes for 60 security vulnerabilities, including two critical heap and integer overflow bugs in the WebML component that together earned anonymous researchers $86,000.
A critical privilege escalation flaw in the Linux kernel affects all major distributions. With active exploitation confirmed, administrators should prioritize patching immediately.
Google has released an emergency patch for a high-severity V8 type confusion vulnerability actively exploited in targeted attacks. All Chromium-based browsers are affected.
A critical SQL injection vulnerability discovered in a widely used WordPress plugin has put millions of websites at risk. Exploitation has been observed in the wild, and site administrators should take immediate action to patch or mitigate.