In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
Drupal users, pay attention. A 'highly critical' flaw has landed, and if you're running PostgreSQL, your site is vulnerable. This isn't just about data leaks; it's about full takeover.
Drupal is scrambling to push a critical security update. A bug with a high exploitation risk means threat actors could have exploits ready within hours of disclosure. Your website might be next.
The window for attackers just slammed shut – or rather, it just blew wide open. A critical Linux kernel vulnerability, PinTheft, now has a public exploit. Arch Linux users are in the crosshairs.
A new Windows zero-day, dubbed YellowKey, is exposing BitLocker-protected drives. Microsoft has released emergency mitigations, but public exploits are already circulating.
Another week, another handful of zero-days hitting Windows. Microsoft's patching efforts are starting to look like a game of whack-a-mole.
A max-severity flaw is leaving AI applications built with ChromaDB wide open to hijacking. Imagine your carefully crafted AI assistant suddenly spouting gibberish – or worse.
Ever wonder why that antivirus scan takes *forever*? Turns out, a clever trick with Windows file paths might be the culprit, letting attackers hide in plain sight. Welcome to GhostTree.
Restricted Windows networks are facing update failures after January's non-security preview. Microsoft's workaround is here, but it highlights ongoing network update woes.
Forget incremental updates. SEPPMail Secure E-Mail Gateway just dropped a bomb, revealing a cascade of vulnerabilities that could let attackers not just peek, but take the keys to your entire email kingdom. We're talking remote code execution and unfettered access to every message flowing through your enterprise. This isn't just a patch; it's a seismic shift in how we need to think about email gateway security.
They say developers are paranoid. Turns out, they're right. A popular VS Code extension, Nx Console, just became the latest vector for a sophisticated credential stealer.
A potent zero-day exploit is currently tearing through Microsoft Exchange servers, leaving businesses exposed. This isn't just an IT problem; it's a direct threat to your sensitive communications.
The digital equivalent of finding a Trojan horse in your code library just got a lot scarier. The Mini Shai-Hulud campaign is here, and it's not just about hitting tech giants; it's about every developer and every organization that relies on open-source software.