In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
A critical NGINX vulnerability, dubbed 'NGINX Rift,' has been disclosed, and it's already sending ripples through the internet infrastructure. Millions of websites could be exposed.
Forget fancy zero-days for a moment. This week, Metasploit's latest brings persistence to a place you might not expect: your text editor. And it's not just that, there are some truly creative workarounds for old-school vulnerabilities being weaponized.
AI agents are no longer just a theoretical concern for cybersecurity. They're actively discovering and exploiting obscure software vulnerabilities, a dangerous new reality.
The npm ecosystem just took another hit. The widely used node-ipc package has been compromised, actively stealing sensitive developer credentials.
A million WordPress sites using the popular Avada Builder plugin are exposed. Two severe vulnerabilities could hand over your site credentials to attackers.
Microsoft is scrambling to address a high-severity zero-day flaw in Exchange Server, already being weaponized by attackers. The vulnerability enables arbitrary code execution, targeting users of Outlook on the web.
The digital battlefield just got a fresh entry. CISA has flagged a critical Cisco SD-WAN flaw, turning up the heat on network security administrators.
A fresh vulnerability, dubbed Fragnesia, has surfaced in the Linux kernel, allowing local attackers to escalate privileges to root. This isn't just a theoretical threat; a proof-of-concept is already out there.
Cisco is sounding the alarm: a critical authentication bypass flaw in their Catalyst SD-WAN Controller has been exploited in the wild. Attackers are using this zero-day vulnerability to gain administrative access, a serious breach that demands immediate attention.
Everyone expected Silicon Valley's AI hype to continue its relentless march. Instead, a student messing around with a radio tuner brought down three bullet trains in Taiwan for an hour. This incident, while seemingly minor on its face, throws a rather large wrench into the narrative of increasingly fortified digital infrastructure.
At Pwn2Own Berlin 2026, a brutal demonstration of security researcher prowess unfolded, with $523,000 awarded for exploiting 24 unique zero-days. The biggest scalp? Microsoft Edge.
Centralized network control, designed for efficiency, has inadvertently created the ultimate honeypot for attackers. A new Cisco SD-WAN vulnerability serves as a stark reminder of this paradox.