Microsoft has disclosed vulnerability CVE-2026-42897 (CVSS 8.1) in on-premises versions of Exchange Server, which is already being actively exploited by attackers. This cross-site scripting vulnerability allows arbitrary JavaScript code to be executed in the victim’s browser via a specially crafted email opened in Outlook Web Access. Affected are Exchange Server 2016, 2019, and Subscription Edition … Read more
On 14 May 2026, CISA added the vulnerability CVE-2026-20182 to the Known Exploited Vulnerabilities (KEV) catalog, setting a remediation deadline of 17 May 2026 for federal civilian executive branch (FCEB) agencies — just three days. The vulnerability affects the Cisco Catalyst SD-WAN Controller and is an authentication bypass that allows an unauthenticated remote attacker to … Read more
The critical authentication bypass vulnerability CVE-2026-44338 (CVSS 7.3) in the open multi-agent orchestration framework PraisonAI became the target of active scanning in less than four hours after the advisory was published. The vulnerability affects versions from 2.5.6 through 4.6.33 and allows any network client without a token to access protected endpoints of the API server, … Read more
A researcher using the handle Chaotic Eclipse (Nightmare-Eclipse), who previously disclosed three vulnerabilities in Microsoft Defender, has published information on two new unpatched Windows zero-day vulnerabilities: YellowKey — a BitLocker encryption bypass via the Windows Recovery Environment (WinRE), and GreenPlasma — a privilege escalation via the Windows CTFMON component. Both vulnerabilities affect Windows 11 and … Read more
The CVE-2026-46300 vulnerability, dubbed Fragnesia, allows an unprivileged local attacker to gain root privileges by corrupting the Linux kernel page cache. The bug affects the XFRM ESP-in-TCP subsystem and has a CVSS 7.8 score. A patch is available, a public proof-of-concept (PoC) exploit has been released, but at the time of writing no active exploitation … Read more
According to Bitdefender researchers, the Chinese cyber-espionage group FamousSparrow carried out a multi-stage operation against an unnamed Azerbaijani oil and gas company from late December 2025 to late February 2026. The attackers infiltrated the victim’s infrastructure three times via the same vulnerable Microsoft Exchange server, each time deploying new variants of malware — the Deed … Read more
Microsoft announced the MDASH (Multi-model Agentic Scanning Harness) system—a multi-model agentic platform for automated detection, validation, and proof of exploitability of vulnerabilities in large codebases. According to the company, the system has already discovered 16 vulnerabilities that were fixed in the May 2026 Patch Tuesday release, including two critical remote code execution vulnerabilities in the … Read more
A critical vulnerability CVE-2026-42945 (NGINX Rift, CVSS v4 9.2) has been identified in NGINX Plus and NGINX Open Source, in the ngx_http_rewrite_module. It went unnoticed for 18 years and allows remote code execution or denial of service via a non‑authenticated HTTP request. Web servers, reverse proxies, ingress controllers, and WAF solutions built on NGINX are … Read more
A critical vulnerability in cPanel and WebHost Manager (WHM), tracked as CVE-2026-41940, is, according to researchers from QiAnXin XLab, being actively exploited by multiple threat actors to deploy backdoors, cryptocurrency miners, ransomware, and botnets. According to the XLab report, more than 2,000 attacker IP addresses are involved in automated attacks against this vulnerability. Administrators of … Read more
The malicious Open-OSS/privacy-filter repository on the Hugging Face platform, masquerading as the legitimate OpenAI Privacy Filter model, was used to deliver a Rust-based information stealer targeting Windows users. According to the research team at HiddenLayer, the attackers copied the description of the legitimate model almost verbatim and used typosquatting to trick developers. The repository has … Read more
