The Hacker News

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

Google’s March 2026 Android update patches 129 vulnerabilities, including exploited Qualcomm flaw CVE-2026-21385 and critical RCE CVE-2026-0006.

Critical Android Update—Google Confirms 0Day Security Bypass Attacks

The vulnerability, a Qualcomm zero-day, is an integer overflow in the Graphics subcomponent, which means, Adam Boynton, senior enterprise strategy manager at Jamf, told me, “an attacker could cause ...
The Hacker News

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.
9to5Mac

CVE security program used by Apple and others has funding removed [U]

The CVE security program used to track vulnerabilities in both hardware and software has had its federal funding removed with immediate effect. Apple is one of a number of tech giants who rely on the ...

Google Chrome’s Security Update Decision—New Browser Danger Confirmed

Google has released Chrome 145.0.7632.116/117 addressing security flaws that pose a threat of system takeover. Now, all users must make an important update decision.
Hosted on MSN

Funding for the critical CVE security detection system renewed just hours before deadline

CVE funding gets last-minute funding reprieve A MITRE head told CVE board members that government funding is about to expire Some have called the move "reckless and ignorant" US government funding for ...
SecurityWeek

OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts

OpenClaw faces security vulnerabilities and misconfiguration risks despite rapid patches and its transition to an ...
Security Boulevard

The CVE Treadmill: Why You Can’t Patch Your Way to Security

Patching alone no longer stops breaches. Learn why CVE-based vulnerability management is failing and how runtime visibility reveals what’s truly exploitable in your environment.
SiliconANGLE

Detectify launches Alfred to automate CVE security testing with AI

Advanced application security testing startup Detectify AB today announced the launch of Alfred, a new system that uses artificial intelligence to autonomously source, prioritize and generate ...
Security Boulevard

AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities

The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are ...
Ars Technica

CVE, global source of cybersecurity info, was hours from being cut by DHS

The Common Vulnerability and Exposures, or CVE, repository holds the answers to some of information security’s most vital questions. Namely, which security issue are we talking about, exactly, and how ...
Bleeping Computer

Security firms dispute credit for overlapping CVE reports

Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts. According to the company, Gecko ...