EXCLUSIVE For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the ...

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

Attackers have begun backdooring internet-exposed Ivanti Sentry appliances, the nonprofit security watchdog Shadowserver confirmed on June 11, 2026 — less than 48 hours after patches and a public ...

Ivanti Sentry vulnerability patch is mandatory for federal agencies by June 14 under CISA’s BOD 26-04, which replaces flat ...

Two vulnerabilities in the secure mobile gateway appliance allow unauthenticated attackers to bypass authentication and ...

Nightmare-Eclipse's vendetta against Microsoft and Windows continues apace — researcher publishes RoguePlanet and GreatXML ...

GreatXML, a new Windows BitLocker bypass exploit, targets a zero-day vulnerability in Microsoft Defender’s offline scan.

The vulnerability enables authenticated attackers to take over the enterprise network management system as root and may be ...

A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft ...

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...

Researchers have analyzed a high-severity vulnerability in Linux that’s able to escalate untrusted users to root by ...

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...