Vulnerabilities

CISA has given a new warning about a serious Oracle WebLogic Server flaw, named CVE-2024-21182, and added it to its Known Exploited Vulnerabilities list on June 1, 2026. The alert highlights the growing danger from open enterprise middleware systems, especially those that can be accessed through network protocols like T3 …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has told U.S. federal agencies to secure their servers in four days. This is because of a serious weakness in the LiteSpeed cPanel user-end plugin that is being used in attacks. This vulnerability, called CVE-2026-48172, lets someone gain higher access due to …

Terra Security shared results from recent tests that showed flaws in AI apps, agents, and AI-made code workflaws. The company has launched a new module for its constant testing platform. This lets security experts keep simulating attacks on AI systems to find flaws. Terra has tested different applications made with …

A big increase in scanning across the internet for SonicWall firewall management interface has been observed. GreyNoise, a threat intelligence company, found a big increase in scans of SonicWall SonicOS management APIs from May 9 to May 18, 2026. The most notable spike occurred on May 12, when approximately 597,000 …

Splunk has put out security updates for many flaws in Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit. These issues could cause denial-of-service (DoS) attacks and expose sensitive information. The flaws revealed on May 20, 2026, have three known weaknesses: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Organizations should quickly apply …

A security flaw dubbed nginx-poolslip has been revealed in NGINX version 1.31.0, the newest stable version of the most used web server software. The discovery, made by security researcher Vega of the NebSec security team, was announced via X (formerly Twitter) on May 21, 2026, sending shockwaves through the global …

Two new Microsoft Defender flaws have been found, and they are being used by attackers. This allows local attackers to gain SYSTEM level access and could interrupt protection on Windows systems. The bugs are called CVE‑2026‑41091 (Elevation of Privilege) and CVE‑2026‑45498 (Denial of Service). They were shared on May 19, …

The Gentlemen ransomware group has quickly become one of the most active and growing cybercrime threats since it was first seen in late 2025. The Gentlemen is unique because it has the capability to attack with many types of systems, such as Windows, Linux, NAS, BSD, and VMware ESXi. Attack …

A cybersecurity researcher has shared a PoC for a Windows flaw called “MiniPlasma.” This lets attackers get SYSTEM privileges on fully updated Windows systems. The exploit was shared by a researcher called Chaotic Eclipse, or Nightmare Eclipse. They released the source code and a working file on GitHub after saying …

A new security flaw affecting NGINX Plus and NGINX Open is being used by hackers days after it was made public, according to VulnCheck. The flaw, known as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in the ngx_http_rewrite_module that affects NGINX versions 0.6.27 to 1.30.0. An AI security …