Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new security flaw affecting different Linux versions to its list of Known Exploited Vulnerabilities (KEV). They mentioned that there is proof of this flaw being used in real attacks. The flaw, known as CVE-2026-31431 (CVSS score: 7.8), is a type …

A weaponized proof-of-concept (PoC) exploit framework dubbed “cPanelSniper” has been publicly released for CVE-2026-41940, a maximum-severity authentication bypass in cPanel & WHM that has already led to the compromise of tens of thousands of servers worldwide with attack activity traced as far back as late February 2026. CVE-2026-41940 is a …

A critical 0 click security flaw, known as CVE-2026-32202, comes from a patch that did not fully fix a Windows Shell security issue. Microsoft confirmed active exploitation of the flaw and released a fix as part of its April 2026 Patch Tuesday update. CERT-UA reported that the APT28 group, also …

Microsoft’s April 2026 security update has fixed 167 flaws in its products. This update includes 2 serious zero-day threats and another flaw that needs urgent attention from organizations. Zero-Day Under Active Exploitation The main flaw this month is CVE-2026-32201, a flaw in Microsoft SharePoint Server that is being actively used …

The Cybersecurity and Infrastructure Security Agency (CISA) has made an urgent warning about a serious security flaw in Fortinet products. On April 13, 2026, the agency put a severe SQL injection threat into its Known Exploited Vulnerabilities (KEV) list. This shows that attackers are using the flaw in real situations. …

Crooks are taking advantage of four Microsoft flaws – one fixed 14 years ago and another linked to ransomware – as reported by the top U.S. cyber defense agency, which on Monday told federal agencies they have two weeks to fix them. The four security issues added to CISA’s Known …

During the past seven days (week) , security researchers and organizations tracked a total of 1,615 vulnerabilities requiring immediate triage and context. The severity distribution for these threats highlights a significant volume of high-risk entries that security teams must prioritize. . Vulnerability Severity Breakdown: The following breakdown categorizes the week‘s …

Adobe has put out urgent updates to fix a serious security problem in Acrobat Reader that is being actively used for attacks. The flaw known as CVE-2026-34621 has a CVSS score of 8.6 out of 10. If an attacker takes advantage of this issue, they can run harmful code on …

Newly identified jailbreak technique dubbed “sockpuppeting” lets attackers bypass the safety guardrails of 11 major large language models (LLMs) using a single line of code. This method uses APIs that allow assistant prefill to add fake acceptance messages. This makes models give answers to banned requests. The attack takes advantage …