1013 items
Unread (2150) All Dismissed
HIGH
CVE-2025-13479 (CVSS 7.5) — Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Cons...
NVD CVE-2025-13479 15d ago
HIGH
CVE-2025-13477 (CVSS 7.1) — Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credenti...
NVD CVE-2025-13477 15d ago
HIGH
CVE-2026-28764 (CVSS 7.8) — MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
NVD CVE-2026-28764 16d ago
HIGH
CVE-2026-4858 (CVSS 8) — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail t...
NVD CVE-2026-4858 16d ago
HIGH
CVE-2026-8632 (CVSS 7.8) — A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software...
NVD CVE-2026-8632 16d ago
HIGH
CVE-2026-9144 (CVSS 7.6) — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerab...
NVD CVE-2026-9144 16d ago
HIGH
CVE-2026-9137 (CVSS 7.5) — The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed...
NVD CVE-2026-9137 16d ago
HIGH
CVE-2026-24188 (CVSS 8.2) — NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A suc...
NVD CVE-2026-24188 16d ago
HIGH
CVE-2026-20239 (CVSS 7.5) — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3...
NVD CVE-2026-20239 16d ago
HIGH
CVE-2026-7613 (CVSS 7.2) — The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
NVD CVE-2026-7613 16d ago
HIGH
CVE-2026-5783 (CVSS 7.6) — Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i...
NVD CVE-2026-5783 16d ago
HIGH
CVE-2026-24425 (CVSS 8.8) — Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a So...
NVD CVE-2026-24425 16d ago
HIGH
CVE-2026-22554 (CVSS 7.8) — MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
NVD CVE-2026-22554 16d ago
HIGH
CVE-2026-5947 (CVSS 7.5) — Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIN...
NVD CVE-2026-5947 16d ago
HIGH
CVE-2026-5946 (CVSS 7.5) — Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS i...
NVD CVE-2026-5946 16d ago
HIGH
CVE-2026-45584 (CVSS 8.1) — Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code ove...
NVD CVE-2026-45584 16d ago
HIGH
CVE-2026-42834 (CVSS 7.8) — Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center ...
NVD CVE-2026-42834 16d ago
CRITICAL
CVE-2026-41091: Microsoft Defender Link Following Vulnerability (Microsoft Defender)
CISA KEV CVE-2026-41091actively-exploited +2 17d ago
HIGH
CVE-2026-41091 (CVSS 7.8) — Improper link resolution before file access ('link following') in Microsoft Defender allows an autho...
NVD 16d ago
INFO
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
The Hacker News 16d ago
HIGH
CVE-2026-3593 (CVSS 7.4) — A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects B...
NVD CVE-2026-3593 16d ago
HIGH
CVE-2026-3039 (CVSS 7.5) — BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable ...
NVD CVE-2026-3039 16d ago
HIGH
CVE-2026-29518 (CVSS 7) — Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon...
NVD CVE-2026-29518 16d ago
HIGH
CVE-2025-11954 (CVSS 8) — Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. W...
NVD CVE-2025-11954 16d ago
HIGH
CVE-2026-9064 (CVSS 7.5) — A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does...
NVD CVE-2026-9064 17d ago
HIGH
CVE-2026-42959 (CVSS 7.5) — NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the D...
NVD CVE-2026-42959 17d ago
HIGH
CVE-2026-42944 (CVSS 7.5) — NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in hea...
NVD CVE-2026-42944 17d ago
HIGH
CVE-2026-41292 (CVSS 7.5) — NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service atta...
NVD CVE-2026-41292 17d ago
HIGH
CVE-2026-40622 (CVSS 7.5) — NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domai...
NVD CVE-2026-40622 17d ago
HIGH
CVE-2026-5200 (CVSS 8.8) — The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugi...
NVD CVE-2026-5200 17d ago
HIGH
Microsoft shares mitigation for YellowKey Windows zero-day
BleepingComputer breachesransomwaresupply-chain +48 17d ago
INFO
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
The Hacker News 23d ago
INFO
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
The Hacker News 23d ago
HIGH
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
The Hacker News 23d ago
INFO
Zero-Day Exploit Against Windows BitLocker
rss:schneier 19d ago
INFO
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
The Hacker News 18d ago
INFO
The New Phishing Click: How OAuth Consent Bypasses MFA
The Hacker News 18d ago
INFO
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
SecurityWeek 17d ago
HIGH
Microsoft Disrupts Malware-Signing Service Run by &#8216;Fox Tempest&#8217;
SecurityWeek 17d ago
INFO
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
rss:darkreading 17d ago
HIGH
Cybercrime service disrupted for abusing Microsoft platform to sign malware
BleepingComputer 17d ago
INFO
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
The Hacker News 16d ago
INFO
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
The Hacker News 16d ago
INFO
Microsoft Rolls Out Mitigations for &#8216;YellowKey&#8217; BitLocker Bypass
SecurityWeek 16d ago
INFO
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
The Hacker News 16d ago
INFO
Microsoft warns of new Defender zero-days exploited in attacks
BleepingComputer 16d ago
INFO
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
SecurityWeek 16d ago
INFO
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
rss:darkreading 15d ago
INFO
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The Record 14d ago
INFO
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
BleepingComputer 12d ago
INFO
Microsoft: Domain Controller lookup may fail on Windows Server 2016
BleepingComputer 11d ago
INFO
Anthropic Expands Claude&#8217;s Enterprise Security Governance With 28 New Integrations
SecurityWeek 11d ago
INFO
Microsoft Defender can now automatically isolate hacked endpoints
BleepingComputer 11d ago
INFO
Microsoft Issues Out-of-Band SharePoint Patch
rss:darkreading 10d ago
INFO
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
The Hacker News 10d ago
INFO
Windows 11 KB5089573 update released with performance improvements
BleepingComputer 10d ago
INFO
Microsoft fixes KB5089549 Windows security update install issues
BleepingComputer 5d ago
INFO
Microsoft confirms outage affecting MFA, My Sign-Ins platform
BleepingComputer 5d ago
INFO
Microsoft fixes outage affecting MFA setup, MySignIn service
BleepingComputer 5d ago
INFO
Microsoft says it will not pursue security researchers after zero-day backlash
The Record 5d ago
INFO
Microsoft investigates Office Apps, Teams file access issues
BleepingComputer 4d ago
INFO
Microsoft's Zero-Day Legal Threats Spark Backlash
rss:darkreading 4d ago
INFO
Microsoft Threatening Security Researcher
rss:schneier 4d ago
INFO
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
SecurityWeek 3d ago
INFO
Microsoft Exchange Online outage causes email delays, failures
BleepingComputer 3d ago
INFO
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
rss:darkreading 3d ago
INFO
Microsoft's Coreutils project brings Linux commands to Windows
BleepingComputer 3d ago
INFO
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
The Hacker News 3d ago
INFO
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
SecurityWeek 3d ago
INFO
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker News 2d ago
INFO
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
The Hacker News 2d ago
INFO
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
rss:darkreading 2d ago
INFO
VS Code Vulnerability Allows One-Click GitHub Token Theft
SecurityWeek 2d ago
INFO
Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process
The Record 1d ago
INFO
Microsoft blames unexpected Windows driver updates on caching issue
BleepingComputer 1d ago
INFO
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The Hacker News 1d ago
INFO
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
The Hacker News 1d ago
INFO
Chinese APT deploys new malware to keep access to hacked networks
BleepingComputer 18h ago
INFO
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
The Hacker News 5h ago
HIGH
CVE-2026-7522 (CVSS 8.8) — The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion i...
NVD CVE-2026-7522 17d ago
HIGH
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News supply-chainbreachesmalware +16 17d ago
INFO
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 35d ago
INFO
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 25d ago
HIGH
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 22d ago
HIGH
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 19d ago
HIGH
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 19d ago
HIGH
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 18d ago
HIGH
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 18d ago
INFO
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 17d ago
INFO
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 12d ago
INFO
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 8d ago
INFO
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 4d ago
INFO
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 4d ago
INFO
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 4d ago
INFO
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 1d ago
INFO
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 1d ago
INFO
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 18h ago
HIGH
CVE-2026-9010 (CVSS 7.5) — The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and '...
NVD CVE-2026-9010 17d ago
HIGH
CVE-2026-9003 (CVSS 7.5) — E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauth...
NVD CVE-2026-9003 17d ago
HIGH
CVE-2026-24214 (CVSS 8) — NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could ...
NVD CVE-2026-24214 17d ago
HIGH
CVE-2026-24213 (CVSS 8) — NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could ...
NVD CVE-2026-24213 17d ago
HIGH
CVE-2026-24206 (CVSS 7.3) — NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authenticat...
NVD CVE-2026-24206 17d ago
HIGH
CVE-2026-24163 (CVSS 7.5) — NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could ca...
NVD CVE-2026-24163 17d ago
HIGH
CVE-2025-33255 (CVSS 7.5) — NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could caus...
NVD CVE-2025-33255 17d ago
HIGH
CVE-2026-7467 (CVSS 8.8) — The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions...
NVD CVE-2026-7467 17d ago
HIGH
CVE-2026-6456 (CVSS 8.8) — The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up t...
NVD CVE-2026-6456 17d ago
HIGH
CVE-2026-43618 (CVSS 8.1) — Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token deco...
NVD CVE-2026-43618 17d ago
HIGH
CVE-2026-3985 (CVSS 7.5) — The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerabl...
NVD CVE-2026-3985 17d ago
HIGH
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
SecurityWeek breachesransomwaresupply-chain +4 17d ago
INFO
Most Remediation Programs Never Confirm the Fix Actually Worked
The Hacker News 24d ago
INFO
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
rss:darkreading 17d ago
INFO
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
rss:darkreading 14d ago
INFO
What 2026 DBIR Confirms: Attacks Are Living in the Browser
BleepingComputer 22h ago
HIGH
Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
The Record breachesransomwarenation-state 17d ago
HIGH
CVE-2026-8073 (CVSS 7.5) — The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t...
NVD CVE-2026-8073 17d ago
HIGH
CVE-2026-8604 (CVSS 8.8) — In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated ...
NVD CVE-2026-8604 17d ago
HIGH
CVE-2026-47107 (CVSS 8.1) — Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox ...
NVD CVE-2026-47107 17d ago
HIGH
CVE-2026-33633 (CVSS 7.5) — Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overfl...
NVD CVE-2026-33633 17d ago
HIGH
CVE-2026-47358 (CVSS 7.5) — Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL re...
NVD CVE-2026-47358 17d ago
CRITICAL CISA KEV Wed, 20 May 2026 00:00:00 UTC
CVE-2026-41091: Microsoft Defender Link Following Vulnerability (Microsoft Defender)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR Generating…
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. Due: 2026-06-03. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-41091actively-exploited
Read full story ↗
Related coverage (2)
CVE-2026-41091 (CVSS 7.8) — Improper link resolution before file access ('link following') in Microsoft Defender allows an autho...
NVD 16d ago
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
The Hacker News 16d ago