2112 items
Unread (2112) All Dismissed
CRITICAL
CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (SolarWinds Serv-U)
CISA KEV CVE-2026-28318actively-exploited +1 22h ago
HIGH
CVE-2026-28318 (CVSS 7.5) — SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service wi...
NVD 1d ago
CRITICAL
CVE-2026-48579 (CVSS 9.1) — Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose info...
NVD CVE-2026-48579 22h ago
CRITICAL
CVE-2026-48567 (CVSS 10) — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate priv...
NVD CVE-2026-48567 22h ago
HIGH
CVE-2026-45497 (CVSS 7.7) — Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop...
NVD CVE-2026-45497 22h ago
HIGH
CVE-2026-20245 (CVSS 7.8) — A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...
NVD CVE-2026-20245 +2 22h ago
INFO
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
SecurityWeek 16h ago
INFO
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
BleepingComputer 15h ago
CRITICAL
CVE-2026-10974 (CVSS 9.6) — Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed ...
NVD CVE-2026-10974 22h ago
CRITICAL
CVE-2026-10972 (CVSS 9.6) — Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker t...
NVD CVE-2026-10972 22h ago
CRITICAL
CVE-2026-10971 (CVSS 9.6) — Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.78...
NVD CVE-2026-10971 22h ago
CRITICAL
CVE-2026-10966 (CVSS 9.6) — Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote atta...
NVD CVE-2026-10966 22h ago
CRITICAL
CVE-2026-10931 (CVSS 9.6) — Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to po...
NVD CVE-2026-10931 22h ago
HIGH
CVE-2026-10873 (CVSS 7.2) — A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of t...
NVD CVE-2026-10873 22h ago
HIGH
CVE-2026-10872 (CVSS 7.2) — A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserve...
NVD CVE-2026-10872 22h ago
INFO
Apple removes Russia’s state-backed messaging app Max from its store
The Record breachesransomwarenation-state +3 23h ago
INFO
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
SecurityWeek 15d ago
INFO
Apple blocked over $11 billion in App Store fraud in 6 years
BleepingComputer 15d ago
INFO
macOS Kernel Memory Corruption Exploit
rss:schneier 15d ago
HIGH
CVE-2026-10871 (CVSS 7.2) — A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function s...
NVD CVE-2026-10871 23h ago
HIGH
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News supply-chainbreachesmalware +16 16d ago
INFO
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 34d ago
INFO
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 24d ago
HIGH
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 22d ago
HIGH
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 18d ago
HIGH
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 18d ago
HIGH
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 18d ago
HIGH
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 17d ago
INFO
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 16d ago
INFO
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 11d ago
INFO
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 7d ago
INFO
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 4d ago
INFO
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 4d ago
INFO
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 3d ago
INFO
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 1d ago
INFO
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 1d ago
INFO
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 4h ago
INFO
Brave Software releases Origin for a paid, bloat-free browsing experience
BleepingComputer breachesransomwaresupply-chain 1d ago
INFO
Hola Browser for Windows compromised to deliver cryptominer
BleepingComputer breachesransomwaresupply-chain 1d ago
INFO
China's TA4922 Expands Cybercrime Attacks Globally
rss:darkreading breachesmalwarethreat-actors 1d ago
HIGH
CVE-2026-10870 (CVSS 7.2) — A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file ...
NVD CVE-2026-10870 1d ago
INFO
4 Critical Threats Where Attackers Have the Advantage
rss:darkreading breachesmalwarethreat-actors 1d ago
INFO
Credit card theft campaign abuses Stripe to host stolen payment info
BleepingComputer breachesransomwaresupply-chain 1d ago
INFO
Trump considers Palantir exec to lead CISA
The Record breachesransomwarenation-state 1d ago
INFO
FTC considers setting aside or modifying $150 million privacy penalty against X
The Record breachesransomwarenation-state 1d ago
INFO
DentaQuest data breach exposed info of 2.6 million accounts
BleepingComputer breachesransomwaresupply-chain 1d ago
HIGH
CVE-2026-50292 (CVSS 7.4) — In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can ...
NVD CVE-2026-50292 1d ago
CRITICAL
CVE-2026-48040 (CVSS 9.1) — The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivi...
NVD CVE-2026-48040 1d ago
HIGH
CVE-2026-25551 (CVSS 7.8) — Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability...
NVD CVE-2026-25551 1d ago
CRITICAL
CVE-2026-25550 (CVSS 9.8) — Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vul...
NVD CVE-2026-25550 1d ago
INFO
Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’
The Record breachesransomwarenation-state 1d ago
INFO
Supreme Court rules FCC fines punishing telecom giants for sharing location data were legal
The Record breachesransomwarenation-state 1d ago
HIGH
CVE-2026-20230 (CVSS 8.6) — A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communication...
NVD CVE-2026-20230 +1 2d ago
INFO
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
The Hacker News 1d ago
INFO
UN food agency discloses breach affecting 600,000 Gaza households
BleepingComputer breachesransomwaresupply-chain 1d ago
HIGH
CVE-2026-5228 (CVSS 8.8) — Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile ...
NVD CVE-2026-5228 1d ago
HIGH
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
The Hacker News supply-chainbreachesmalware +81 17d ago
INFO
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
rss:cisa-advisories 24d ago
INFO
Fuji Electric Tellus
rss:cisa-advisories 24d ago
INFO
ABB AC500 V3 Multiple Vulnerabilities
rss:cisa-advisories 24d ago
INFO
Subnet Solutions PowerSYSTEM Center
rss:cisa-advisories 24d ago
INFO
ABB Automation Builder Gateway for Windows
rss:cisa-advisories 24d ago
INFO
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
rss:cisa-advisories 24d ago
INFO
Siemens Siemens ROS#
rss:cisa-advisories 22d ago
INFO
Siemens gWAP
rss:cisa-advisories 22d ago
INFO
Siemens SIMATIC
rss:cisa-advisories 22d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 22d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 22d ago
INFO
Siemens Simcenter Femap
rss:cisa-advisories 22d ago
INFO
Universal Robots Polyscope 5
rss:cisa-advisories 22d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 22d ago
INFO
Siemens Teamcenter
rss:cisa-advisories 22d ago
INFO
Siemens Solid Edge
rss:cisa-advisories 22d ago
INFO
Siemens SENTRON 7KT PAC1261 Data Manager
rss:cisa-advisories 22d ago
INFO
Siemens Opcenter RDnL
rss:cisa-advisories 22d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 22d ago
INFO
Siemens Industrial Devices
rss:cisa-advisories 22d ago
INFO
Siemens SIMATIC S7 PLC Web Server
rss:cisa-advisories 22d ago
INFO
Siemens SIPROTEC 5
rss:cisa-advisories 22d ago
INFO
Siemens SIMATIC
rss:cisa-advisories 22d ago
INFO
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
The Hacker News 19d ago
INFO
Kieback & Peter DDC Building Controllers
rss:cisa-advisories 17d ago
INFO
Siemens RUGGEDCOM APE1808 Devices
rss:cisa-advisories 17d ago
INFO
ABB CoreSense HM and CoreSense M10
rss:cisa-advisories 17d ago
INFO
ScadaBR
rss:cisa-advisories 17d ago
INFO
ZKTeco CCTV Cameras
rss:cisa-advisories 17d ago
INFO
CISA Exposes Secrets, Credentials in 'Private' Repo
rss:darkreading 17d ago
INFO
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
The Hacker News 16d ago
INFO
GitHub investigates internal repositories breach claimed by TeamPCP
BleepingComputer 16d ago
INFO
GitHub confirms breach of 3,800 repos via malicious VSCode extension
BleepingComputer 16d ago
INFO
Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)
rss:cisa-advisories 16d ago
INFO
Senator presses CISA for answers about alleged GitHub repository leak
The Record 16d ago
INFO
GitHub confirms being hacked by TeamPCP, says customer data unaffected
The Record 16d ago
INFO
Grafana breach caused by missed token rotation after TanStack attack
BleepingComputer 16d ago
INFO
GitHub Confirms Breach, 4K Internal Repos Stolen
rss:darkreading 16d ago
INFO
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
The Hacker News 15d ago
INFO
GitHub links repo breach to TanStack npm supply-chain attack
BleepingComputer 15d ago
INFO
ABB Terra AC Wallbox
rss:cisa-advisories 15d ago
INFO
ABB B&R Automation Studio
rss:cisa-advisories 15d ago
INFO
ABB B&R Automation Runtime
rss:cisa-advisories 15d ago
INFO
ABB B&R PCs
rss:cisa-advisories 15d ago
INFO
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
SecurityWeek 14d ago
INFO
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
The Hacker News 14d ago
INFO
CISA Security Leak
rss:schneier 14d ago
INFO
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Krebs 14d ago
INFO
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
The Hacker News 13d ago
INFO
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
The Hacker News 13d ago
INFO
Laravel Lang packages hijacked to deploy credential-stealing malware
BleepingComputer 13d ago
INFO
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
SecurityWeek 11d ago
INFO
ABB Terra AC
rss:cisa-advisories 10d ago
INFO
ABB LVS MConfig
rss:cisa-advisories 10d ago
INFO
ABB Ability Camera Connect
rss:cisa-advisories 10d ago
INFO
Eppendorf BioFlo 320
rss:cisa-advisories 10d ago
INFO
ABB AbilityTM Zenon Remote Transport Vulnerability
rss:cisa-advisories 10d ago
INFO
ABB AC500 V2
rss:cisa-advisories 10d ago
INFO
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
rss:cisa-advisories 10d ago
INFO
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
rss:darkreading 10d ago
INFO
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
The Hacker News 9d ago
INFO
ABB EIBPORT
rss:cisa-advisories 8d ago
INFO
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
rss:cisa-advisories 8d ago
INFO
ABB Busch-Welcome 2 Wire Door Opener Actuator
rss:cisa-advisories 8d ago
INFO
Fourth Frontier Frontier X Mobile Application, Frontier X2
rss:cisa-advisories 8d ago
INFO
CP Plus 8 Ch. Network Video Recorder
rss:cisa-advisories 8d ago
INFO
XCharge C6
rss:cisa-advisories 8d ago
INFO
KMW CCTV Security Cameras
rss:cisa-advisories 8d ago
INFO
MacGregor Voyage Data Recorder (VDR) G4e
rss:cisa-advisories 8d ago
INFO
Supply Chain Compromises Impact Nx Console and GitHub Repositories
rss:cisa-advisories 8d ago
INFO
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
The Hacker News 8d ago
INFO
Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more
The Record 7d ago
INFO
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
The Hacker News 4d ago
INFO
Red Hat removes tainted packages after software pipeline compromise
The Record 3d ago
INFO
VS Code zero-day lets hackers steal GitHub tokens in one click
BleepingComputer 2d ago
INFO
NAVTOR NavBox
rss:cisa-advisories 1d ago
INFO
Hitachi Energy MACH HiDraw
rss:cisa-advisories 1d ago
INFO
Hitachi Energy ITT600 Explorer
rss:cisa-advisories 1d ago
INFO
B&R PPT30 Operating System
rss:cisa-advisories 1d ago
INFO
Hitachi Energy RTU500
rss:cisa-advisories 1d ago
INFO
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
The Hacker News 1d ago
INFO
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
The Hacker News supply-chainbreachesmalware 1d ago
INFO
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk
SecurityWeek breachesransomwaresupply-chain 1d ago
INFO
CISA directive for AI executive order to be released this week, Andersen says
The Record breachesransomwarenation-state 1d ago
INFO
Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond
SecurityWeek breachesransomwaresupply-chain 1d ago
INFO
Willow Raises $7 Million for Securing Autonomous AI Agents
SecurityWeek breachesransomwaresupply-chain 1d ago
INFO
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
rss:darkreading breachesmalwarethreat-actors 1d ago
HIGH
CVE-2019-25745 (CVSS 8.2) — WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability th...
NVD CVE-2019-25745 1d ago
CRITICAL
CVE-2019-25741 (CVSS 9.8) — Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerab...
NVD CVE-2019-25741 1d ago
CRITICAL
CVE-2019-25738 (CVSS 9.8) — WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allow...
NVD CVE-2019-25738 1d ago
HIGH
CVE-2019-25737 (CVSS 7.2) — Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthent...
NVD CVE-2019-25737 1d ago
HIGH
CVE-2019-25736 (CVSS 8.4) — LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to ...
NVD CVE-2019-25736 1d ago
HIGH
CVE-2019-25735 (CVSS 8.4) — AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers t...
NVD CVE-2019-25735 1d ago
HIGH
CVE-2019-25733 (CVSS 8.4) — NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that a...
NVD CVE-2019-25733 1d ago
HIGH
CVE-2019-25732 (CVSS 8.2) — PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers t...
NVD CVE-2019-25732 1d ago
CRITICAL CISA KEV Fri, 05 Jun 2026 00:00:00 UTC
CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (SolarWinds Serv-U)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication. Due: 2026-06-19. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-28318actively-exploited
Read full story ↗
Related coverage (1)
CVE-2026-28318 (CVSS 7.5) — SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service wi...
NVD 1d ago