2165 items
Unread (2155) All Dismissed
HIGH
CVE-2026-9469 (CVSS 7.3) — A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92ab...
NVD CVE-2026-9469 12d ago
HIGH
CVE-2026-42782 (CVSS 7.2) — Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with a...
NVD CVE-2026-42782 12d ago
HIGH
CVE-2026-9465 (CVSS 7.3) — A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability ...
NVD CVE-2026-9465 12d ago
HIGH
CVE-2026-9463 (CVSS 8.8) — A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence ...
NVD CVE-2026-9463 12d ago
HIGH
CVE-2026-9462 (CVSS 8.8) — A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the functi...
NVD CVE-2026-9462 12d ago
HIGH
CVE-2026-47077 (CVSS 7.5) — Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Floodin...
NVD CVE-2026-47077 12d ago
HIGH
CVE-2026-47075 (CVSS 7.5) — Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Split...
NVD CVE-2026-47075 12d ago
HIGH
CVE-2026-47073 (CVSS 7.5) — Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Floodin...
NVD CVE-2026-47073 12d ago
HIGH
CVE-2026-47072 (CVSS 7.5) — Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows...
NVD CVE-2026-47072 12d ago
HIGH
CVE-2026-47071 (CVSS 7.5) — Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 trans...
NVD CVE-2026-47071 12d ago
HIGH
CVE-2026-47067 (CVSS 7.5) — Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Floodin...
NVD CVE-2026-47067 12d ago
HIGH
CVE-2026-47066 (CVSS 7.5) — Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Exces...
NVD CVE-2026-47066 12d ago
HIGH
CVE-2018-25381 (CVSS 7.1) — Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated ...
NVD CVE-2018-25381 12d ago
HIGH
CVE-2018-25380 (CVSS 7.1) — Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated ...
NVD CVE-2018-25380 12d ago
HIGH
CVE-2018-25379 (CVSS 8.2) — Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter ...
NVD CVE-2018-25379 12d ago
HIGH
CVE-2018-25377 (CVSS 8.4) — Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration...
NVD CVE-2018-25377 12d ago
HIGH
CVE-2018-25376 (CVSS 8.4) — Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialo...
NVD CVE-2018-25376 12d ago
HIGH
CVE-2018-25375 (CVSS 8.4) — SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dial...
NVD CVE-2018-25375 12d ago
HIGH
CVE-2018-25374 (CVSS 7.5) — Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allo...
NVD CVE-2018-25374 12d ago
HIGH
CVE-2018-25373 (CVSS 8.4) — SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability ...
NVD CVE-2018-25373 12d ago
HIGH
CVE-2018-25372 (CVSS 8.2) — MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthentic...
NVD CVE-2018-25372 12d ago
HIGH
CVE-2018-25371 (CVSS 8.2) — mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated ...
NVD CVE-2018-25371 12d ago
HIGH
CVE-2018-25368 (CVSS 7.5) — Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to...
NVD CVE-2018-25368 12d ago
HIGH
CVE-2018-25366 (CVSS 8.4) — CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbit...
NVD CVE-2018-25366 12d ago
HIGH
CVE-2018-25364 (CVSS 8.2) — Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to exec...
NVD CVE-2018-25364 12d ago
HIGH
CVE-2018-25362 (CVSS 8.2) — Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipu...
NVD CVE-2018-25362 12d ago
HIGH
CVE-2018-25360 (CVSS 8.4) — AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Rout...
NVD CVE-2018-25360 12d ago
HIGH
CVE-2018-25359 (CVSS 8.4) — Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allo...
NVD CVE-2018-25359 12d ago
HIGH
CVE-2026-9461 (CVSS 8.8) — A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formR...
NVD CVE-2026-9461 12d ago
HIGH
CVE-2026-9460 (CVSS 8.8) — A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of th...
NVD CVE-2026-9460 12d ago
HIGH
CVE-2026-9459 (CVSS 8.8) — A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnect...
NVD CVE-2026-9459 12d ago
CRITICAL
CVE-2026-9458 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the ...
NVD CVE-2026-9458 12d ago
CRITICAL
CVE-2026-9457 (CVSS 9.8) — A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the ...
NVD CVE-2026-9457 12d ago
HIGH
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
The Hacker News supply-chainbreachesmalware +19 19d ago
INFO
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
rss:darkreading 26d ago
INFO
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
rss:darkreading 25d ago
INFO
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
The Hacker News 24d ago
INFO
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
The Hacker News 24d ago
INFO
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
The Hacker News 22d ago
INFO
Can Laws Stop Deepfakes? South Korea Aims to Find Out
rss:darkreading 19d ago
INFO
Processes and Culture Top Reasons Behind Data Breaches
rss:darkreading 17d ago
INFO
When Identity is the Attack Path
The Hacker News 16d ago
INFO
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The Hacker News 15d ago
INFO
Meta settles school district lawsuit claiming addictive design harmed students' mental health
The Record 15d ago
INFO
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
The Hacker News 14d ago
INFO
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
The Hacker News 12d ago
INFO
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Hacker News 11d ago
INFO
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
SecurityWeek 10d ago
INFO
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
SecurityWeek 8d ago
INFO
California AG sues 23andMe over 2023 breach exposing health data
BleepingComputer 8d ago
INFO
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
SecurityWeek 3d ago
INFO
Chrome 149 Patches 429 Vulnerabilities
SecurityWeek 1d ago
INFO
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The Record 1d ago
INFO
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
SecurityWeek breachesransomwaresupply-chain 12d ago
INFO
Dutch authorities arrest men suspected of providing infrastructure for Russian cyber operations
The Record breachesransomwarenation-state +1 11d ago
INFO
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
Krebs 12d ago
CRITICAL
CVE-2026-9456 (CVSS 9.8) — A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenV...
NVD CVE-2026-9456 12d ago
CRITICAL
CVE-2026-9455 (CVSS 9.8) — A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the funct...
NVD CVE-2026-9455 12d ago
CRITICAL
CVE-2026-9454 (CVSS 9.8) — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the functi...
NVD CVE-2026-9454 12d ago
HIGH
CVE-2026-9453 (CVSS 7.3) — A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125....
NVD CVE-2026-9453 12d ago
HIGH
Microsoft shares mitigation for YellowKey Windows zero-day
BleepingComputer breachesransomwaresupply-chain +48 17d ago
INFO
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
The Hacker News 24d ago
INFO
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
The Hacker News 24d ago
HIGH
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
The Hacker News 23d ago
INFO
Zero-Day Exploit Against Windows BitLocker
rss:schneier 19d ago
INFO
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
The Hacker News 18d ago
INFO
The New Phishing Click: How OAuth Consent Bypasses MFA
The Hacker News 18d ago
INFO
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
SecurityWeek 18d ago
HIGH
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
SecurityWeek 18d ago
INFO
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
rss:darkreading 18d ago
HIGH
Cybercrime service disrupted for abusing Microsoft platform to sign malware
BleepingComputer 18d ago
INFO
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
The Hacker News 17d ago
INFO
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
The Hacker News 17d ago
INFO
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
SecurityWeek 17d ago
INFO
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
The Hacker News 17d ago
INFO
Microsoft warns of new Defender zero-days exploited in attacks
BleepingComputer 16d ago
INFO
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
SecurityWeek 16d ago
INFO
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
rss:darkreading 15d ago
INFO
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The Record 15d ago
INFO
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
BleepingComputer 12d ago
INFO
Microsoft: Domain Controller lookup may fail on Windows Server 2016
BleepingComputer 11d ago
INFO
Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations
SecurityWeek 11d ago
INFO
Microsoft Defender can now automatically isolate hacked endpoints
BleepingComputer 11d ago
INFO
Microsoft Issues Out-of-Band SharePoint Patch
rss:darkreading 11d ago
INFO
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
The Hacker News 10d ago
INFO
Windows 11 KB5089573 update released with performance improvements
BleepingComputer 10d ago
INFO
Microsoft fixes KB5089549 Windows security update install issues
BleepingComputer 5d ago
INFO
Microsoft confirms outage affecting MFA, My Sign-Ins platform
BleepingComputer 5d ago
INFO
Microsoft fixes outage affecting MFA setup, MySignIn service
BleepingComputer 5d ago
INFO
Microsoft says it will not pursue security researchers after zero-day backlash
The Record 5d ago
INFO
Microsoft investigates Office Apps, Teams file access issues
BleepingComputer 5d ago
INFO
Microsoft's Zero-Day Legal Threats Spark Backlash
rss:darkreading 5d ago
INFO
Microsoft Threatening Security Researcher
rss:schneier 4d ago
INFO
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
SecurityWeek 4d ago
INFO
Microsoft Exchange Online outage causes email delays, failures
BleepingComputer 4d ago
INFO
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
rss:darkreading 4d ago
INFO
Microsoft's Coreutils project brings Linux commands to Windows
BleepingComputer 3d ago
INFO
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
The Hacker News 3d ago
INFO
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
SecurityWeek 3d ago
INFO
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker News 3d ago
INFO
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
The Hacker News 3d ago
INFO
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
rss:darkreading 3d ago
INFO
VS Code Vulnerability Allows One-Click GitHub Token Theft
SecurityWeek 2d ago
INFO
Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process
The Record 2d ago
INFO
Microsoft blames unexpected Windows driver updates on caching issue
BleepingComputer 2d ago
INFO
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The Hacker News 1d ago
INFO
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
The Hacker News 1d ago
INFO
Chinese APT deploys new malware to keep access to hacked networks
BleepingComputer 1d ago
INFO
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
The Hacker News 15h ago
INFO
Oncology Institute Discloses Data Breach
SecurityWeek breachesransomwaresupply-chain 12d ago
CRITICAL
CVE-2026-26980 (CVSS 9.4) — Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a...
NVD CVE-2026-26980 +2 106d ago
INFO
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
BleepingComputer 13d ago
INFO
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
The Hacker News 12d ago
INFO
The Alert Firehose Finally Meets Its Match
The Hacker News supply-chainbreachesmalware 12d ago
INFO
266,000 Affected by Data Breach at Radiology Associates of Richmond
SecurityWeek breachesransomwaresupply-chain 12d ago
HIGH
CVE-2026-9452 (CVSS 7.3) — A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc85...
NVD CVE-2026-9452 12d ago
HIGH
CVE-2026-9447 (CVSS 7.3) — A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted elemen...
NVD CVE-2026-9447 12d ago
INFO
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa
The Hacker News supply-chainbreachesmalware +10 2d ago
INFO
Middle East Cyber Battle Field Broadens — Especially in UAE
rss:darkreading 31d ago
INFO
Cyber Resilience is the New Business Continuity Plan
SecurityWeek 18d ago
INFO
Windows Zero-Day Barrage Continues After Patch Tuesday
rss:darkreading 18d ago
INFO
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
BleepingComputer 17d ago
INFO
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
SecurityWeek 12d ago
INFO
Iranian APT Targets Aviation, Software Companies With Updated Tools
SecurityWeek 11d ago
INFO
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Hacker News 11d ago
INFO
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
The Hacker News 9d ago
INFO
Global Stock Exchange Hit by Monthslong Email Campaign
rss:darkreading 3d ago
INFO
What 345 Days of Untested Exposure Looks Like at a Bank
BleepingComputer 3d ago
INFO
Laravel-Lang Packages Poisoned for Malware Delivery
SecurityWeek breachesransomwaresupply-chain 12d ago
HIGH
CVE-2026-9443 (CVSS 8.8) — A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the ...
NVD CVE-2026-9443 12d ago
HIGH The Hacker News Mon, 18 May 2026 08:57:34 UTC
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html
TL;DR AI
Here is a 3-sentence summary for a technical security audience: Chaotic Eclipse has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day vulnerability, MiniPlasma, which grants attackers SYSTEM privileges on fully patched Windows systems, including Windows 11. The vulnerability, codenamed "cldflt.sys," impacts the Windows Cloud Files Mini Filter Driver and is still present despite Microsoft's initial patch in December 2020. The vulnerability was discovered by Chaotic Eclipse researcher James Forshaw, who found it in Google Project Zero's September 2020 report, and was initially thought to be fixed, but further investigation has confirmed that it remains unpatched.
supply-chainbreachesmalwarezero-day
Read full story ↗
Related coverage (19)
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
rss:darkreading 26d ago
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
rss:darkreading 25d ago
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
The Hacker News 24d ago
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
The Hacker News 24d ago
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
The Hacker News 22d ago
Can Laws Stop Deepfakes? South Korea Aims to Find Out
rss:darkreading 19d ago
Processes and Culture Top Reasons Behind Data Breaches
rss:darkreading 17d ago
When Identity is the Attack Path
The Hacker News 16d ago
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The Hacker News 15d ago
Meta settles school district lawsuit claiming addictive design harmed students' mental health
The Record 15d ago
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
The Hacker News 14d ago
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
The Hacker News 12d ago
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Hacker News 11d ago
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
SecurityWeek 10d ago
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
SecurityWeek 8d ago
California AG sues 23andMe over 2023 breach exposing health data
BleepingComputer 8d ago
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
SecurityWeek 3d ago
Chrome 149 Patches 429 Vulnerabilities
SecurityWeek 1d ago
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The Record 1d ago