cyber·news

CRITICAL

CVE-2026-8206 (CVSS 9.8) — The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t...

NVD CVE-2026-8206 +1 4d ago

INFO

Critical Kirki flaw exploited to hijack WordPress admin accounts

BleepingComputer 3d ago

INFO

Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads

SecurityWeek breachesransomwaresupply-chain +1 3d ago

INFO

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

The Hacker News 4d ago

CRITICAL

CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability (Linux Kernel)

CISA KEV CVE-2022-0492actively-exploited +1 4d ago

HIGH

CVE-2022-0492 (CVSS 7.8) — A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgro...

NVD 1555d ago

CRITICAL

CVE-2025-48595: Android Framework Integer Overflow Vulnerability (Android Framework)

CISA KEV CVE-2025-48595actively-exploited +2 4d ago

INFO

Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities

SecurityWeek 3d ago

INFO

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

The Hacker News 3d ago

HIGH

CVE-2026-24782 (CVSS 7.6) — Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilit...

NVD CVE-2026-24782 4d ago

INFO

Spain arrests suspected hacker for publishing personal data of police, prosecutors and cyber officials

The Record breachesransomwarenation-state 4d ago

HIGH

CVE-2025-32348 (CVSS 7.8) — In multiple locations, there is a possible background activity launch due to a missing permission ch...

NVD CVE-2025-32348 4d ago

HIGH

CVE-2025-22424 (CVSS 7.8) — In multiple locations, there is a possible way to reveal images across users due to improper input v...

NVD CVE-2025-22424 4d ago

CRITICAL

CVE-2018-25427 (CVSS 9.8) — Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to ...

NVD CVE-2018-25427 4d ago

INFO

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

BleepingComputer breachesransomwaresupply-chain 4d ago

HIGH

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

The Hacker News supply-chainbreachesmalware +16 16d ago

INFO

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)

rss:unit42 35d ago

INFO

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

rss:darkreading 24d ago

HIGH

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

The Hacker News 22d ago

HIGH

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

The Hacker News 18d ago

HIGH

Developer Workstations Are Now Part of the Software Supply Chain

The Hacker News 18d ago

HIGH

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

The Hacker News 18d ago

HIGH

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

The Hacker News 17d ago

INFO

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

SecurityWeek 16d ago

INFO

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

The Hacker News 11d ago

INFO

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

The Hacker News 7d ago

INFO

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

The Hacker News 4d ago

INFO

Red Hat npm packages compromised to steal developer credentials

BleepingComputer 4d ago

INFO

Supply Chain Attack Hits 32 Red Hat NPM Packages

SecurityWeek 3d ago

INFO

New IronWorm malware hits 36 packages in npm supply-chain attack

BleepingComputer 1d ago

INFO

Rust-Written IronWorm Hits NPM Supply Chain

rss:darkreading 1d ago

INFO

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

The Hacker News 10h ago

INFO

Spain arrests doxer leaking sensitive data of govt employees

BleepingComputer breachesransomwaresupply-chain 4d ago

INFO

Anthropic to Open Mythos AI to EU's ENISA

rss:darkreading breachesmalwarethreat-actors 4d ago

INFO

Inspector general finds NIST mistakes have made vulnerability database ineffective

The Record breachesransomwarenation-state 4d ago

HIGH

CVE-2026-9330 (CVSS 8.5) — IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied...

NVD CVE-2026-9330 4d ago

CRITICAL

CVE-2026-9319 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due t...

NVD CVE-2026-9319 4d ago

CRITICAL

CVE-2026-9311 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the b...

NVD CVE-2026-9311 4d ago

CRITICAL

CVE-2026-8644 (CVSS 9.1) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

NVD CVE-2026-8644 4d ago

HIGH

CVE-2026-47294 (CVSS 8) — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex...

NVD CVE-2026-47294 4d ago

MEDIUM

CVE-2026-45284 (CVSS 4.6) — Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4...

NVD CVE-2026-45284 4d ago

CRITICAL

CVE-2026-22872 (CVSS 9.1) — Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs wi...

NVD CVE-2026-22872 4d ago

HIGH

CVE-2026-0072 (CVSS 7.8) — In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a mi...

NVD CVE-2026-0072 4d ago

HIGH

Microsoft shares mitigation for YellowKey Windows zero-day

BleepingComputer breachesransomwaresupply-chain +47 16d ago

INFO

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

The Hacker News 23d ago

INFO

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

The Hacker News 23d ago

HIGH

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

The Hacker News 22d ago

INFO

Zero-Day Exploit Against Windows BitLocker

rss:schneier 18d ago

INFO

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

The Hacker News 17d ago

INFO

The New Phishing Click: How OAuth Consent Bypasses MFA

The Hacker News 17d ago

INFO

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

SecurityWeek 17d ago

HIGH

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’

SecurityWeek 17d ago

INFO

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

rss:darkreading 17d ago

HIGH

Cybercrime service disrupted for abusing Microsoft platform to sign malware

BleepingComputer 17d ago

INFO

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

The Hacker News 16d ago

INFO

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

The Hacker News 16d ago

INFO

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

SecurityWeek 16d ago

INFO

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

The Hacker News 16d ago

INFO

Microsoft warns of new Defender zero-days exploited in attacks

BleepingComputer 15d ago

INFO

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

SecurityWeek 15d ago

INFO

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.

rss:darkreading 14d ago

INFO

FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks

The Record 14d ago

INFO

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

BleepingComputer 11d ago

INFO

Microsoft: Domain Controller lookup may fail on Windows Server 2016

BleepingComputer 10d ago

INFO

Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations

SecurityWeek 10d ago

INFO

Microsoft Defender can now automatically isolate hacked endpoints

BleepingComputer 10d ago

INFO

Microsoft Issues Out-of-Band SharePoint Patch

rss:darkreading 10d ago

INFO

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

The Hacker News 9d ago

INFO

Windows 11 KB5089573 update released with performance improvements

BleepingComputer 9d ago

INFO

Microsoft fixes KB5089549 Windows security update install issues

BleepingComputer 4d ago

INFO

Microsoft confirms outage affecting MFA, My Sign-Ins platform

BleepingComputer 4d ago

INFO

Microsoft fixes outage affecting MFA setup, MySignIn service

BleepingComputer 4d ago

INFO

Microsoft says it will not pursue security researchers after zero-day backlash

The Record 4d ago

INFO

Microsoft investigates Office Apps, Teams file access issues

BleepingComputer 4d ago

INFO

Microsoft's Zero-Day Legal Threats Spark Backlash

rss:darkreading 4d ago

INFO

Microsoft Threatening Security Researcher

rss:schneier 3d ago

INFO

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

SecurityWeek 3d ago

INFO

Microsoft Exchange Online outage causes email delays, failures

BleepingComputer 3d ago

INFO

FBI-Flagged Phishing Kit Kali365 Expands Its Reach

rss:darkreading 3d ago

INFO

Microsoft's Coreutils project brings Linux commands to Windows

BleepingComputer 3d ago

INFO

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

The Hacker News 2d ago

INFO

Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash

SecurityWeek 2d ago

INFO

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

The Hacker News 2d ago

INFO

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

The Hacker News 2d ago

INFO

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

rss:darkreading 2d ago

INFO

VS Code Vulnerability Allows One-Click GitHub Token Theft

SecurityWeek 1d ago

INFO

Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process

The Record 1d ago

INFO

Microsoft blames unexpected Windows driver updates on caching issue

BleepingComputer 1d ago

INFO

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

The Hacker News 22h ago

INFO

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

The Hacker News 15h ago

INFO

Chinese APT deploys new malware to keep access to hacked networks

BleepingComputer 10h ago

INFO

NSA selects new leads for key cybersecurity posts

The Record breachesransomwarenation-state 4d ago

CRITICAL

CVE-2026-8732 (CVSS 9.8) — The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account...

NVD CVE-2026-8732 +1 7d ago

INFO

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites

SecurityWeek 4d ago

INFO

Dashlane password manager users locked out by brute force attacks

BleepingComputer breachesransomwaresupply-chain 4d ago

INFO

Dutch Police Dismantle Massive 17-Million-Device Botnet

SecurityWeek breachesransomwaresupply-chain +2 4d ago

INFO

Dutch govt disrupts malware botnet with 17 million infected devices

BleepingComputer 7d ago

INFO

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

The Hacker News 5d ago

INFO

Hacking Meta’s AI Chatbot

rss:schneier analysispolicy +4 1d ago

INFO

Tech giants promise British regulator they will tweak platforms to protect kids online

The Record 15d ago

INFO

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Krebs 4d ago

INFO

Meta AI Hands Over High-Profile Instagram Accounts to Hackers

SecurityWeek 3d ago

INFO

Instagram users locked out after Meta AI abused to steal accounts

BleepingComputer 3d ago

HIGH

CVE-2026-10270 (CVSS 8.8) — A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprin...

NVD CVE-2026-10270 4d ago

INFO

WordPress malware campaign hides payloads in Steam profiles

BleepingComputer breachesransomwaresupply-chain 4d ago

INFO

Vulnerability Disclosure in the Age of AI

rss:schneier analysispolicy 4d ago

HIGH

CVE-2026-10263 (CVSS 7.3) — A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affect...

NVD CVE-2026-10263 4d ago

HIGH

CVE-2026-10262 (CVSS 7.3) — A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown fun...

NVD CVE-2026-10262 4d ago

HIGH

CVE-2026-10261 (CVSS 7.3) — A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the fi...

NVD CVE-2026-10261 4d ago

HIGH

CVE-2026-10260 (CVSS 7.3) — A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown ...

NVD CVE-2026-10260 4d ago

HIGH

CVE-2026-10259 (CVSS 8.8) — A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is th...

NVD CVE-2026-10259 4d ago

INFO

Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs

SecurityWeek CVE-2026-41089breachesransomware 4d ago

INFO

Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit

rss:darkreading breachesmalwarethreat-actors 4d ago

INFO

Race Against Time: Why Faster Vulnerability Alerts Matter

BleepingComputer breachesransomwaresupply-chain 4d ago

INFO

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

The Hacker News supply-chainbreachesmalware 4d ago

HIGH

CVE-2026-10253 (CVSS 7.3) — A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown...

NVD CVE-2026-10253 4d ago

HIGH

CVE-2026-10252 (CVSS 7.3) — A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affe...

NVD CVE-2026-10252 4d ago

HIGH

CVE-2026-10251 (CVSS 7.3) — A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element ...

NVD CVE-2026-10251 4d ago

INFO

Dragos Acquires xIoT Security Firm Phosphorus

SecurityWeek breachesransomwaresupply-chain 4d ago

INFO

Critical Windows Netlogon RCE flaw now exploited in attacks

BleepingComputer breachesransomwaresupply-chain 4d ago

INFO

Webinar tomorrow: From alert to resolution in network incident response

BleepingComputer breachesransomwaresupply-chain 4d ago

INFO

CISA Adds One Known Exploited Vulnerability to Catalog

rss:cisa-advisories actively-exploitedadvisories +3 16h ago

INFO

CISA Adds One Known Exploited Vulnerability to Catalog

rss:cisa-advisories 4d ago

INFO

CISA Adds Two Known Exploited Vulnerabilities to Catalog

rss:cisa-advisories 3d ago

INFO

CISA Adds One Known Exploited Vulnerability to Catalog

rss:cisa-advisories 2d ago

Prev Page 7 / 43 Next

CRITICAL NVD Tue, 02 Jun 2026 04:17:03 UTC

CVE-2026-8206 (CVSS 9.8) — The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t...

https://nvd.nist.gov/vuln/detail/CVE-2026-8206

TL;DR AI

Here is a concise summary of the article in 2-3 sentences for a technical security audience: A vulnerability in the Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress allows an attacker to escalate their privileges by sending a password reset request to a user's email address, potentially allowing them to gain access to that user's account. The vulnerability affects all versions of the plugin from 6.0.0 to 6.0.6. The vulnerability is due to an arbitrary email address being accepted in the password reset request, rather than the username. The vulnerability has been identified by Wordfence and is not yet prioritized for NVD enrichment efforts.

CVE-2026-8206

Read full story ↗