Latest Cybersecurity News & Insights
02 June 2026
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
The post The Zero-Knowledge Threat Actor and the End of Responsible Disclosure appeared first on SecurityWeek.
02 June 2026
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device.
The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.
02 June 2026
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days.
The industry's
02 June 2026
The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers.
The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek.
01 June 2026
The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations.
The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek.
01 June 2026
Organizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation.
The post Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs appeared first on SecurityWeek.
01 June 2026
proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems.
The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek.
01 June 2026
Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure.
The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek.
30 May 2026
The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow.
The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek.
30 May 2026
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections.
"Authentication bypass vulnerabilities in the
29 May 2026
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks.
The technique has been codenamed ChatGPhish by Permiso Security.
"The chatgpt.com response renderer trusts Markdown links and Markdown
29 May 2026
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability.
"The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised
29 May 2026
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names.
The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek.
28 May 2026
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions.
The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier.
"The vulnerability allows any authenticated user to achieve remote code execution (RCE) on
28 May 2026
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed.
The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day
28 May 2026
Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching.
The post Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks appeared first on SecurityWeek.
28 May 2026
The security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure.
The post Gitea Vulnerability Exposed 30,000 Deployments to Attacks appeared first on SecurityWeek.
27 May 2026
Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx.
The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek.
27 May 2026
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials.
The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2
27 May 2026
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges.
The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.