New Fragnesia Linux flaw lets attackers gain root privileges
…CISA added Copy Fail to its catalog of flaws exploited in attacks on May 1 and ordered federal agencies to secure their Linux systems within two weeks, by May 15. "This type…
Search
Top stories
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
…Google released Android's May security bulletin , which fixes 10 vulnerabilities. Ivanti released security updates for a high-severity Endpoint Manager Mobile (EPMM) remote code execution vulnerability, which was exploited in zero…
WP Maps Pro bug exploited to create admin accounts on WordPress sites
…Researchers at WordPress security company Defiant observed that threat actors are trying to exploit the vulnerability, and blocked more than 3,600 attempts over the past 24 hours. “When the request is…
Hackers exploit FortiClient EMS flaw to push infostealer malware
…The exploited critical vulnerability is an improper access control flaw that allows unauthenticated remote attackers to execute arbitrary code or commands via specially crafted requests. Fortinet confirmed in early April that it…
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin By Bill Toulas May 14, 2026 05:07 PM Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst…
Avada Builder WordPress plugin flaws allow site credential theft
…The other security issue received the identifier CVE-2026-4798 and is an SQL injection that can be leveraged without authentication. However, exploitation is possible only if the WooCommerce e-commerce plugin…
Acer working to patch max severity zero-days in Wave 7 routers
…leaks “BlueHammer” Windows zero-day exploit New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released New Gogs zero-day flaw lets hackers get remote code execution Max-severity flaw in…
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
…Ivanti fixes EPMM zero-days chained in code execution attacks CISA flags new SD-WAN flaw as actively exploited in attacks Ransomware gang exploits Cisco flaw in zero-day attacks since January…
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
…by Picus Security May 13, 2026 08:30 AM By Sila Ozeren Hacioglu , Security Research Engineer at Picus Security. In April 2026, Anthropic released its newest frontier model, codename Mythos , to twelve…
Drupal: Critical SQL injection flaw now targeted in attacks
…The flaw is exploitable without authentication and could result in remote code execution, privilege escalation, and information disclosure. In an update to the advisory on May 22, Drupal confirmed that exploitation attempts…