Critical vm2 sandbox bug lets attackers execute code on hosts
…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…
Search
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
…Google released Android's May security bulletin , which fixes 10 vulnerabilities. Ivanti released security updates for a high-severity Endpoint Manager Mobile (EPMM) remote code execution vulnerability, which was exploited in zero…
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign By Bill Toulas May 24, 2026 10:12 AM A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE…
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
…also exploited in zero-day attacks by a threat actor tracked as "UAT-8616" since 2023 to create rogue peers in organizations. Cisco has released security updates to address the vulnerability and…
Acer working to patch max severity zero-days in Wave 7 routers
…two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. According to a Friday security advisory , the two security flaws were reported by security researcher Gergo Pap and affect Wave…
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
…Will Dormann, principal vulnerability analyst at Tharros, also confirmed the exploit works in his tests on the latest public version of Windows 11. However, he said that the flaw does not work…
Drupal: Critical SQL injection flaw now targeted in attacks
…Critical SQL injection flaw now targeted in attacks By Bill Toulas May 22, 2026 09:14 AM Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability…
Funnel Builder WordPress plugin bug exploited to steal credit cards
Funnel Builder WordPress plugin bug exploited to steal credit cards By Bill Toulas May 15, 2026 03:30 PM A critical vulnerability in the Funnel Builder plugin for WordPress is being actively…
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin By Bill Toulas May 14, 2026 05:07 PM Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst…
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
…Sponsored and written by Picus Security . Artificial Intelligence Autonomous Validation Cybersecurity Picus Security Vulnerability Previous Article Next Article