Critical vm2 sandbox bug lets attackers execute code on hosts
…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…
Search
VS Code zero-day lets hackers steal GitHub tokens in one click
…is publicly disclosed and/or actively exploited with no official patch currently available. As researcher Ammar Askar explained in a blog post on Tuesday, this VS Code vulnerability allows attackers to install…
Acer working to patch max severity zero-days in Wave 7 routers
…severity zero-day vulnerabilities affecting its Wave 7 mesh routers. According to a Friday security advisory , the two security flaws were reported by security researcher Gergo Pap and affect Wave 7 routers…
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
…This means that the comfortable assumptions of vulnerability management, that CVSS scores meaningfully prioritize, that "exploitability" is a useful filter, that you have time between disclosure and weaponization, have all quietly broken…
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
…As part of today's updates, Microsoft has fixed numerous vulnerabilities in Microsoft Office, Word, and Excel that could lead to remote code execution. These flaws are exploited by opening malicious files…
Instructure confirms hackers used Canvas flaw to deface portals
…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…
Critical Kirki flaw exploited to hijack WordPress admin accounts
Critical Kirki flaw exploited to hijack WordPress admin accounts By Bill Toulas June 2, 2026 06:12 PM Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki…
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red…
Max-severity flaw in ChromaDB for AI apps allows server hijacking
…18-year-old NGINX vulnerability allows DoS, potential RCE 13-year-old bug in ActiveMQ lets hackers remotely execute commands Max severity Flowise RCE vulnerability now exploited in attacks CISA: New Langflow…
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
…On the third and final day of the contest, the competitors hacked Windows 11 and Red Hat Enterprise Linux for Workstations again, and used a memory corruption bug to exploit VMware ESXi…