Search

bleepingcomputer.com › news › security

CISA orders feds to patch actively exploited Drupal vulnerability

… Cybersecurity and Infrastructure Security Agency CISA added the flaw to its Known Exploited Vulnerabilities KEV Catalog and ordered Federal Civilian Executive Branch FCEB agencies to patch their systems by midnight on Wednesday, May 27, as mandated by Binding Operational Directive BOD 22-01 . …

May 26, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

CISA flags two-year-old Oracle flaw as actively exploited in attacks

… "Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." Internet intelligence platform Shodan now tracks over 1,592 Oracle WebLogic servers exposed online and vulnerable to CVE-2024-21182 exploit… …

Jun 2, 2026 · Sergiu Gatlan

pcworld.com › article › 3108242

Security expert publishes Windows exploit after Microsoft went silent

One security researcher discovered a previously unpatched vulnerability in Windows and reported it to the Microsoft Security Response Center. …

Apr 7, 2026 · By Laura Pippig

tomshardware.com › software › linux

CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros — unpatched systems may remain vulnerable to attack

… Cybersecurity and Infrastructure Security Agency CISA added a newly disclosed Linux vulnerability, dubbed “Copy Fail,” to its Known Exploited Vulnerabilities catalog on May 1st, warning that the flaw, tracked as CVE-2026-31431, is already being used in active attacks and urging rapid patching acros… …

May 4, 2026 · Etiido Uko

Top stories

theverge.com

Microsoft is threatening legal action for disclosing exploits

4d ago

techradar.com

Another major Linux security flaw revealed — nine-year old issue could spell disaster for users

1w ago

hothardware.com

Millions of Chrome and Edge Users Exposed To Alarming Exploit by Google Security Blunder

1w ago

pcworld.com

Microsoft patches several zero-day vulnerabilities with emergency updates

1w ago

tomshardware.com › tech-industry › cyber-security

First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS — Claude Mythos helps security researchers bypass Memory Integrity Enforcement

… MIE is enforced at the hardware level in a hypervisor-like configuration and effectively protects against most common classes of security exploits, namely, but not only, buffer overflows and use-after-free vulnerabilities. …

May 16, 2026 · Bruno Ferreira

theregister.com › security › 2026 › …

Unknown attackers exploit another critical SharePoint bug

… At the time, the vulnerability was neither publicly known nor exploited, according to Microsoft, which deemed exploitation "less likely." Fast forward to Wednesday when the US Cybersecurity and Infrastructure Agency added CVE-2026-20963 to its Known Exploited Vulnerabilities KEV catalog, gave feder… …

Mar 19, 2026 · Jessica Lyons

theregister.com › security › 2026 › …

Ransomware scum, other crims exploit 4 old Microsoft bugs

… The latter had been exploited as a zero-day for months , and Adobe finally released a patch over the weekend. ® security patches patch management microsoft cybersecurity and infrastructure security agency cybercrime

Apr 13, 2026 · Jessica Lyons

Discussions and forums

Hacker News · u/randersson1000 · Apr 22, 2026

Speed Matters: Why AI Software Vulnerability Exploitation is going be bad

I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …

13 5

r/netsec · u/unknownhad · 3w ago

The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.

The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …

r/cybersecurity · u/Aureliand · 6d ago

Microsoft vs Chaotic Eclipse: three zero-days now actively exploited

This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…

Hacker News · u/honeylabs · 2w ago

Show HN: HoneyLabs – Public honeypot threat Intel feed and MCP server

I've been running a small fleet of honeypots for about a year. They get hit by a mix of research scanners (Censys, Shadowserver, etc.), old worms, and a bump of CVE probes the day a new Nuclei template ships. The data wa…

4 2

engadget.com › 2173543

Security researchers, aided by Anthropic's Mythos, claim to have breached macOS - Engadget

… Apple is taking the researchers' findings seriously, and told The Journal : "Security is our top priority, and we take reports of potential vulnerabilities very seriously." In fact, the researchers already met with the company at Apple Park in Cupertino to discuss what they're calling the "first pu… …

May 15, 2026 · Mariella Moon

arstechnica.com › security › 2026 › …

Linux bitten by second severe vulnerability in as many weeks

… Once the exploits run, attackers can use SSH access, web-shell execution, or container escapes, or compromise low-privilege accounts. “Dirty Frag is notable because it introduces multiple kernel attack paths involving rxrpc and esp/xfrm networking components to improve exploitation reliability,” Mi… …

May 11, 2026 · Dan Goodin

bleepingcomputer.com › news › microsoft

Microsoft warns of Exchange zero-day flaw exploited in attacks

… Over the last 5 years, CISA has added 19 Microsoft Exchange Server vulnerabilities to its list of actively exploited security flaws, 14 of which were also abused in ransomware attacks. …

May 15, 2026 · Sergiu Gatlan