News • Insights • Analysis
Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty. The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the Read More …
Over the past two months, the anonymous researcher Nightmare Eclipse (also known as Chaotic Eclipse) has publicly released six Windows vulnerabilities complete with ready-to-use exploits, without prior coordination with Microsoft. The most critical of these is MiniPlasma, a zero-day local Read More …
Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access. The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific Read More …
There’s a huge hole and no one is patching it thus far. A critical, remote code execution (RCE) bug in Gogs, a popular open-source self-hosted Git service, can be exploited by any authenticated user – no special privileges required – Read More …
After a security researcher published a series of unpatched bugs in Microsoft products, along with code to exploit them, the company is now threatening to take legal action and call the cops on them. Microsoft’s veiled threat reignites a long-running Read More …
Exploit attempts are already hammering a newly disclosed NGINX bug dubbed “NGINX Rift,” proving once again that attackers read patch notes faster than most admins. Researchers at VulnCheck said they are seeing active exploitation tied to CVE-2026-42945, a heap buffer overflow flaw Read More …
Threat actors could escalate privileges and gain SYSTEM access on a fully patched Windows 11 device thanks to an unpatched vulnerability which allegedly should have been fixed years ago, new reports have claimed. A researcher with the alias Chaotic Eclipse recently disclosed Read More …
Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager. Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all Read More …
Security researchers have discovered a new vulnerability in the Linux kernel which could allow malicious actors to run code with elevated privileges, exposing systems to risk of data theft, malware deployment, and even full device takeover. The vulnerability is tracked Read More …
A popular WordPress plugin with roughly a million active installations contained two vulnerabilities that could have allowed malicious actors to exfiltrate sensitive data, such as password hashes and other valuable information. Security researchers at Wordfence said they were tipped off by a researcher Rafie Read More …
