Security Articles

Stay ahead of emerging threats with expert analysis from 137 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Tuesday, June 9, 2026, the most urgent items for production stacks: the "Miasma" worm has detonated across 73 Microsoft-owned GitHub repositories in an npm supply-chain cascade — a software supply-chain attack means malicious code is planted in a trusted package your developers already install, so it spreads automatically into everything that depends on it — making any team that pulls JavaScript packages from npm a potential downstream victim; audit your dependencies and pin trusted versions now. The Cisco Catalyst SD-WAN Manager zero-day CVE-2026-20245 remains under active exploitation with no patch available yet — restrict management-interface access and watch Cisco's advisory for the fix. Cisco Unified Communications Manager flaw CVE-2026-20230 hands attackers root through a server-side request forgery (SSRF) bug — a server tricked into making attacker-controlled requests — and a working proof-of-concept exploit is already public, so patch now. The Mirasvit Cache Warmer bug CVE-2026-45247 is being used for active remote code execution (RCE — running attacker code on your server) against Magento e-commerce stores. Still carrying forward: the HTTP/2 "Bomb" CVE-2026-49975 lets a single home connection knock NGINX, Apache, IIS, and Cloudflare web servers offline; Palo Alto GlobalProtect authentication-bypass CVE-2026-0257 remains on the CISA Known Exploited Vulnerabilities (KEV) catalog under active exploitation; and the WP Maps Pro WordPress flaw CVE-2026-8732 is still spawning rogue administrator accounts across roughly 15,000 sites. If your business pulls npm packages, or runs Cisco SD-WAN or Unified CM, Magento, a public web server, Palo Alto GlobalProtect, or WordPress with WP Maps Pro, these advisories require action now — start with the article-level remediation steps below.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

72 articles found

Featured Story

critical

May 19, 2026

criticalCVE AdvisoryVulnerability

CRITICAL: 'MiniPlasma' Windows 0-Day Resurrects 2020 SYSTEM Escalation Bug Microsoft Thought It Killed

A working zero-day exploit dubbed MiniPlasma escalates standard users to SYSTEM on fully patched Windows 11. It abuses cldflt.sys, the same Cloud Filter driver behind CVE-2020-17103 that Microsoft 'fixed' in 2020. PoC is public on GitHub. No patch yet. Assume compromise paths exist on every Windows endpoint until the next Patch Tuesday.

By Danny MercerRead Full Article

critical

CVE AdvisoryVulnerability•May 18, 2026

CRITICAL: 18-Year-Old NGINX Rewrite Module Flaw Hits Active Exploitation in Days

A heap buffer overflow lurking in NGINX's ngx_http_rewrite_module since 2008 went from coordinated disclosure to active in-the-wild exploitation in roughly seventy-two hours. CVE-2026-42945 affects every release from 0.6.27 through 1.30.0 across both Open Source and Plus, can crash worker processes trivially, and can reach remote code execution on hosts where ASLR is disabled. Patches are available in NGINX 1.30.1 and 1.31.0.

critical

CVE AdvisoryVulnerability•May 17, 2026

CRITICAL: Cisco Catalyst SD-WAN CVE-2026-20182 Hits CVSS 10.0 with Active Exploitation by UAT-8616

Cisco patched CVE-2026-20182, a CVSS 10.0 authentication bypass in Catalyst SD-WAN Controller and Manager that lets an unauthenticated remote attacker gain administrative access via the vdaemon peering service on UDP/12346. CISA added the flaw to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of May 17, 2026. Threat cluster UAT-8616 is actively exploiting it. No workarounds, only patches.

high

CVE AdvisoryVulnerability•May 16, 2026

HIGH: Microsoft Exchange Server XSS Flaw CVE-2026-42897 Under Active Attack

Microsoft Exchange Server CVE-2026-42897 is a cross-site scripting flaw in Outlook Web Access that lets a crafted email execute JavaScript in the victim OWA session. CISA added it to the Known Exploited Vulnerabilities catalog on May 15, 2026 after confirmed in-the-wild exploitation, with a May 29 federal mitigation deadline. Exchange Server 2016, 2019, and Subscription Edition are affected. Exchange Online is not. Microsoft scored it CVSS 8.1, and patches shipped in the May 2026 security update.

critical

CVE AdvisoryVulnerability•May 14, 2026

NGINX Rift CVE-2026-42945 — 18-Year-Old Bug Hands Attackers Your Web Server Without Auth

A heap buffer overflow in NGINX ngx_http_rewrite_module has been hiding in the codebase since 2008. CVE-2026-42945 (CVSS 9.2) lets unauthenticated attackers hijack any unpatched NGINX instance. With NGINX powering over 30% of the internet, patch immediately.

critical

CVE AdvisoryVulnerability•May 13, 2026

May 2026 Patch Tuesday: Unauthenticated Netlogon and DNS RCE Hit CVSS 9.8

Microsoft shipped 138 patches including two unauthenticated remote code execution flaws rated CVSS 9.8. CVE-2026-41089 gives SYSTEM on domain controllers via Netlogon overflow. CVE-2026-41091 does the same via Windows DNS. Both are wormable. Patch now.

critical

CVE AdvisoryVulnerability•May 12, 2026

CRITICAL: cPanel WHM Authentication Bypass CVE-2026-41940 Exploited for Two Months Before Patch

cPanel and WHM are bleeding root through CVE-2026-41940, a CVSS 9.8 CRLF-injection authentication bypass that has been exploited in the wild since late February 2026. The April 28 patch is available now, but attackers running automated campaigns from over 2,000 source IPs have been deploying a cross-platform Go backdoor on compromised hosts for two months. Patch immediately and assume breach on any internet-exposed unpatched server.

high

CVE AdvisoryVulnerability•May 11, 2026

HIGH: Ivanti EPMM CVE-2026-6973 Under Active Exploitation, CISA Mandates 3-Day Federal Patch Deadline

Ivanti has confirmed in-the-wild exploitation of CVE-2026-6973, an authenticated remote code execution flaw in on-premises Endpoint Manager Mobile rated CVSS 7.2. CISA added the bug to its Known Exploited Vulnerabilities catalog on May 7 and gave federal agencies until May 10, 2026 to remediate. The exploitation pattern strongly suggests reuse of admin credentials harvested during the unauthenticated EPMM compromises disclosed in January 2026.

high

CVE AdvisoryVulnerability•May 10, 2026

cPanel Drops Three More CVEs After Ransomware Fallout — Including Perl Injection in create_user

cPanel and WHM shipped fixes for three CVEs on May 8 including a CVSS 8.8 Perl code injection in the create_user API that lets authenticated attackers execute arbitrary system commands. If you run cPanel, update immediately — attackers are already watching.

high

CVE AdvisoryVulnerability•May 9, 2026

HIGH: 'Dirty Frag' Linux Kernel Bugs Hand Locals Root, One Half Already Patched, RxRPC Half Still Open (CVE-2026-43284, CVE-2026-43500)

Two Linux kernel page-cache write bugs collectively named Dirty Frag let any unprivileged local user pop a root shell in one command. CVE-2026-43284 in xfrm-ESP was patched May 8. CVE-2026-43500 in RxRPC is still unpatched. Microsoft has already seen active exploitation in the wild and a public proof-of-concept is on GitHub.

high

CVE AdvisoryVulnerability•May 8, 2026

Ivanti EPMM Zero-Day Under Active Exploitation With 850 Servers Exposed (CVE-2026-6973)

CVE-2026-6973 is an authenticated RCE in on-prem Ivanti Endpoint Manager Mobile confirmed under active exploitation. CISA added it to the KEV catalog with a 3-day federal patch deadline. Over 850 internet-facing instances remain exposed. Check your MDM now.

high

CVE AdvisoryVulnerability•May 7, 2026

HIGH: Apache HTTP/2 Double-Free (CVE-2026-23918) Lets Two Frames DoS Your Web Server, RCE Already Demoed

Apache HTTP Server 2.4.66 ships a double-free in mod_http2 that crashes worker processes with two HTTP/2 frames and no authentication. CVSS 8.8, DoS exploitation already in the wild, and a public PoC chain converts the bug to remote code execution on default Debian and Docker builds. The fix is in 2.4.67, released May 4.

critical

CVE AdvisoryVulnerability•May 6, 2026

CRITICAL: Palo Alto PAN-OS Zero-Day Hands Attackers Root on Internet-Facing Firewalls (CVE-2026-0300)

CVE-2026-0300 is an unauthenticated buffer overflow in the PAN-OS User-ID Authentication Portal that grants root code execution on PA-Series and VM-Series firewalls. Palo Alto has confirmed limited in-the-wild exploitation against internet-exposed portals. CVSS scores 9.3 for internet-exposed deployments, 8.7 for trusted-network only. Patches roll out from May 13 through May 28, 2026.

critical

CVE AdvisoryVulnerability•May 5, 2026

CRITICAL: Progress MOVEit Automation Hit by 9.8 Auth Bypass With No Workaround

Progress Software disclosed CVE-2026-4670, an unauthenticated authentication bypass in MOVEit Automation rated CVSS 9.8, alongside CVE-2026-5174, a CVSS 7.7 privilege escalation. Patch to 2025.1.5, 2025.0.9, or 2024.1.8. No workarounds exist.

critical

CVE AdvisoryVulnerability•May 4, 2026

CRITICAL: cPanel Authentication Bypass CVE-2026-41940 Exploited Against MSPs and Government Targets

A pre-authentication bypass in cPanel and WHM (CVE-2026-41940, CVSS 9.8) is being mass-exploited. CRLF injection in cpsrvd lets attackers forge a session cookie and gain root with no credentials. CISA added it to KEV on April 30, 2026. Patch immediately.

high

CVE AdvisoryVulnerability•May 3, 2026

CVE-2026-31431 Copy Fail — How Local Linux Root Got Easier in May 2026

A logic flaw in the Linux kernel algif_aead module gives any unprivileged local user root access on every major distro released since 2017. CISA added CVE-2026-31431 to the KEV catalog with a mandatory federal patch deadline. If you run Linux servers, patch today or assume compromise.

critical

CVE AdvisoryVulnerability•May 2, 2026

CRITICAL: Google Patches CVSS 10 Gemini CLI Flaw That Turned CI Workspaces Into Free RCE

A maximum severity CVSS 10.0 flaw in Google Gemini CLI headless mode let any attacker who could drop a .gemini directory into a CI workspace execute code on the runner host. Tracked as GHSA-wpqr-6v78-jr5g, it is fixed in @google/gemini-cli 0.39.1 and 0.40.0-preview.3, plus run-gemini-cli action 0.1.22. Patch immediately and rotate any secrets reachable from affected pipelines.

critical

CVE AdvisoryVulnerability•May 1, 2026

CRITICAL: Google Gemini CLI Earns CVSS 10 By Trusting Every Folder It Touches

Google patched a CVSS 10.0 remote code execution flaw in the Gemini CLI that let attackers hijack CI/CD pipelines through malicious .gemini/ configurations in untrusted workspaces. The advisory ships under GHSA-wpqr-6v78-jr5g without a CVE assigned, and any organization running the run-gemini-cli GitHub Action without a pinned version was carrying the vulnerable code by default.

critical

CVE AdvisoryVulnerability•Apr 30, 2026

CRITICAL: GitHub Enterprise Server RCE via a Single Git Push (CVE-2026-3854)

Wiz researchers disclosed CVE-2026-3854 on April 28, a critical remote code execution flaw in GitHub Enterprise Server that turns a single authenticated git push into full server compromise. Roughly 88 percent of internet-exposed Enterprise Server instances were unpatched at disclosure. GitHub.com and Enterprise Cloud are already fixed, but self-hosted admins must upgrade to 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4, or 3.20.0.

high

CVE AdvisoryVulnerability•Apr 29, 2026

HIGH: Storm-1175 Chains ConnectWise ScreenConnect Bugs to Drop Medusa Ransomware (CVE-2024-1708)

CISA added the two-year-old ConnectWise ScreenConnect path traversal flaw CVE-2024-1708 to its Known Exploited Vulnerabilities catalog on April 28, 2026, after China-aligned Storm-1175 was caught chaining it with the SlashAndGrab auth bypass CVE-2024-1709 to deploy Medusa ransomware through compromised MSP infrastructure. Federal agencies have until May 12 to remediate.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

PreviousPage 2 of 4Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.