CVE-2026-45657: Patch the Wormable Windows Kernel RCE Now
CVE-2026-45657 is a wormable CVSS 9.8 Windows Kernel RCE in the TCP/IP stack. Patches are live. Here are the KB numbers and exact ...
CVE-2026-47291: Patch the HTTP.sys RCE Before It Worms Your Windows Servers
CVE-2026-47291 is a CVSS 9.8 HTTP.sys integer overflow flagged Exploitation More Likely by Microsoft. Check ...
RoguePlanet CVE-2026-47281: Patch Windows Defender Now
RoguePlanet (CVE-2026-47281, CVSS 9.6) exploits a Defender race condition to grant SYSTEM access on patched ...
Langflow CVE-2026-5027: Patch This Actively Exploited AI Dev Tool Now
Langflow has an actively exploited path traversal vulnerability (CVE-2026-5027) with no auth required. 7,000 instances ...
AUR Malware Hits 408 Packages with eBPF Rootkit—Act Now
On June 11, 408 AUR packages were backdoored with an eBPF rootkit that steals SSH ...
Solana FakeFix: 25 Malicious npm and PyPI Packages Steal Wallet Keys
25 malicious npm and PyPI packages target Solana developers in the FakeFix campaign — stealing wallet keys, AWS credentials, and .env files at ...
HTTP/2 Bomb CVE-2026-49160: Patch Your Servers Now
OpenAI Codex discovered the HTTP/2 Bomb — CVE-2026-49160 and CVE-2026-49975 hit nginx, Apache, IIS, and ...
runC Container Escape: Patch CVE-2025-52565 and CVE-2025-52881 Now
Three critical runC vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) enable container escape to host root. Every Docker ...
Pokémon Go’s 30B Scans Now Power Military Drones
Pokémon Go players' 30 billion scans quietly trained military drone navigation AI. The sublicensable ToS ...
Miasma Worm Hit 73 Microsoft GitHub Repos — What AI Developers Must Do Now
On June 5, a single malicious commit hit one of Microsoft’s GitHub repositories. Within 105 ...