CVE-2026-0257: GlobalProtect VPN Auth Bypass Is Being Exploited Now
CVE-2026-0257 is under active exploitation. CISA added it to the KEV catalog. If you run GlobalProtect with authentication override cookies, check your config ...
CVE-2026-41089: Windows Netlogon Zero-Click RCE Is Being Exploited Now
CVE-2026-41089 is a CVSS 9.8 zero-click RCE in Windows Netlogon, actively exploited since May 13. ...
CVE-2026-48501: GitHub CLI Leaks Auth Token — Patch to 2.93.0 Now
GitHub CLI CVE-2026-48501 sends your auth token to non-GitHub servers during gh attestation and gh ...
CVE-2025-48595: Android Zero-Day Exploited — Act Now
Google's June 2026 Android patch fixes CVE-2025-48595, an actively exploited Framework zero-day. CISA deadline: June ...
CVE-2026-44338: PraisonAI Auth Bypass Exploited in 4 Hours
PraisonAI CVE-2026-44338 ships authentication disabled by default. Versions 2.5.6-4.6.33 are vulnerable. Here is what attackers ...
Google Catches First AI-Built Zero-Day: Act Now
Google's Threat Intelligence Group caught the first confirmed AI-generated zero-day exploit in the wild — a 2FA bypass built by a cybercrime group. ...
Sound Blaster Speaker Hack: No Patch, No Pairing Needed
A researcher turned the Creative Sound Blaster Katana V2X into a remote keystroke injector via ...
Microsoft MXC SDK: Sandbox Your AI Agents on Windows
Microsoft's MXC SDK lets you sandbox AI agents at the OS level with a JSON ...
AI Coding Agent Vulnerabilities: TrustFall and SymJack Explained
TrustFall and SymJack expose a systemic RCE flaw in Claude Code, Cursor, and GitHub Copilot. ...
Let’s Encrypt Commits to Post-Quantum HTTPS: Act Now
Let’s Encrypt commits to Merkle Tree Certificates for post-quantum HTTPS — and there’s a server ...