Zoom has released an emergency patch for [CVE-2026-53412](https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html), a critical vulnerability scoring **9.8 on the CVSS scale** af
Microsoft has shipped a security update for **CVE-2026-50656**, a privilege escalation flaw in the Microsoft Malware Protection Engine — the core component behind Windows Defender — [publicly named Ro
Researchers at Nebula Security have disclosed [GhostLock (CVE-2026-43499)](https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html), a privilege-escalation vulnerability that ha
If you run Gitea via Docker, stop reading after the next sentence and go check your version: threat actors are actively probing for [CVE-2026-20896](https://thehackernews.com/2026/07/threat-actors-pro
A 16-year-old use-after-free vulnerability in the Linux KVM hypervisor has been publicly disclosed — and a proof-of-concept exploit has already landed on GitHub. Tracked as [CVE-2026-53359](https://th
Attackers are actively exploiting a maximum-severity (CVSS 10.0) vulnerability in Adobe ColdFusion, tracked as [CVE-2026-48282](https://www.bleepingcomputer.com/news/security/max-severity-adobe-coldfu
Security firm runZero has [disclosed seven vulnerabilities](https://thehackernews.com/2026/07/unpatched-flaws-disclosed-in-filesystem.html) in **FatFs**, a compact open-source filesystem library used
Security researchers have disclosed **CVE-2026-46242**, nicknamed "Bad Epoll" — a local privilege escalation (LPE) flaw in the Linux kernel's `epoll` subsystem. The vulnerability allows any unprivileg
A critical authentication vulnerability in Oracle E-Business Suite is being actively exploited in the wild, security researchers at Defused Cyber [have confirmed](https://thehackernews.com/2026/06/ora
Threat intelligence firm Defused has confirmed that attackers are actively exploiting **CVE-2026-46817**, a critical vulnerability in Oracle E-Business Suite (EBS). Active exploitation means this has
A public proof-of-concept exploit has dropped for [CVE-2026-55200](https://thehackernews.com/2026/06/public-poc-released-for-critical.html), a critical memory-corruption vulnerability in libssh2. The
A public, working exploit for **CVE-2026-46331** — nicknamed "pedit COW" — is already in the wild. Any local unprivileged user on a vulnerable Linux system can use it to gain root. If you run Linux se
A Linux kernel privilege escalation flaw tracked as **CVE-2026-43503** (CVSS 8.8) — dubbed **DirtyClone** — now has a fully working public exploit as of June 25. This is an immediate patching emergenc
Attackers are actively exploiting **CVE-2026-5027**, a high-severity path traversal flaw in [Langflow](https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-ex
Security researchers have published a [detailed, working exploit](https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html) for **CVE-2026-23111**, a use-after-free vulnerability
Cisco has confirmed that [CVE-2026-20245](https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html), a high-severity flaw in Catalyst SD-WAN Manager, is under active exploitation
Attackers are actively exploiting a critical privilege escalation vulnerability in the Kirki Customizer Framework plugin for WordPress, using it to silently promote themselves to administrator on any
Russia-linked **Gamaredon** (also tracked as Armageddon, Shuckworm, UAC-0010) is [actively weaponizing CVE-2025-8088](https://thehackernews.com/2026/06/gamaredon-exploits-winrar-to-deliver.html), a pa
Palo Alto Networks has confirmed that attackers are actively exploiting [CVE-2026-0257](https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-att
**A confirmed authentication bypass in Palo Alto Networks PAN-OS and Prisma Access is actively being exploited in the wild.** If GlobalProtect is your VPN gateway, patching is not optional — it is ove