CISA added [CVE-2026-45659](https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html) to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday — a high-severity remote co
A vulnerability in **Cisco Unified Communications Manager (UCM)** is being actively exploited in the wild, and CISA has issued an emergency directive giving federal agencies until **this Sunday** to a
A researcher operating under the handle **Nightmare Eclipse** has published proof-of-concept (PoC) exploit code for one or more unpatched Microsoft zero-day vulnerabilities, touching off a public disp
The breach of 3,800 GitHub internal repositories didn't start with a phishing email or a brute-forced credential — it started with a VS Code extension, making this a case study in how deeply supply-ch
This week's most uncomfortable disclosure didn't come from a nation-state campaign or a ransomware gang — it came from an 18-year-old bug sitting quietly inside software running a third of the interne
This week's alerts share an uncomfortable common thread: local privilege escalation has become so routine that three separate Linux kernel LPE bugs surfaced within a fortnight, Windows shipped with a
This week's most consequential incidents share a structural pattern that should make every security team uncomfortable: the infrastructure defenders rely on to establish trust — code-signing authoriti