A critical unauthenticated remote code execution vulnerability — tracked as **wp2shell** — was disclosed in WordPress core this week, affecting every site running WordPress 6.9 or 7.0. According to [T
CISA has added **CVE-2026-58644**, a critical remote code execution zero-day in Microsoft SharePoint Server, to its [Known Exploited Vulnerabilities (KEV) catalog](https://thehackernews.com/2026/07/ci
F5 has issued [out-of-band security patches for multiple NGINX vulnerabilities](https://www.bleepingcomputer.com/news/security/f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities/), inclu
The U.S. Cybersecurity and Infrastructure Security Agency has added a maximum-severity remote code execution flaw in the Widget Factory **Joomla Content Editor (JCE)** plugin to its [Known Exploited V
A maximum-severity vulnerability in Ivanti Sentry is being actively exploited in the wild, [according to BleepingComputer](https://www.bleepingcomputer.com/news/security/max-severity-ivanti-sentry-vul
CISA has added **CVE-2026-42271** in [BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog](https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html), confirming active e
Threat actors are actively exploiting [CVE-2026-3300](https://thehackernews.com/2026/06/hackers-exploit-critical-everest-forms.html), a critical remote code execution vulnerability in **Everest Forms
CISA has added **CVE-2026-45247** to its [Known Exploited Vulnerabilities (KEV) catalog](https://thehackernews.com/2026/06/cisa-adds-exploited-magento-rce-flaw.html), confirming active in-the-wild exp
Belgium's Centre for Cybersecurity (CCB) issued an emergency warning Friday: threat actors are **actively exploiting** a recently patched critical remote code execution vulnerability in Windows Netlog