Windows Netlogon CVE-2026-41089 Is Now Under Active Exploitation, Belgian CCB Warns

Belgium's national cybersecurity authority warned on May 29 that CVE-2026-41089, a critical pre-auth buffer-overflow RCE in Windows Netlogon, is now being exploited against unpatched domain controllers. Microsoft patched the flaw in its May 12 Patch Tuesday release.

Operation Dragon Weave Targets Czech Republic and Taiwan With AdaptixC2 Spear-Phishing

Seqrite Labs disclosed Operation Dragon Weave, a China-aligned cyber-espionage campaign delivering an AdaptixC2 agent against government, research, academic, technology, and financial-services targets in the Czech Republic and Taiwan via spear-phishing ZIPs.

WP Maps Pro Flaw CVE-2026-8732 Is Being Exploited to Mint Admin Accounts on 15,000 Sites

CVE-2026-8732, a CVSS 9.8 flaw in the WP Maps Pro WordPress plugin, lets any unauthenticated attacker mint an administrator account on 15,000 affected sites. Wordfence blocked 2,858 exploitation attempts in a single 24-hour window. Patch is in v6.1.1.

Gamaredon Hides a Fileless GammaWorm Inside NTFS Alternate Data Streams to Spy on Ukraine

Sekoia documented an FSB-linked Gamaredon campaign whose GammaWorm hides fileless VBScript modules inside NTFS Alternate Data Streams to spy on Ukrainian government, military, and critical-infrastructure targets while leaving almost no trace on disk.

codexui-android npm Package Is Quietly Stealing OpenAI Codex Tokens From 29,000 Weekly Users

The npm package codexui-android, a remote web UI for OpenAI Codex with 29,000 weekly downloads, has been exfiltrating users' Codex authentication tokens to an attacker server for the past month. The package is still live on npm.

Dashlane Locked User Accounts After a Brute-Force Attack on Its New-Device-Token Flow

Dashlane confirmed that an external party brute-forced the token check on its new-device-registration flow, and the company's automatic protections suspended targeted accounts. The lockout is the protection working — the news is what attackers went after.

HP Poly VVX and Trio VoIP Phones: CVE-2026-0826 Unauthenticated RCE Patched on Disclosure Day

Rapid7's Stephen Fewer disclosed CVE-2026-0826 on June 1 — an unauthenticated stack-based overflow in HP Poly VVX and Trio enterprise VoIP phones with a CVSSv4 of 9.2 — alongside HP firmware fixes released the same morning after a five-month coordinated disclosure cycle.

What Is an Exploit in Cybersecurity?

A clear guide to exploits — what they are, how they differ from vulnerabilities, how they work, the common types, and how to defend against them.

Microsoft Names 'Mini Shai-Hulud' Wave of 14 npm Typosquats Stealing Cloud and CI/CD Secrets

Microsoft Threat Intelligence has named a new npm supply-chain wave the Mini Shai-Hulud campaign. A single maintainer alias, vpmdhaj, published 14 typosquatted packages in four hours that harvest AWS, HashiCorp Vault, npm, and GitHub Actions secrets from CI/CD runners.

Dutch Politie and NCSC Dismantle Asocks Residential Proxy Botnet of 17 Million Devices

Dutch Politie and NCSC-NL took down 200 Netherlands-based servers running Asocks, a residential proxy service built from at least 17 million infected consumer devices. The takedown weakens the IP-reputation assumptions every defender relies on.

Common Types of Software Vulnerabilities

A clear guide to the common types of software vulnerabilities — from memory and injection flaws to broken authentication, access control, and misconfigurations.

Flowise RCE CVE-2026-40933 Has Public Exploit Code — One-Click Chatflow Import Owns Servers

Obsidian Security published proof-of-concept code on May 30, 2026 for CVE-2026-40933, a CVSS 10.0 remote code execution flaw in Flowise. A malicious chatflow import owns the server. Patch 3.1.0 contains the fix.