Vulnerability Management

Minimalist white line art on hot magenta: an hourglass with sand draining beside two padlocks linked by a chain, with '72 HOURS' floating above.

Vulnerabilities

Ivanti EPMM Has a Third Zero-Day This Year — and CISA Just Gave Federal Agencies Three Days to Patch

Ivanti disclosed CVE-2026-6973 on May 7 — a CVSS 7.2 EPMM flaw under active exploitation. CISA gave federal agencies just three days to patch (May 10 deadline). It's the third EPMM zero-day of 2026, and Ivanti hints attackers are using credentials stolen during January's campaign. On

07 May 2026

Minimalist white line art on deep purple: a person at a laptop with two speech bubbles merging into a dotted cloud that extends as a dotted line toward a SCADA red panel button.

Vulnerabilities

Palo Alto Firewall Zero-Day Has Been Exploited Since April 9. Patches Don't Land Until May 13.

Palo Alto Networks disclosed CVE-2026-0300 on May 5, 2026 — a CVSS 9.3 buffer overflow zero-day in PAN-OS that lets unauthenticated attackers execute code as root on internet-exposed PA-Series and VM-Series firewalls. Unit 42 has tracked exploitation by a likely state-sponsored cluster (CL-STA-1132) since April 9. CISA added the CVE

07 May 2026

Minimalist white line art on olive green showing a server rack with two file folders escaping through a broken padlock, joined to two linked hexagon icons above, marked with a red accent dot.

Vulnerabilities

Patch MOVEit Now Before It Becomes 2023 All Over Again

A 9.8 unauthenticated authentication bypass and a 7.7 privilege escalation flaw in MOVEit Automation chain to full administrative control. Patch this week. Upgrading via the full installer is the only fix — there is no workaround. The product family is the same one Cl0p exploited to breach 2,100

05 May 2026

Minimalist white line art on cobalt blue showing a shield containing a certificate-ribbon icon mistakenly marked with a red X, alongside a circular restoration arrow.

Vulnerabilities

Defender Quarantined DigiCert Roots Worldwide — Here's the Fix

A Defender signature update flagged DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha and quarantined them worldwide. Microsoft fixed it in 1.449.430.0. The underlying DigiCert breach is the bigger story.

04 May 2026

Minimalist vector on solid brown: A white video camera icon with a red "hacker" skull overlaid, representing collaboration software exploitation.

Vulnerabilities

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

A pro-Ukrainian hacktivist group called PhantomCore has been exploiting three TrueConf video conferencing flaws (BDU-2025-10114, 10115, 10116) since September 2025 to breach Russian networks. By chaining these vulnerabilities, the group bypasses authentication and executes arbitrary OS commands, turning video conferencing servers into springboards for lateral movement and data harvesting. ST.

28 Apr 2026

A white key icon with a red warning triangle inside the handle.

Vulnerabilities

Microsoft Patches Critical Entra ID Role Flaw That Enabled Service-Principal Takeover

Microsoft has patched a serious Entra ID (Azure AD) misconfiguration that exposed an “agent-only” role for Microsoft Graph PowerShell that was not properly restricted to Microsoft’s own internal agents. Attackers who obtained secrets for a service-principal-linked app registration could exploit this role to escalate privileges and pivot to long-term

28 Apr 2026

A broken link in a chain with a white "bug" icon emerging from the gap.

Supply Chain Attack

Checkmarx Attack Weaponizes KICS and Bitwarden CLI

Malicious Docker images and VS Code extensions steal IaC secrets; Bitwarden npm trusted publishing abused in a sophisticated DevSecOps attack chain. TEL AVIV, IL — In a cascading security failure that strikes at the heart of modern DevSecOps, the prominent security vendor Checkmarx has confirmed a multi-stage supply chain compromise affecting

24 Apr 2026

A white cloud folder icon with neon purple binary code leaking on a charcoal background.

Vulnerability Management

"Public by Intent": Lovable AI Faces Scrutiny Over Massive Project Exposure

A reported Broken Object Level Authorization (BOLA) flaw on the Lovable AI platform allegedly exposed thousands of private coding projects, prompts, and credentials, sparking a debate over "vibe coding" security standards. Stockholm, Sweden — Lovable, the rapidly growing AI "app builder" platform, has found itself at the

22 Apr 2026

A white Firefox silhouette with a neon purple digital repair mesh on an orange background.

Application Security

The Mythos Breakthrough: Anthropic AI Uncovers 271 Security Flaws in Firefox 150

In a landmark moment for automated defense, Mozilla has patched 271 vulnerabilities in the latest version of Firefox — all identified by Anthropic’s specialized security model, Mythos. Mountain View, CA — Mozilla has released Firefox 150, an update that may represent the single largest leap in automated browser hardening to date.

22 Apr 2026

Artificial Intelligence (AI)

The $2,283 Shell: Claude Opus Weaponizes Chrome V8 in Milestone Experiment

By leveraging Anthropic’s Claude Opus 4.6, a security researcher has successfully developed a working Chrome exploit for roughly $2,300 — demonstrating that the cost of weaponizing known vulnerabilities is plummeting toward commodity pricing. ABINGDON, UK — A watershed moment in the intersection of AI and offensive security was confirmed

20 Apr 2026

A Windows server rack in an infinite reboot loop being fixed by a purple wrench.

Microsoft Ecosystem

Microsoft Issues Emergency "Fix for the Fix" to Halt Windows Server Reboot Loops

An out-of-band update arrives days after the April Patch Tuesday release triggered critical LSASS crashes and BitLocker recovery prompts across enterprise domain controllers. REDMOND, WA — Microsoft has released a series of emergency out-of-band (OOB) updates to address a cascade of failures introduced by its April 2026 "Patch Tuesday"

20 Apr 2026

A nested monitor setup with a purple phantom silhouette evading a security eye icon.

Enterprise Infrastructure

The Ghost in the Hypervisor: Ransomware Operators Pivot to QEMU for Stealth Execution

By wrapping malicious payloads inside legitimate QEMU virtual machines, threat actors are effectively blinding EDR and AV solutions, turning an open-source emulator into a potent defense evasion tool. ABINGDON, UK — A sophisticated shift in ransomware delivery has been identified by security researchers at Sophos and BleepingComputer. Threat actors are increasingly

20 Apr 2026

See all