-
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injecti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has released a comprehensive cyber defense roadmap titled “Cybersecurity in the Intelligence Age” to responsibly equip defenders with AI-powered security tools faster than malicious actors can adapt. Spearheaded by Sasha Baker in Apr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them ful…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could al…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious feature…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-421…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have disclosed a critical zero-day vulnerability in the Linux kernel dubbed “Copy Fail” (CVE-2026-31431), which allows unprivileged local users to gain root access. Using a tiny 732-byte Python script, attackers can exp…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
