-
A critical security vulnerability tracked as CVE-2026-4387 has been disclosed in StrongDM, allowing attackers to steal and reuse authentication tokens to gain unauthorized access to infrastructure. The issue, discovered by SpecterOps researcher Hope Wa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TP-Link has disclosed a high-severity security flaw in its Archer BE450 and Archer BE7200 Wi‑Fi routers that could allow remote command execution once an attacker gains admin access. The vulnerability, tracked as CVE-2026-5509, is rated 8.5 (High) unde…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in a widely used Magento extension is exposing thousands of online stores to remote code execution (RCE) attacks. The vulnerability, tracked as CVE-2026-45247 and rated 9.8 on the CVSS scale, allows attackers to execut…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
pretalx XSS flaw lets attackers hijack conference organizer accounts, steal sessions, auto-accept talks, and demote admins. Patched in v2026.1.0.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed critical vulnerability in Plesk is raising serious security concerns after researchers confirmed that low-privileged users can execute arbitrary commands on affected servers. Tracked as CVE-2026-44962, the vulnerability affects Plesk …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Instagram is facing scrutiny after a critical vulnerability in its Meta AI-powered support system allegedly allowed attackers to take over user accounts by abusing the password recovery process. The tool, designed to help users regain access to locked …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s May 2026 Patch Tuesday release has taken a critical turn after security researchers confirmed that a high-risk Windows Netlogon vulnerability is now being actively exploited in the wild. Tracked as CVE-2026-41089, the vulnerability allows u…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released patch versions 19.0.1, 18.11.4, and 18.10.7 to fix seven security issues affecting GitLab CE and EE, including Duo AI workflow runner access control, a Wiki denial-of-service flaw, and several authorization bugs across GraphQL, Duo …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on affected servers. Tracked as CVE-2026-4480, the flaw carries a maximum CVSS score of 10.0, high…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenVPN has released a critical security update for its macOS client after researchers uncovered a vulnerability that could allow remote command execution on affected systems. The issue, tracked as CVE-2026-9560, impacts the privileged helper component…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
