-
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local …
-
To gain root access at this company, all an intruder had to do was ask nicely
Welcome once again to PWNED, the column where we help you prepare for security success by studying others’ embarrassing failures. …
-
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw …
-
AI models are getting better at replacing cybersecurity pros on certain tasks
The UK AI Security Institute (AISI) has found that frontier models are quickly becoming more efficient when asked to do some cybersecurity …
-
LifeHack review – old-school heist updated for the meme age
his debut feature from Irish web-and-zeitgeist-surfer Ronan Corrigan continues its producer Timur Bekmambetov’s interest in fashioning …
-
Vector embedding security gap exposes enterprise AI pipelines
Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing …
-
Over 70% of organizations hit by identity breaches
Attackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to …
-
Closing the AI governance gap in your enterprise
In this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every …
-
Machine identities outnumber humans 109 to 1
Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those …
-
Cisco to fire 4,000 staff and generously give them free training – on Cisco
Cisco will make around five percent of staff redundant and has generously offered them free Cisco training for a year once they’re gone. …
-
TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack
A TeamPCP-linked forum account claims to be selling internal Mistral AI repositories. The post advertises roughly 5GB of files linked to AI …
-
CVE-2026-8280 – GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before …
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before …
●●●
NVD
- CVE-2026-46445 – SOGo before 5.12.7, when PostgreSQL is used, allows SQL …
- CVE-2026-41281 – Android App “あんしんフィルター for au” provided by KDDI CORPORATION contains …
- CVE-2026-44919 – In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop …
- CVE-2026-46419 – Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly …
- CVE-2026-8280 – GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before …
EXPLOITS
- Ninja Forms Uploads – Unauthenticated PHP File Upload
- glances 4.5.2 – command injection
- Flowise < 3.0.5 - Missing Authentication for Critical Function
- coreruleset 4.21.0 – Firewall Bypass
- NocoBase 2.0.27 – VM Sandbox Escape
SECURELIST
- State of ransomware in 2026
- CVE-2025-68670: discovering an RCE vulnerability in xrdp
- Exploits and vulnerabilities in Q1 2026
- OceanLotus suspected of using PyPI to deliver ZiChatBot malware
- Websites with an undefined trust level: avoiding the trap