Latest news
Fresh reporting on active vulnerabilities, security patches, incident response, and threat research for defenders.
Intel issued microcode mitigations for CVE-2024-45332, a Branch Privilege Injection flaw that can bypass Spectre v2 hardware defenses and leak privileged memory from affected systems.
SAP patched CVE-2025-42999, a critical NetWeaver Visual Composer deserialization flaw linked to chained attacks that followed exploitation of CVE-2025-31324.
The Mini Shai-Hulud campaign compromised more than 170 reported npm and PyPI packages, exposing how trusted publishing and provenance can still be abused when CI/CD environments are compromised.
CVE-2026-42945 is now tracked as a heap-based buffer overflow in NGINX's rewrite module, affecting NGINX Open Source and NGINX Plus under specific rewrite-rule conditions.
Microsoft has disclosed CVE-2026-42897, a high-severity Exchange Server Outlook Web Access vulnerability affecting on-premises deployments, with mitigation available while a permanent fix is pending.
Cisco patched CVE-2026-20182, a critical Catalyst SD-WAN Controller and Manager zero-day that can let remote attackers bypass authentication and manipulate SD-WAN fabric configuration.