Search: Security and exploits

Ivanti: Max severity Sentry flaw allows code execution as root

…The second Sentry security flaw patched on Tuesday (tracked as CVE-2026-10523 ) is a critical authentication bypass that can be exploited remotely by unauthenticated attackers to create rogue administrative accounts and…

Jun 10, 2026 · Sergiu Gatlan

Max severity Cisco Secure Workload flaw gives Site Admin privileges

…Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2026-20182 flaw to its Known Exploited Vulnerabilities Catalog on May 14 and ordered federal agencies to secure affected devices within three days…

May 21, 2026 · Sergiu Gatlan

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

…Hackers now exploit SolarWinds Serv-U flaw to crash servers By Sergiu Gatlan June 5, 2026 03:15 PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today that hackers…

Jun 5, 2026 · Sergiu Gatlan

Drupal critical update to fix bug with high exploitation risk

…day exploit for web admin tool cPanel, WHM emergency update fixes critical auth bypass bug Critical cPanel and WHM bug exploited as a zero-day, PoC now available Drupal Exploit Security Advisory…

May 20, 2026 · Bill Toulas

Palo Alto Networks firewall zero-day exploited for nearly a month

…Cybersecurity and Infrastructure Security Agency (CISA) also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable…

May 7, 2026 · Sergiu Gatlan

Exploit available for new DirtyDecrypt Linux root escalation flaw

…The Cybersecurity and Infrastructure Security Agency (CISA) added Copy Fail to its list of flaws exploited in attacks on May 1 and ordered federal agencies to secure their Linux devices within two…

May 18, 2026 · Sergiu Gatlan

Exploit released for new PinTheft Arch Linux root escalation flaw

…The Cybersecurity and Infrastructure Security Agency (CISA) has added Copy Fail to its list of flaws exploited in attacks on May 1 and ordered government agencies to secure their Linux systems within…

May 20, 2026 · Sergiu Gatlan

CISA tells govt agencies to patch critical exploited flaws in 3 days

CISA tells govt agencies to patch critical exploited flaws in 3 days By Bill Toulas June 11, 2026 08:46 AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a…

Jun 11, 2026 · Bill Toulas

Trend Micro warns of Apex One zero-day exploited in the wild

…Cybersecurity and Infrastructure Security Agency (CISA) also added CVE-2026-34926 to its list of actively exploited vulnerabilities and ordered federal agencies to patch their devices by June 4. "These types of…

May 22, 2026 · Sergiu Gatlan

Ivanti warns of new EPMM flaw exploited in zero-day attacks

…Cybersecurity and Infrastructure Security Agency (CISA) gave U.S. government agencies 4 days to secure their systems against CVE-2026-1340 attacks. Multiple other Ivanti EPMM zero-days have been exploited in…