Search

bleepingcomputer.com › news › security

New Gogs zero-day flaw lets hackers get remote code execution

…However, even though it requires basic user privileges to exploit, Rapid7 senior security researcher Jonah Burges (who discovered the flaw) said the vulnerability affects all Gogs servers with default configurations. "Since Gogs…

May 28, 2026 · Sergiu Gatlan

Top stories

bleepingcomputer.com

Why the browser is now the front line for AI security

5d ago

bleepingcomputer.com

Microsoft fixes KB5089549 Windows security update install issues

6d ago

bleepingcomputer.com › news › security

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

…government agencies, the cybersecurity agency also urged all network defenders, including the private sector, to secure their networks against ongoing CVE-2026-28318 attacks as soon as possible. "This type of vulnerability…

Jun 5, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Cisco warns of critical Unified CM flaw with PoC exploit code

…The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root." Cisco's Product Security Incident Response Team (PSIRT) is aware of publicly available proof-of…

Jun 4, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Trend Micro warns of Apex One zero-day exploited in the wild

…Cybersecurity and Infrastructure Security Agency (CISA) also added CVE-2026-34926 to its list of actively exploited vulnerabilities and ordered federal agencies to patch their devices by June 4. "These types of…

May 22, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Microsoft warns of new Defender zero-days exploited in attacks

Microsoft warns of new Defender zero-days exploited in attacks By Sergiu Gatlan May 21, 2026 03:49 AM On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that…

May 21, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Exploit available for new DirtyDecrypt Linux root escalation flaw

…See poc.c for more details." While there is no official CVE ID associated with this security flaw, according to Will Dormann (principal vulnerability analyst at Tharros), the information from the security…

May 18, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Microsoft shares mitigation for YellowKey Windows zero-day

…aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices," Microsoft said…

May 20, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

New Fragnesia Linux flaw lets attackers gain root privileges

…However, Dirty Frag works by chaining two separate kernel flaws, the xfrm-ESP Page-Cache Write vulnerability ( CVE-2026-43284 ) and a RxRPC Page-Cache Write security issue ( CVE-2026-43500 ), to…

May 14, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Microsoft warns of Exchange zero-day flaw exploited in attacks

…Microsoft describes this security flaw (CVE-2026-42897) as a spoofing vulnerability affecting up-to-date Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE) software. While patches aren…

May 15, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › linux

Exploit released for new PinTheft Arch Linux root escalation flaw

…The vulnerability, named PinTheft by the V12 security team and still waiting to be assigned a CVE ID for easier tracking, exists in the Linux kernel's RDS (Reliable Datagram Sockets) and…

May 20, 2026 · Sergiu Gatlan