Search

bleepingcomputer.com › news › security

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

…government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. Unauthenticated remote attackers can exploit…

Jun 9, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Microsoft warns of new Defender zero-days exploited in attacks

Microsoft warns of new Defender zero-days exploited in attacks By Sergiu Gatlan May 21, 2026 03:49 AM On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that…

May 21, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

New Veeam vulnerability exposes backup servers to RCE attacks

…has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. The vulnerability (tracked as CVE…

Jun 9, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Exploit available for new DirtyDecrypt Linux root escalation flaw

…attackers are now actively exploiting the Copy Fail vulnerability in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) added Copy Fail to its list of flaws exploited in attacks on May…

May 18, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › linux

Exploit released for new PinTheft Arch Linux root escalation flaw

…Over the weekend, security researchers released PoC exploits targeting another recently patched Linux LPE (tracked as DirtyDecrypt and DirtyCBC ), which belongs to the same vulnerability class as several other root-escalation flaws…

May 20, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Ivanti warns of new EPMM flaw exploited in zero-day attacks

…today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. The security flaw (tracked as CVE-2026-6973) stems from an Improper…

May 7, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

New Gogs zero-day flaw lets hackers get remote code execution

…On January 12, CISA confirmed Wiz's report that the CVE-2025-8110 was under active exploitation and added the security flaw to its catalog of vulnerabilities exploited in the wild, ordering…

May 28, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Microsoft warns of Exchange zero-day flaw exploited in attacks

…Over the last 5 years, CISA has added 19 Microsoft Exchange Server vulnerabilities to its list of actively exploited security flaws, 14 of which were also abused in ransomware attacks. The Validation…

May 15, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Palo Alto Networks firewall zero-day exploited for nearly a month

…Cybersecurity and Infrastructure Security Agency (CISA) also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable…

May 7, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Drupal critical update to fix bug with high exploitation risk

…exploit for web admin tool cPanel, WHM emergency update fixes critical auth bypass bug Critical cPanel and WHM bug exploited as a zero-day, PoC now available Drupal Exploit Security Advisory Vulnerability…

May 20, 2026 · Bill Toulas