Search

bleepingcomputer.com › news › security

Max-severity flaw in ChromaDB for AI apps allows server hijacking

Max-severity flaw in ChromaDB for AI apps allows server hijacking By Bill Toulas May 19, 2026 06:25 PM A max-severity vulnerability in the latest Python FastAPI version of the…

May 19, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

XBOW tests Anthropic's Mythos Preview for offensive security

1d ago

bleepingcomputer.com

Microsoft releases Windows 10 KB5094127 extended security update

1d ago

bleepingcomputer.com

ServiceNow discloses security incident exposing customer data

1d ago

bleepingcomputer.com

Reducing security operations complexity with Wazuh Cloud

2d ago

bleepingcomputer.com › news › microsoft

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges By Lawrence Abrams June 9, 2026 07:11 PM A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just…

Jun 9, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

New critical Exim mailer flaw allows remote code execution

…vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. Identified as CVE-2026-45185 , the security issue…

May 13, 2026 · Bill Toulas

bleepingcomputer.com › news › security

KnowledgeDeliver flaw exploited as a zero-day to install web shells

…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…

May 26, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

WP Maps Pro bug exploited to create admin accounts on WordPress sites

…The vulnerability, tracked as CVE-2026-8732, has a critical severity rating and impacts WP Maps Pro versions 6.1.0 and older. It was discovered and reported by security researcher David…

May 31, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Critical Everest Forms Pro flaw exploited to take over WordPress sites

…are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. The security issue affects versions 1.9…

Jun 6, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Critical UniFi OS bug lets hackers gain root without authentication

…Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. The security issues are tracked as CVE-2026-34908…

Jun 8, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Hackers bypass SonicWall VPN MFA due to incomplete patching

…SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP…

May 20, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

…Cisco vulnerabilities as abused in the wild, four of them in Cisco Catalyst SD-WAN Manager and six others exploited by ransomware operations. Test every layer before attackers do Security teams log…

Jun 5, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

VS Code zero-day lets hackers steal GitHub tokens in one click

…Gatlan June 3, 2026 02:50 AM A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens…

Jun 3, 2026 · Sergiu Gatlan