Search: security threats & exploits

Palo Alto Networks firewall zero-day exploited for nearly a month

… Cybersecurity and Infrastructure Security Agency CISA also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities KEV Catalog and ordered Federal Civilian Executive Branch FCEB agencies to secure vulnerable firewalls by Saturday midnight, May 9. …

May 7, 2026 · Sergiu Gatlan

KnowledgeDeliver flaw exploited as a zero-day to install web shells

… The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger and Softpedia. …

May 26, 2026 · Ionut Ilascu

Microsoft warns of new Defender zero-days exploited in attacks

… For example, type "Security" in the Search bar, then select the Windows Security program. …

May 21, 2026 · Sergiu Gatlan

Trend Micro warns of Apex One zero-day exploited in the wild

… Apex One is Trend Micro's enterprise-grade endpoint security platform that protects corporate networks from a wide range of security threats, including malware, ransomware, fileless attacks, and web-based threats. …

May 22, 2026 · Sergiu Gatlan

Drupal critical update to fix bug with high exploitation risk

Drupal critical update to fix bug with high exploitation risk By Bill Toulas May 20, 2026 08:52 AM Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. …

May 20, 2026 · Bill Toulas

Ubiquiti patches three max severity UniFi OS vulnerabilities

… Cybersecurity and Infrastructure Security Agency CISA also added a critical command injection flaw CVE-2010-5330 in Ubiquiti AirOS to its catalog of actively exploited vulnerabilities and ordered federal agencies to secure their devices within three weeks. …

May 22, 2026 · Sergiu Gatlan

Microsoft warns of Exchange zero-day flaw exploited in attacks

… In October, weeks after Exchange 2016 and 2019 reached the end of support , the Cybersecurity and Infrastructure Security Agency CISA and the National Security Agency NSA released guidance to help IT admins harden Microsoft Exchange servers against attacks. …

May 15, 2026 · Sergiu Gatlan

Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation

… With his broad experience in security research, both in academia and industry, James has spent the past decade analyzing cyber threats to identify attack vectors and trends in the evolving security landscape. …

May 19, 2026

Exploit released for new PinTheft Arch Linux root escalation flaw

… Over the weekend, security researchers released PoC exploits targeting another recently patched Linux LPE tracked as DirtyDecrypt and DirtyCBC , which belongs to the same vulnerability class as several other root-escalation flaws, including Dirty Frag , Fragnesia , and Copy Fail . …

May 20, 2026 · Sergiu Gatlan