Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
96 articles

#Security Updates

All CosmicBytez Labs articles tagged #Security Updates, across news, security advisories, how-to guides, and projects.

  • NewsJul 17, 2026

    CISA Orders Immediate Patching of Actively Exploited Fortinet FortiSandbox Flaws

    CISA added two critical Fortinet FortiSandbox OS command injection vulnerabilities to its KEV catalog and gave federal agencies just three days to patch, as active exploitation continues against the security appliance platform.

  • NewsJul 17, 2026

    New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

    A critical unauthenticated remote code execution vulnerability in WordPress core affects all 6.9 and 7.0 installations. WordPress force-pushed emergency patches (6.9.5 / 7.0.2) to sites via its auto-update system.

  • SecurityJul 14, 2026

    CVE-2026-13221: Perl Regex Trie Overflow Produces Silent Incorrect Matches

    A critical flaw in Perl through 5.43.9 causes regex alternations with more than 65,535 branches to silently produce incorrect matches, potentially bypassing security filters that rely on regex validation.

  • NewsJul 11, 2026

    Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

    A critical stored XSS vulnerability in Zimbra's Classic Web Client allows attackers to deliver specially crafted emails that execute arbitrary code within...

  • SecurityJul 9, 2026

    CVE-2026-35210: OpenCTI Authorization Bypass Allows Confidence Level and Object Marking Circumvention

    An authentication bypass vulnerability in OpenCTI prior to 7.260326.0 allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass...

  • NewsJul 8, 2026

    CISA Orders Feds to Prioritize Patching Langflow Auth Bypass Flaw

    CISA added CVE-2026-55255, a CVSS 9.9 IDOR authorization bypass in Langflow, to its Known Exploited Vulnerabilities catalog on July 7, ordering U.S....

  • SecurityJul 7, 2026

    CVE-2025-53827: ownCloud Updater Exposes Dangerous Method (CVSS 9.1)

    A critical vulnerability in ownCloud Core's Updater component exposes a dangerous method to administrators, enabling potential remote code execution on...

  • NewsJul 4, 2026

    New 'Bad Epoll' Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

    A use-after-free bug in the Linux kernel's epoll subsystem — CVE-2026-46242 — lets any local user escalate to root on Linux 6.4+ with ~99% reliability. A...

  • NewsJul 2, 2026

    Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.

    IBM and Red Hat announced Project Lightwell — a $5 billion commitment to secure open-source supply chains using Anthropic's Mythos AI model, which found...

  • NewsJul 2, 2026

    CISA: Microsoft SharePoint RCE Flaw Now Actively Exploited

    CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog, confirming active in-the-wild exploitation of a high-severity SharePoint...

  • NewsJun 28, 2026

    Linux Foundation Unveils New Open Source Security Project Akrites

    The Linux Foundation has launched Akrites, a new open source security initiative designed to give the community standardized tools and channels to report,...

  • NewsJun 27, 2026

    CISA Sets Urgent Deadline to Fix Cisco Flaw Actively Exploited in Attacks

    CISA has added a Cisco Unified Communications Manager Server vulnerability to its Known Exploited Vulnerabilities catalog and ordered federal agencies to...

  • SecurityJun 27, 2026

    CVE-2025-55017: Apache IoTDB Critical Path Traversal Vulnerability

    Critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.5. Users must upgrade...

  • SecurityJun 27, 2026

    CVE-2025-64152: Apache IoTDB Second Critical Path Traversal Flaw

    A second critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.6. Patch to 1.3.6 or...

  • NewsJun 25, 2026

    25-Year-Old Vulnerability Patched in Curl

    Curl 8.21.0 patches 18 vulnerabilities including a 25-year-old mTLS connection reuse flaw (CVE-2026-8932) that could allow authentication bypass. With...

  • NewsJun 23, 2026

    GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

    GitHub released actions/checkout v7 on June 18, 2026, adding default protections that refuse to fetch fork PR code inside pull_request_target workflows —...

  • NewsJun 22, 2026

    Microsoft Says Windows 11 26H2 Is Coming Soon, Details Upgrade Process

    Microsoft has confirmed Windows 11 version 26H2 as the next feature update, with devices running 24H2 and 25H2 able to upgrade via a lightweight...

  • NewsJun 22, 2026

    New Exploit Bypasses Apple's Boot Defenses, Affects Millions of iPhones

    The Usbliter8 exploit targets a hardware-level flaw in Apple A12 and A13 SecureROM boot chains that cannot be patched via software updates, leaving...

  • NewsJun 22, 2026

    A Record-Breaking Patch Tuesday for June 2026

    Microsoft's June 2026 Patch Tuesday addressed nearly 200 security vulnerabilities — the highest single-month patch count in the company's history —...

  • NewsJun 21, 2026

    In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

    This week's security roundup covers Apple's patch for a Beats headphones eavesdropping vulnerability, the DOT closing its investigation into Delta's...

  • NewsJun 21, 2026

    Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

    Security researchers at Paradigm Shift have published a working exploit called usbliter8 that achieves arbitrary code execution inside the SecureROM of...

  • NewsJun 19, 2026

    Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

    CVE-2026-20253, a critical unauthenticated remote code execution flaw in Splunk Enterprise, is being actively exploited in the wild just days after public...

  • NewsJun 18, 2026

    F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

    F5 has released emergency security updates for two critical vulnerabilities in NGINX Open Source, including a CVSS 9.2 use-after-free flaw in the HTTP/3...

  • NewsJun 18, 2026

    ShapedPlugin Update Flow Hacked to Infect WordPress Sites

    Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the...

  • NewsJun 17, 2026

    Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities

    Both Google and Mozilla have released urgent browser updates addressing multiple memory safety vulnerabilities, including critical-severity flaws that...

  • NewsJun 17, 2026

    CISA Orders Feds to Patch Max Severity Joomla Plugin Flaw by Friday

    CISA has issued an emergency directive ordering federal agencies to patch CVE-2026-48907, a maximum-severity improper access control flaw in the Widget...

  • NewsJun 13, 2026

    Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

    Splunk patches CVE-2026-20253, a CVSS 9.8 critical vulnerability enabling unauthenticated file operations and remote code execution in Splunk Enterprise.

  • NewsJun 12, 2026

    LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

    Security researchers have disclosed three now-patched vulnerabilities in LangGraph — including a critical chain that enables remote code execution on...

  • NewsJun 10, 2026

    Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

    A high-severity path traversal flaw (CVE-2026-5027, CVSS 8.8) in the AI application builder Langflow is being actively exploited with no patch available....

  • NewsJun 9, 2026

    New Veeam Vulnerability Exposes Backup Servers to RCE Attacks

    Veeam patched a critical CVE-2026-44963 flaw in Backup and Replication allowing remote code execution on domain-joined servers. CVSS 9.4 — patch immediately.

  • NewsJun 9, 2026

    Veeam Backup and Replication RCE Flaw Lets Domain Users Run Remote Code

    A critical CVE-2026-44963 flaw in Veeam Backup and Replication lets low-privilege domain users achieve remote code execution on backup servers. CVSS 9.4 —...

  • NewsJun 7, 2026

    CISA: Hackers Now Exploit SolarWinds Serv-U Flaw to Crash Servers

    CISA added a high-severity SolarWinds Serv-U flaw to its KEV catalog after confirming attackers are actively exploiting it to crash file transfer servers.

  • NewsJun 6, 2026

    Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

    Cisco has disclosed active exploitation of CVE-2026-20245, a high-severity vulnerability in Catalyst SD-WAN Manager with a CVSS score of 7.8. No patch is…

  • NewsJun 6, 2026

    OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

    OWASP has launched CVE Lite CLI, a free open-source command line tool that scans software projects in seconds to identify packages with known CVE…

  • NewsJun 3, 2026

    Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

    Redis has patched a use-after-free vulnerability in its blocking-client code that allows authenticated users to execute arbitrary OS commands on the database…

  • NewsJun 1, 2026

    Critical Windows Netlogon RCE Flaw Now Exploited in Attacks

    Belgium's national cybersecurity authority (CCB) has issued an urgent warning that threat actors are actively exploiting a recently patched critical Windows…

  • NewsMay 30, 2026

    Chrome 148 Update Patches 151 Vulnerabilities Including Critical RCE Flaws

    Google has released Chrome 148 with patches for 151 security vulnerabilities, including critical-severity flaws that could allow remote code execution....

  • SecurityMay 29, 2026

    CVE-2026-35676: phpMyFAQ Unauthenticated Password Reset Vulnerability

    phpMyFAQ before 4.1.3 contains a CVSS 8.2 flaw allowing unauthenticated attackers to reset any account password without token validation, enabling full...

  • NewsMay 28, 2026

    IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under "Project Lightwell"

    IBM and Red Hat unveil Project Lightwell, a $5B commitment to securing open-source supply chains by fixing vulnerabilities without breaking production.

  • NewsMay 27, 2026

    CISA Gives Feds 4 Days to Patch Actively Exploited cPanel Plugin Flaw

    CISA's emergency directive gives federal agencies four days to patch the actively exploited LiteSpeed cPanel plugin flaw being weaponized in the wild.

  • NewsMay 26, 2026

    Microsoft: Domain Controller Lookup May Fail on Windows

    Microsoft has confirmed a new known issue affecting Windows Server 2016 systems where domain controller lookups fail after installing the KB5087537 May 2026.

  • NewsMay 26, 2026

    Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across

    Microsoft has released updates fixing CVE-2026-45659, a CVSS 8.8 remote code execution vulnerability in SharePoint Server that requires no specialized.

  • NewsMay 23, 2026

    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

    CISA has added CVE-2026-9082, a SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities catalog following confirmed in-the-wild...

  • NewsMay 23, 2026

    Ubiquiti Patches Three Max-Severity UniFi OS Vulnerabilities

    Ubiquiti has released security updates fixing three CVSS 10.0 vulnerabilities in UniFi OS that allow unauthenticated remote attackers to fully compromise...

  • NewsMay 21, 2026

    Drupal Patches Highly Critical Vulnerability Exposing

    Drupal has released an urgent security update for CVE-2026-9082, a highly critical flaw that can be exploited without authentication to achieve...

  • NewsMay 21, 2026

    Socket Raises $60 Million at $1 Billion Valuation

    Supply chain security startup Socket has raised $60 million in a new funding round, valuing the company at $1 billion. The capital will expand Socket's...

  • NewsMay 18, 2026

    Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL

    A coordinated wave of critical security patches landed this week from Ivanti, Fortinet, SAP, VMware, and n8n. Topping the list is CVE-2026-8043 in Ivanti...

  • NewsMay 17, 2026

    Cisco Catalyst SD-WAN Controller Auth Bypass Actively

    Cisco has patched a maximum-severity authentication bypass flaw in its Catalyst SD-WAN Controller that has already been exploited in limited attacks....

  • NewsMay 16, 2026

    Microsoft Rejects Critical Azure Vulnerability Report, No

    A security researcher claims Microsoft silently patched an Azure Backup for AKS vulnerability after rejecting his disclosure report — issuing no CVE and...

  • NewsMay 16, 2026

    PoC Code Published for Critical NGINX Vulnerability

    A proof-of-concept exploit has been released for a critical-severity NGINX vulnerability that has existed in the rewrite module for nearly two decades....

  • NewsMay 15, 2026

    TanStack Supply Chain Attack Hits Two OpenAI Employee

    OpenAI has disclosed that two corporate employee devices were compromised via the Mini Shai-Hulud supply chain attack on the TanStack npm ecosystem,...

  • SecurityMay 15, 2026

    CVE-2026-42457: vCluster Platform Stored XSS via templateRef Name Field

    A stored cross-site scripting vulnerability in vCluster Platform allows attackers to inject and execute arbitrary JavaScript via the name field of a...

  • NewsMay 14, 2026

    OpenAI Asks macOS Users to Update After TanStack npm Supply

    OpenAI is urging macOS users to update their software following an expanding supply chain attack that compromised TanStack and additional npm and PyPI...

  • NewsMay 14, 2026

    ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI

    This week's threat roundup covers an actively exploited PAN-OS RCE granting root access, Anthropic's Mythos AI finding a cURL memory safety bug, AI...

  • NewsMay 13, 2026

    Microsoft May 2026 Patch Tuesday: 137 Flaws Fixed, Zero

    Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities including nine critical flaws — but for the first time in two years, not a single...

  • NewsMay 13, 2026

    Microsoft Patches 138 Vulnerabilities Including DNS and Netlogon RCE Flaws

    Microsoft's May 2026 Patch Tuesday addresses 138 security vulnerabilities across its product portfolio, including 30 rated Critical — with notable DNS...

  • NewsMay 13, 2026

    New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

    Exim has released security updates to patch a severe vulnerability affecting GnuTLS-compiled builds of the world's most widely deployed mail transfer...

  • NewsMay 12, 2026

    Fortinet Warns of Critical RCE Flaws in FortiSandbox and FortiAuthenticator

    Fortinet has released emergency security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to...

  • NewsMay 12, 2026

    SAP Fixes Critical Vulnerabilities in Commerce Cloud and S/4HANA

    SAP's May 2026 Security Patch Day addresses 15 vulnerabilities across multiple enterprise products, including two critical-severity flaws in Commerce...

  • SecurityMay 12, 2026

    CVE-2026-28872: Apple iOS & iPadOS Remote Denial-of-Service

    A CVSS 7.5 denial-of-service vulnerability in Apple iOS and iPadOS allows a remote attacker to exhaust device resources and crash the operating system...

  • NewsMay 10, 2026

    Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS

    The Apache Software Foundation has released urgent security updates for the Apache HTTP Server addressing a severe vulnerability in the HTTP/2 protocol...

  • NewsMay 9, 2026

    cPanel & WHM Release Fixes for Three New Vulnerabilities

    cPanel has released security updates addressing three vulnerabilities in cPanel and Web Host Manager (WHM), including flaws enabling privilege escalation,...

  • NewsApr 30, 2026

    Google Fixes CVSS 10 Gemini CLI RCE and Cursor Flaws Enable

    Google has patched a maximum severity vulnerability in its Gemini CLI npm package and GitHub Actions workflow that allowed unprivileged attackers to...

  • NewsApr 29, 2026

    cPanel & WHM Emergency Update Fixes Critical Auth Bypass Bug

    cPanel and WebHost Manager have released an emergency patch for a critical authentication bypass vulnerability that allows attackers to gain control panel...

  • NewsApr 29, 2026

    GitHub Fixes RCE Flaw That Gave Access to Millions of Private Repos

    GitHub has patched CVE-2026-3854, a critical remote code execution vulnerability exploitable via a single HTTP request that could have granted attackers...

  • NewsApr 28, 2026

    Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

    Cybersecurity researchers have disclosed CVE-2026-25874, a critical unauthenticated remote code execution vulnerability (CVSS 9.3) in Hugging Face's...

  • NewsApr 27, 2026

    Firefox Vulnerability Allows Tor User Fingerprinting Across

    A high-severity Firefox vulnerability (CVE-2026-6770) exploits the internal ordering of IndexedDB database names to generate a stable 44-bit fingerprint...

  • NewsApr 27, 2026

    Incomplete Windows Patch Opens Door to Zero-Click Attacks

    A Microsoft Windows vulnerability originally patched in a prior Patch Tuesday was incompletely remediated, leaving a residual attack surface that...

  • NewsApr 26, 2026

    Microsoft Now Lets Admins Uninstall Copilot on Enterprise

    Following the April 2026 Patch Tuesday, Microsoft has made broadly available a new MDM policy setting that enables IT administrators to fully uninstall...

  • NewsApr 26, 2026

    ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse

    This week's ThreatsDay Bulletin covers the $290M KelpDAO DeFi hack tied to Lazarus Group, new macOS living-off-the-land attack techniques, ProxySmart SIM...

  • NewsApr 24, 2026

    Windows Update Gets New Controls to Reduce Forced Restarts

    Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent...

  • NewsApr 20, 2026

    Microsoft Releases Emergency Updates to Fix Windows Server

    Microsoft released out-of-band updates to address critical issues affecting Windows Server systems that emerged after the installation of April 2026 Patch...

  • NewsApr 18, 2026

    Microsoft Teams Right-Click Paste Broken by Edge Update Bug

    Microsoft has acknowledged that a recent Microsoft Edge browser update introduced a regression that breaks right-click paste functionality in the...

  • NewsApr 17, 2026

    CISA Flags Apache ActiveMQ Flaw as Actively Exploited in Attacks

    CISA has added a high-severity Apache ActiveMQ vulnerability to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the...

  • NewsApr 17, 2026

    Google Blocks 8.3B Policy-Violating Ads in 2025, Launches

    Google removed over 8.3 billion policy-violating ads and suspended 24.9 million accounts in 2025, while simultaneously rolling out sweeping Android 17...

  • SecurityApr 10, 2026

    CVE-2026-34578: OPNsense LDAP Injection Enables Auth Bypass

    A high-severity LDAP injection vulnerability in OPNsense's authentication connector allows unauthenticated attackers to bypass login controls by injecting...

  • NewsApr 9, 2026

    Microsoft Suspends Dev Accounts for High-Profile Open

    Microsoft has suspended developer accounts used to maintain several prominent open-source projects without prior notice or a quick reinstatement path,...

  • SecurityApr 9, 2026

    CVE-2026-39860: Nix Symlink Attack Allows Root File

    A bypass of the CVE-2024-27297 patch in the Nix package manager allows attackers to follow symlinks during fixed-output derivation builds, enabling...

  • SecurityApr 7, 2026

    CVE-2026-35392: Critical Path Traversal in goshs Go HTTP

    A critical CVSS 9.8 path traversal vulnerability in goshs, a SimpleHTTPServer written in Go, allows unauthenticated attackers to write arbitrary files via...

  • NewsApr 5, 2026

    Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

    Fortinet has released emergency out-of-band patches for CVE-2026-35616, a critical pre-authentication API access bypass in FortiClient EMS that enables...

  • NewsApr 5, 2026

    New FortiClient EMS Flaw Exploited in Attacks, Emergency

    Fortinet has released an emergency weekend security update for CVE-2026-35616, a critical pre-authentication API access bypass in FortiClient EMS that is...

  • SecurityApr 3, 2026

    CVE-2026-33615: Critical Unauthenticated SQL Injection in setinfo Endpoint

    A critical unauthenticated SQL injection vulnerability (CVSS 9.1) in the setinfo endpoint allows remote attackers to corrupt data and cause denial of...

  • NewsApr 2, 2026

    Cisco Patches Critical and High-Severity Vulnerabilities

    Cisco has released security advisories addressing a batch of critical and high-severity vulnerabilities across multiple products, covering flaws that...

  • NewsApr 1, 2026

    Apple Expands iOS 18 Updates to More iPhones to Block

    Apple has extended security update eligibility to additional iPhone models still running iOS 18, enabling more devices to receive protections against the...

  • NewsMar 31, 2026

    CISA Orders Feds to Patch Actively Exploited Citrix Flaw by Thursday

    CISA has issued a mandatory patching directive ordering all U.S. federal agencies to apply Citrix NetScaler security updates by Thursday, March 5, 2026,...

  • NewsMar 28, 2026

    Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

    A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...

  • SecurityMar 28, 2026

    CVE-2026-33875: Gematik Authenticator Authentication Flow

    A critical vulnerability in Gematik Authenticator prior to version 4.16.0 allows attackers to hijack authentication sessions via malicious deep links,...

  • NewsMar 18, 2026

    Critical Unpatched GNU Telnetd Flaw (CVE-2026-32746)

    Researchers have disclosed a critical unauthenticated remote code execution vulnerability in the GNU InetUtils telnet daemon (telnetd). CVE-2026-32746...

  • NewsMar 15, 2026

    Windows 11 February Update Breaks C:\ Drive Access on Samsung PCs

    Microsoft is investigating a new bug affecting Samsung laptops after the February 2026 security update — some users are unable to access their C: drive...

  • NewsMar 14, 2026

    Microsoft Releases Windows 11 OOB Hotpatch to Fix Three

    Microsoft has pushed an out-of-band hotpatch (KB5084597) to Windows 11 Enterprise devices to address three integer-overflow RCE flaws in RRAS, one rated...

  • NewsMar 13, 2026

    Veeam Patches Five Critical RCE Vulnerabilities Exposing

    Veeam Software has released a critical security update for Backup & Replication, patching five remote code execution vulnerabilities with CVSS scores...

  • NewsMar 12, 2026

    CISA Orders Federal Agencies to Patch n8n RCE Flaw

    CISA mandated all federal civilian agencies patch CVE-2025-68613, a CVSS 9.9 remote code execution flaw in the n8n workflow automation platform, after...

  • NewsMar 12, 2026

    Researchers Disclose Critical n8n Flaws Enabling RCE and Credential Theft

    Security researchers have published details of two newly patched critical vulnerabilities in n8n — CVE-2026-27577 (CVSS 9.4), an expression sandbox escape...

  • SecurityMar 8, 2026

    CVE-2026-29067: ZITADEL Password Reset Poisoned by Host Header Injection

    A high-severity host header injection vulnerability in ZITADEL's login V2 password reset flow allows attackers to redirect reset links to...

  • SecurityMar 8, 2026

    CVE-2026-29192: ZITADEL Stored XSS via Default Redirect URI

    A stored cross-site scripting vulnerability in ZITADEL's login V2 interface allows organization administrators to inject malicious JavaScript via a...

  • NewsFeb 8, 2026

    Tirith: New Open-Source Tool Blocks Homoglyph Attacks

    A new cross-platform tool called Tirith hooks into terminal shells to detect and block Unicode homoglyph attacks, pipe-to-shell exploits, and supply chain...