#vulnerabilities
13 stories taggedvulnerabilities.
DirtyClone: New Linux Kernel Flaw Hands Unprivileged Users the Root Keys
A page-cache manipulation bug related to DirtyFrag lets local, unprivileged attackers escalate to root — no credentials required beyond a shell.
CISA Flags Active Exploitation of Lantronix EDS5000 Code Injection Bug
CVE-2025-67038 carries a 9.8 CVSS. Federal agencies have until June 26, 2026 to patch — but if it's already being hit in the wild, that runway looks generous.
GitHub Tightens Security to Counter Pwn Request Attacks
GitHub introduces actions/checkout v7 to block insecure pull request workflows.
Microsoft's October Dump: 206 CVEs, Three Already Public
A record Patch Tuesday hauls in 39 Critical bugs and a trio of zero-days that were knocking around before the fix shipped.
Cisco SD-WAN Manager Bug Under Active Exploit, No Fix Yet
CVE-2026-20245 affects on-prem and FedRAMP deployments. Cisco confirms exploitation in the wild while customers wait on a patch.
Project Glasswing Expands: 150 More Companies Join AI Vulnerability Initiative
Anthropic's AI-driven bug-hunting project adds critical infrastructure partners, but the patching bottleneck looms.
CISA Adds Two-Year-Old Oracle WebLogic Flaw to KEV, Gives Feds Four Days to Patch
CVE-2024-21182 sat quietly at CVSS 7.3 for two years before threat actors noticed the unpatched stragglers. Now federal agencies have until Thursday.
Weekly Recap: Linux Privilege Flaw, PAN-OS Exploitation, and OAuth Phishing Surge
A patchy Monday across auth paths, repos, and dev tooling — with regulators watching the disclosure clock.
AI in Cyber Operations: From Scripts to Autonomous Systems
AI's role in cyber operations is not just about speed anymore. It's about scale and autonomy, reshaping offensive capabilities.
IBM and Red Hat Launch Project Lightwell to Tackle Open Source Vulnerabilities
With a $5 billion investment, Project Lightwell aims to expedite vulnerability remediation in open source software.
Notepad++ Flaws Allow Command Execution Via XML Files
Recent vulnerabilities in Notepad++ enable arbitrary code execution on Windows through XML manipulation.
Critical Argument Injection Zero-Day in Gogs Puts Self-Hosted Git Servers at Risk
A CVSS 9.4 flaw lets authenticated attackers execute arbitrary code through maliciously named pull-request branches — no patch is available.
CISA's KEV List Just Picked Up Langflow and Apex One — Both Already Being Hit
Two flaws, one AI workflow tool and one veteran endpoint suite, now carry a federal patch deadline because attackers got there first.