Cisco warns CVE-2026-20127 (CVSS 10.0) in SD-WAN is exploited since 2023 to gain admin access; CISA adds it to KEV and mandates urgent fixes.

APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.

High-severity CSS flaw let malicious webpages run code inside the sandbox Google has quietly pushed out an emergency Chrome fix after attackers were caught exploiting the browser's first reported zero ...

The IT security authority CISA warns of currently observed attacks on Roundcube webmail vulnerabilities. Admins should update.

Picture the scenario: you log into your vulnerability management dashboard on a Monday morning. The scan ran overnight, and the report lights up with a dozen new high-severity CVEs. One stands out ...

Security researchers disclose critical vulnerabilities in Anthropic’s Claude Code that allow remote code execution and credential theft.

The US cybersecurity agency CISA on Friday warned of two RoundCube Webmail vulnerabilities being exploited in the wild. Prevalent within government and enterprise networks, RoundCube Webmail is a ...

Aram Hovespyan, co-founder and CEO of security biz Codific, says that the rating systems for identifying security vulnerabilities and assessing threat risk need to be overhauled.… Having examined the ...

The Cybersecurity and Infrastructure Security Agency (CISA) is warning users of a privacy vulnerability under exploitation in the messaging application TeleMessage — the very same one used by Michael ...