Security advisories, patches, and warnings
Alerts
Palo Alto Networks Unit 42 has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability in the portal and gateway components of PAN-OS that allows unauthorized attackers to circumvent security controls and initiate VPN connections through GlobalProtect. CISA added the flaw to its Known Exploited Vulnerabilities catalog
Alerts
Chaotic Eclipse has released a third wave of Windows zero-day disclosures, publishing a proof-of-concept for a privilege escalation vulnerability codenamed MiniPlasma that grants SYSTEM privileges on fully patched Windows systems — including those running the latest May 2026 updates. The flaw resides in cldflt.sys, the Windows Cloud
Alerts
The anonymous security researcher known as Chaotic Eclipse — responsible for the BlueHammer, RedSun, and UnDefend Microsoft Defender zero-days that ZDW covered last month — has returned with two additional Windows zero-days, escalating an increasingly public confrontation with Microsoft over vulnerability disclosure handling. The first vulnerability, codenamed YellowKey, is a
Alerts
SAP has released 15 security notes as part of its May 2026 Security Patch Day, including fixes for two critical vulnerabilities carrying CVSS scores of 9.6 in S/4HANA and Commerce Cloud. The S/4HANA flaw, tracked as CVE-2026-34260, is an SQL injection caused by missing input
Alerts
Two critical vulnerabilities in widely deployed Chinese enterprise software are under active exploitation, with threat actors leveraging unauthenticated remote code execution flaws in MetInfo CMS and Weaver E-cology to compromise servers without requiring any credentials. CVE-2026-29014 (CVSS 9.8) affects MetInfo, a PHP and MySQL-based enterprise
Alerts
Wiz researchers have disclosed a critical remote code execution vulnerability in GitHub's internal Git infrastructure that exposed millions of repositories across both GitHub.com and GitHub Enterprise Server. Tracked as CVE-2026-3854, the flaw allowed any authenticated user to execute arbitrary commands on GitHub's backend
Alerts
A privilege escalation vulnerability in Microsoft Defender is under active exploitation using publicly available proof-of-concept code, with Huntress confirming attacks began on April 10 — four days before Microsoft released a patch. CISA added the flaw to its Known Exploited Vulnerabilities catalog on Wednesday, setting a May 6 federal
Alerts
A critical sandbox escape vulnerability has been disclosed in Terrarium, an open-source Python sandbox developed by Cohere AI for running untrusted code in Docker-deployed containers. Tracked as CVE-2026-5752 with a CVSS score of 9.3, the flaw allows attackers to break out of the sandbox and
Alerts
Microsoft has pushed an emergency out-of-band security update to address CVE-2026-40372, a critical privilege escalation vulnerability in ASP.NET Core's Data Protection cryptographic APIs that allows unauthenticated attackers to forge authentication cookies and gain SYSTEM-level access on affected systems. The flaw originated from
Alerts
CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog on Monday, setting aggressive federal patching deadlines after confirming active exploitation across a range of enterprise products. Three of the flaws target Cisco Catalyst SD-WAN Manager, while the remaining five affect Quest KACE, PaperCut, JetBrains TeamCity, Kentico Xperience,
Alerts
CISA has issued an emergency patching directive for a critical Citrix NetScaler vulnerability that is already being exploited in the wild to hijack administrator sessions on exposed appliances. The agency added CVE-2026-3055 to its Known Exploited Vulnerabilities catalog on Monday and ordered all Federal Civilian Executive Branch agencies
Alerts
Arctic Wolf observes active exploitation of CVE-2025-32975 in Quest KACE SMA — a maximum-severity authentication bypass enabling full admin takeover, Mimikatz credential harvesting, and RDP access to Veeam and Veritas backup systems.