Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29

19 May 2026  |  dark6  |  Vulnerability

CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server's Outlook Web Access, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild....

>> read more

Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released

19 May 2026  |  dark6  |  Vulnerability

A critical Windows zero-day dubbed 'MiniPlasma' has surfaced with a public proof-of-concept exploit, allowing unprivileged attackers to achieve full SYSTEM-level access on all versions of Windows. The flaw...

>> read more

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

19 May 2026  |  dark6  |  Vulnerability

Hackers are actively exploiting CVE-2026-42945, a critical heap buffer overflow in NGINX Open Source and NGINX Plus, with real-world attacks confirmed just days after public disclosure. With approximately...

>> read more

CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched

18 May 2026  |  dark6  |  Vulnerability

Two critical memory-safety vulnerabilities in PHP image-processing functions allow attackers to leak sensitive heap memory (CVE-2025-14177) or trigger heap buffer overflows via malicious JPEG files. All PHP 8.1...

>> read more

Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes

18 May 2026  |  dark6  |  Vulnerability

Day Two of Pwn2Own Berlin 2026 saw 15 new zero-day exploits demonstrated against Microsoft Exchange (full RCE chain worth $200,000), Windows 11, Red Hat Linux, Cursor IDE, OpenAI...

>> read more

First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance

18 May 2026  |  dark6  |  Vulnerability

Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE) — a protection Apple spent five years building....

>> read more

CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released

17 May 2026  |  dark6  |  Vulnerability

A critical Linux kernel race condition flaw (CVE-2026-46333), dubbed 'ssh-keysign-pwn,' allows local unprivileged attackers to steal SSH private keys and read hashed passwords from /etc/shadow. A public proof-of-concept...

>> read more

Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices

17 May 2026  |  dark6  |  Vulnerability

Google Project Zero has demonstrated a two-vulnerability chain that silently roots Google Pixel 10 devices without any user interaction, combining a Dolby media framework flaw with a newly...

>> read more