WatchGuard Agent Vulnerabilities Allow Attackers to Escalate to Full SYSTEM Privileges on Windows
WatchGuard has released urgent security updates patching four high-severity vulnerabilities in the WatchGuard Agent for Windows, including chained CVE-2026-6787 and CVE-2026-6788 flaws (CVSS 8.5) that grant NT AUTHORITY\SYSTEM...
Critical Next.js and React Server Components Vulnerabilities: SSRF, DoS, and Middleware Bypass Patched
Vercel has released a sweeping set of security advisories for Next.js addressing more than a dozen vulnerabilities including denial-of-service, SSRF via WebSocket upgrades, and middleware bypass flaws. All...
New Ivanti EPMM Zero-Day CVE-2026-6973 Actively Exploited — Patch Immediately
Ivanti has confirmed active exploitation of CVE-2026-6973, a new zero-day vulnerability in its on-premises Endpoint Manager Mobile (EPMM) product. The flaw requires admin authentication and is part of...
Dirty Frag: New Linux Kernel Vulnerability Chains Two Flaws to Grant Root Privileges — Public PoC Released
A newly disclosed Linux kernel vulnerability dubbed Dirty Frag chains two page-cache write flaws to achieve full root access on virtually all major Linux distributions. A public PoC...
Critical Palo Alto PAN-OS Zero-Day CVE-2026-0300 Actively Exploited — Root Access Granted on 5,800+ Exposed Firewalls
A critical buffer overflow zero-day in Palo Alto Networks PAN-OS (CVE-2026-0300, CVSS 9.3) is being actively exploited in the wild. Unauthenticated attackers can gain full root access to...
Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
Apache has released HTTP Server 2.4.67, patching five vulnerabilities including a critical double-free bug CVE-2026-23918 (CVSS 8.8) in the HTTP/2 implementation that can enable Remote Code Execution. All...
Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction
Google has disclosed a critical zero-click remote code execution vulnerability tracked as CVE-2026-0073 in the Android System component. The flaw allows attackers on the same local network to...
Microsoft Defender False Positive Quarantines DigiCert Root Certificates, Risks Breaking SSL Across Enterprise Networks
A faulty Microsoft Defender antimalware definition update incorrectly flagged two legitimate DigiCert root certificates as malware, automatically quarantining them from the Windows trust store on enterprise endpoints. The...