Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

Critical GitHub RCE Vulnerability CVE-2026-3854 Exposed Millions of Repositories to Cross-Tenant Access

29 April 2026  |  dark6  |  Vulnerability

Wiz researchers used AI-augmented reverse engineering to uncover CVE-2026-3854, a critical RCE flaw in GitHub's internal git infrastructure that could have enabled any authenticated user to execute code...

>> read more

APT28 Exploits Windows 0-Click Flaw CVE-2026-32202 to Steal NTLM Hashes via Defender SmartScreen Bypass

29 April 2026  |  dark6  |  Vulnerability

Russian state-sponsored APT28 is actively exploiting CVE-2026-32202, a zero-click Windows Shell vulnerability that bypasses Defender SmartScreen and silently exfiltrates Net-NTLMv2 credential hashes. Microsoft patched the flaw in April...

>> read more

Microsoft Defender “RedSun” Zero-Day (CVE-2026-33825): Unpatched Exploit Grants Full SYSTEM Access

28 April 2026  |  dark6  |  Vulnerability

An unpatched zero-day dubbed RedSun (CVE-2026-33825) actively exploits a flaw in Windows Defender's cloud file rollback mechanism to grant attackers full SYSTEM privileges. A public PoC has been...

>> read more

Critical CVSS 9.8 Flaw in CrowdStrike LogScale Lets Unauthenticated Attackers Read Server Files

28 April 2026  |  dark6  |  Vulnerability

CrowdStrike has issued an emergency advisory for CVE-2026-40050, a CVSS 9.8 unauthenticated path-traversal flaw in LogScale that lets remote attackers read arbitrary files from the server filesystem. Self-hosted...

>> read more

Pack2TheRoot: Critical Linux Privilege Escalation Flaw in PackageKit Affects 12+ Years of Releases (CVE-2026-41651)

28 April 2026  |  dark6  |  Vulnerability

Deutsche Telekom's Red Team has disclosed Pack2TheRoot (CVE-2026-41651), a critical local privilege escalation flaw in the PackageKit daemon affecting all major Linux distributions across 12+ years of releases,...

>> read more

CISA Adds Two Actively Exploited SimpleHelp Vulnerabilities to KEV Catalog — May 8 Patch Deadline

26 April 2026  |  dark6  |  Vulnerability

CISA has added two chained vulnerabilities in SimpleHelp remote support software — CVE-2024-57726 (missing authorization) and CVE-2024-57728 (path traversal) — to its KEV catalog after confirming active exploitation....

>> read more

PhantomRPC: Unpatched Windows RPC Flaw Enables SYSTEM-Level Privilege Escalation on All Windows Versions

26 April 2026  |  dark6  |  Vulnerability

Kaspersky researchers have revealed PhantomRPC, an unpatched architectural flaw in the Windows RPC runtime that allows local privilege escalation to SYSTEM level via five distinct attack paths. Microsoft...

>> read more

Kali Linux 2026.1 Released: Eight New Hacking Tools, Kernel 6.18, and Enhanced Mobile Pentesting

25 April 2026  |  dark6  |  Vulnerability

Kali Linux 2026.1 has been released with eight new hacking tools including AdaptixC2, Atomic-Operator, and MetasploitMCP, alongside the Linux 6.18 kernel, enhanced Samsung S10 wireless support, and Claude...

>> read more