Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

Microsoft Ships KB5095189 Cumulative Update to Patch the Windows 11 Setup Experience

6 July 2026  |  dark6  |  Vulnerability

Microsoft's KB5095189 update patches the Windows 11 setup experience for versions 24H2 and 25H2. It carries no CVE, but enterprises relying on Autopilot-style provisioning should confirm devices aren't...

>> read more

Researcher Chains a Guardrail Bypass With a Path Traversal Flaw to Access System Files in ChatGPT

4 July 2026  |  dark6  |  Vulnerability

A proof-of-concept disclosed by researcher zer0dac combined social engineering against ChatGPT's own safety logic with a path traversal bug to retrieve restricted system files through the platform's file...

>> read more

Researchers Chain DLL Sideloading and an RPC Flaw to Gain Root Access Inside Claude Cowork’s Sandbox

4 July 2026  |  dark6  |  Vulnerability

Security researchers at Armadin found a way to chain DLL sideloading with a flaw in an internal RPC protocol to escalate privileges and execute commands as root inside...

>> read more

New CitrixBleed-Class Vulnerability in Citrix NetScaler Exploited Within 24 Hours of Disclosure

3 July 2026  |  dark6  |  Vulnerability

CVE-2026-8451, the latest entry in the CitrixBleed family of NetScaler memory-disclosure flaws, came under active exploitation less than a day after public disclosure. Decoy infrastructure operator Lupovis tracked...

>> read more

DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk

2 July 2026  |  dark6  |  Vulnerability

Two critical zero-click RCE vulnerabilities (CVE-2026-50548, CVE-2026-50549) in Cursor IDE, dubbed DuneSlide, allow attackers to escape the AI coding agent sandbox via prompt injection with no user interaction...

>> read more

Four New CVEs in Fluentd Expose Millions of Cloud and Kubernetes Logging Pipelines to RCE and Data Leaks

2 July 2026  |  dark6  |  Vulnerability

Four new CVEs in the widely deployed Fluentd log collector — including a critical RCE vulnerability (CVE-2026-44024) exploitable via crafted log entries — put cloud and Kubernetes logging...

>> read more

PoC Published for CVE-2026-24294: NTLM Reflection Bypass Grants SYSTEM Access on Windows Server 2025

1 July 2026  |  dark6  |  Vulnerability

Synacktiv has released a working PoC for CVE-2026-24294, a new NTLM reflection bypass that grants SYSTEM-level access on Windows Server 2025 by abusing the SMB-over-custom-port feature. Microsoft patched...

>> read more

Critical wolfSSL Vulnerabilities Expose Billions of Servers and IoT Devices to Certificate Forgery and RCE

1 July 2026  |  dark6  |  Vulnerability

Multiple newly disclosed vulnerabilities in the wolfSSL embedded TLS library — including certificate trust bypasses, heap overflows, and post-quantum cryptography weaknesses — put billions of servers, IoT devices,...

>> read more