Microsoft Ships KB5095189 Cumulative Update to Patch the Windows 11 Setup Experience
Microsoft's KB5095189 update patches the Windows 11 setup experience for versions 24H2 and 25H2. It carries no CVE, but enterprises relying on Autopilot-style provisioning should confirm devices aren't...
Researcher Chains a Guardrail Bypass With a Path Traversal Flaw to Access System Files in ChatGPT
A proof-of-concept disclosed by researcher zer0dac combined social engineering against ChatGPT's own safety logic with a path traversal bug to retrieve restricted system files through the platform's file...
Researchers Chain DLL Sideloading and an RPC Flaw to Gain Root Access Inside Claude Cowork’s Sandbox
Security researchers at Armadin found a way to chain DLL sideloading with a flaw in an internal RPC protocol to escalate privileges and execute commands as root inside...
New CitrixBleed-Class Vulnerability in Citrix NetScaler Exploited Within 24 Hours of Disclosure
CVE-2026-8451, the latest entry in the CitrixBleed family of NetScaler memory-disclosure flaws, came under active exploitation less than a day after public disclosure. Decoy infrastructure operator Lupovis tracked...
DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk
Two critical zero-click RCE vulnerabilities (CVE-2026-50548, CVE-2026-50549) in Cursor IDE, dubbed DuneSlide, allow attackers to escape the AI coding agent sandbox via prompt injection with no user interaction...
Four New CVEs in Fluentd Expose Millions of Cloud and Kubernetes Logging Pipelines to RCE and Data Leaks
Four new CVEs in the widely deployed Fluentd log collector — including a critical RCE vulnerability (CVE-2026-44024) exploitable via crafted log entries — put cloud and Kubernetes logging...
PoC Published for CVE-2026-24294: NTLM Reflection Bypass Grants SYSTEM Access on Windows Server 2025
Synacktiv has released a working PoC for CVE-2026-24294, a new NTLM reflection bypass that grants SYSTEM-level access on Windows Server 2025 by abusing the SMB-over-custom-port feature. Microsoft patched...
Critical wolfSSL Vulnerabilities Expose Billions of Servers and IoT Devices to Certificate Forgery and RCE
Multiple newly disclosed vulnerabilities in the wolfSSL embedded TLS library — including certificate trust bypasses, heap overflows, and post-quantum cryptography weaknesses — put billions of servers, IoT devices,...