Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM
A publicly disclosed zero-day in the Windows Collaborative Translation Framework (CTFMON) allows attackers with standard user privileges to escalate to SYSTEM. Tracked as CVE-2026-45586, the flaw affects all...
SAP June 2026 Patch Day: Four Critical Flaws Including CVSS 9.9 SAML Bypass in NetWeaver ABAP
SAP's June 2026 Security Patch Day addressed 15 security notes including four critical vulnerabilities. The most severe — CVE-2026-44748 (CVSS 9.9) — is an XML Signature Wrapping flaw...
Google Chrome 149 Patches 429 Vulnerabilities Including 22 Critical — Update Immediately
Google has released Chrome 149.0.7827.53 with 429 security fixes, including 22 rated critical. The patch covers use-after-free and memory corruption bugs across ANGLE, GPU, Network, Password Manager, and...
CVE-2026-23111: Linux Kernel nftables Use-After-Free Enables Root Privilege Escalation — Public Exploit Available
A use-after-free vulnerability in the Linux kernel nftables subsystem (CVE-2026-23111) allows unprivileged local attackers to escalate privileges to root on Debian and Ubuntu LTS systems. A public exploit...
Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets
Microsoft Threat Intelligence disclosed a prompt injection flaw in the Claude Code GitHub Action that allowed attackers to access /proc/self/environ and steal API keys from CI/CD runners. Anthropic...
CISA Warns: SolarWinds Serv-U CVE-2026-28318 Actively Exploited — Zero-Auth DoS Attack Hits File Transfer Platform
CISA has added CVE-2026-28318, a zero-authentication denial-of-service flaw in SolarWinds Serv-U, to its Known Exploited Vulnerabilities catalog. Attackers can crash the service remotely with a single crafted HTTP...
CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now
CISA has added CVE-2022-0492, a Linux kernel improper authentication flaw, to its Known Exploited Vulnerabilities catalog. The vulnerability enables privilege escalation and container escape attacks and is being...
CISA Warns: Hackers Are Targeting U.S. Fuel Tank Monitoring Systems Across Critical Infrastructure
CISA, the FBI, NSA, and five other federal agencies have issued a joint advisory confirming active cyberattacks against Automatic Tank Gauge (ATG) systems used in US energy, chemical,...