Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control
Security researchers have documented a wave of attacks exploiting Docker and Kubernetes misconfigurations to break out of containers and take full control of host systems, including supply chain...
CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately
Microsoft’s May 2026 Patch Tuesday addressed CVE-2026-41089, a critical Windows Netlogon 0-click RCE — now actively exploited in the wild. Domain controllers running unpatched Windows Server face complete...
Google Chrome’s Device-Bound Session Credentials Go GA — Cryptographically Kills Cookie-Theft Attacks
Google has moved Device Bound Session Credentials (DBSC) to general availability in Chrome on Windows, cryptographically binding session cookies to the originating device via TPM. Enabled by default...
GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities
GitLab has released emergency security patches (versions 19.0.1, 18.11.4, 18.10.7) fixing a CVSS 8.2 Duo AI identity flaw (CVE-2026-4868) that could enable lateral movement, alongside a Wiki denial-of-service...
Microsoft Releases Emergency KB5089573 for Windows 11 to Permanently Fix Patch Tuesday Install Failures
Microsoft has released KB5089573, a critical out-of-band update for Windows 11, permanently fixing the EFI System Partition space issue that caused widespread 0x800f0922 installation failures following May 2026...
CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately
A critical authentication bypass in Palo Alto Networks PAN-OS (CVE-2026-0257) is being actively exploited in two distinct waves, with attackers forging GlobalProtect VPN session cookies to gain unauthorized...
BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications
A newly disclosed critical vulnerability dubbed 'BadHost' (CVE-2026-48710) enables attackers to bypass authentication in FastAPI and Starlette-based AI applications through manipulated HTTP Host headers. Thousands of LLM inference...
Critical 7-Zip Flaw CVE-2026-48095 (CVSS 8.8) Enables Arbitrary Code Execution via NTFS Vtable Hijack
A critical heap buffer overflow in 7-Zip 26.00 (CVE-2026-48095, CVSS 8.8) lets attackers execute arbitrary code through an NTFS vtable hijack. The attack works regardless of file extension...