Vulnerabilities
-
Microsoft urges coordinated disclosure after public zero-day releases
Microsoft said public disclosure of six Windows zero-days without prior notice put customers at risk, after exploit details surfaced over the past month and three of the flaws were later used in active attacks.
-
Gitea flaw exposed private container images in self-hosted deployments
A Gitea flaw allowed unauthenticated users to pull private container images from self-hosted deployments, affecting versions before 1.26.2. Researchers said more than 30,000 instances may have been exposed.
-
Microsoft patches SharePoint flaw that could let authenticated attackers run code
Microsoft has patched a SharePoint remote code execution flaw tracked as CVE-2026-45659, saying an authenticated attacker with Site Member access could exploit it. The update covers several SharePoint Server versions.
-
KnowledgeDeliver flaw used in zero-day attacks to deploy Godzilla web shell
A zero-day flaw in Digital Knowledge’s KnowledgeDeliver learning management system was used to deploy the Godzilla web shell and later Cobalt Strike Beacon. The issue stemmed from hard-coded ASP.NET machine keys and affected deployments before Feb. 24, 2026.
-
Anthropic may be preparing public rollout of restricted Claude Mythos model
Anthropic appears to be preparing a public rollout of its restricted Claude Mythos model after it briefly surfaced in Claude Code and Claude Security, following an April preview that said it could generate highly capable cyberattacks.
-
Ghost CMS flaw exploited in large-scale ClickFix campaign
A campaign is using a critical Ghost CMS SQL injection flaw to inject malicious JavaScript and drive ClickFix attacks, with researchers saying more than 700 domains were affected.
-
CISA adds exploited Langflow and Trend Micro flaws to vulnerability catalog
CISA added exploited flaws in Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities catalog on Thursday, citing active attacks. Federal civilian agencies must patch the issues by June 4, 2026.
-
Cisco patches maximum-severity flaw in Secure Workload
Cisco has patched a CVSS 10.0 flaw in Secure Workload that could let an unauthenticated remote attacker read sensitive data and make configuration changes. The company said it found the bug during internal testing and has seen no signs of abuse.
-
Microsoft says two Defender flaws are under active exploitation
Microsoft said two Defender vulnerabilities, including one that could lead to SYSTEM privileges, are under active exploitation. CISA has added both flaws to its known exploited list and set a June 3 deadline for federal agencies.
-
Nine-year-old Linux kernel flaw can expose credentials and enable root access
Researchers disclosed a Linux kernel flaw that went unnoticed for nine years and could let a local attacker steal sensitive files or gain root access on some major distributions. Patches are available and a temporary workaround has also been outlined.
