Sitemap
All pages on Hacker Posts.
Home
Newsroom
- CISA adds SolarWinds Serv-U CVE-2026-28318 to KEV, DoS in the wild
- Anthropic patches Claude Code GitHub Action repo-takeover chain
- Cisco SD-WAN Manager CVE-2026-20245 exploited, no patch yet
- VS Code github.dev zero-day exposed full GitHub OAuth tokens in one click
- CISA adds Oracle WebLogic CVE-2024-21182 to KEV catalog
- Android Framework zero-day CVE-2025-48595 added to CISA KEV
- HTTP/2 Bomb (CVE-2026-49975) drops nginx, Apache, IIS, Envoy
- Red Hat npm packages backdoored: Miasma worm hits @redhat-cloud-services
- Windows Netlogon RCE CVE-2026-41089 now exploited in the wild
- CIFSwitch: 19-year-old Linux CIFS bug gives any local user root
- Marimo CVE-2026-39987 RCE chains into LLM-driven post-exploit
- npm supply-chain campaign: 14 typosquats target AWS, Vault, npm tokens
- Palo Alto GlobalProtect auth bypass (CVE-2026-0257) added to CISA KEV after weeks of exploitation
- FortiClient EMS bug CVE-2026-35616 now drops EKZ stealer as fake patch
- CISA links GitHub repo exfiltration to malicious Nx Console 18.95.0
- Gitea CVE-2026-27771: anyone could pull your private container images, no login
- Starlette BadHost (CVE-2026-48710): one Host header bypasses auth in FastAPI, vLLM, MCP
- KnowledgeDeliver CVE-2026-5426: Mandiant traces RCE to shared ASP.NET keys
- CISA flags Langflow CVE-2025-34291: CORS chain yields RCE
- Ghost CMS SQLi (CVE-2026-26980) hijacks 700+ sites — Harvard, Oxford, DuckDuckGo serve ClickFix
- Trend Micro Apex One CVE-2026-34926 exploited; CISA deadline June 4
- Canvas LMS breach: ShinyHunters claims 275M records; Instructure says it paid for deletion
- Drupal patches highly critical SQL injection (CVE-2026-9082) — exploited in the wild within 48h
- Laravel-Lang Composer packages hijacked — 700+ versions ship a credential stealer
- LiteSpeed cPanel plugin RCE (CVE-2026-48172, CVSS 10.0) actively exploited — any cPanel user can run code as root