The widely used open-source library has been patched to defend against a heap buffer overflow flaw that’s been in the code since its inception.

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.

Threat actors began targeting a recently patched BeyondTrust vulnerability shortly after a proof-of-concept (PoC) exploit was released.

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws to KEV list.

Learn how CVE-2026-1281 and CVE-2026-1340 enable pre-auth RCE in Ivanti EPMM, now actively exploited, and how AppTrana helps block attacks across applications. The post CVE-2026-1281 & CVE-2026-1340: ...

A critical remote code execution flaw in the WPvivid Backup & Migration WordPress plugin puts over 900,000 sites at risk unless patched.

China’s Tianfu Cup hacking contest made its return in 2026, now overseen by the government and marked by limited transparency.

Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline.

The vulnerability comes from the way Notepad handles Markdown hyperlinks. Attackers craft malicious .md files with embedded ...

It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication ...