| Mar 30, 2026 Stored XSS in Adobe Commerce CVE-2026-21284 is a Cross-Site Scripting (XSS) vulnerability in Adobe Commerce, allowing attackers to inject malicious scripts into vulnerable form fields.
| Mar 19, 2026 Microsoft Devices Pricing Program Remote Code Execution Vulnerability CVE-2026-21536 is a critical unauthenticated RCE in Microsoft Devices Pricing Program that lets attackers upload and execute malicious files on servers.
| Mar 11, 2026 Fortinet Addresses Critical FortiCloud SSO Authentication Bypass Under Active Exploitation Fortinet released guidance addressing CVE-2026-24858, a critical auth. bypass vulnerability affecting its FortiOS, FortiManager, & FortiAnalyzer products.
| Mar 2, 2026 UAT-8616 Exploits Cisco SD-WAN Zero-Day for Persistent Access Cisco Talos revealed active exploitation of CVE-2026-20127, a max-severity authentication bypass vulnerability by the sophisticated threat actor UAT-8616.
| Mar 2, 2026 Cisco Catalyst SD-WAN Authentication Bypass Vulnerability CVE-2026-20127 is a critical authentication bypass vulnerability (CVSS 10.0) in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller.
| Feb 16, 2026 Microsoft Word Security Feature Bypass Vulnerability CVE-2026-21514 is a security feature bypass vulnerability in Microsoft Word due to reliance on untrusted inputs in a security decision.
| Feb 16, 2026 Windows Shell Security Feature Bypass Vulnerability CVE-2026-21510 is a Windows Shell security feature bypass vulnerability that allows an unauthorized attacker to bypass protection prompts over a network.
| Feb 9, 2026 Notepad++ Supply Chain Attack: Undetected Chains and Evolving Payloads Kaspersky researchers uncovered multiple undocumented infection chains in a supply chain attack targeting Notepad++ users from July to October 2025.
| Nov 19, 2025 Kraken Ransomware Group: Big-Game Hunting and Double Extortion Tactics This report provides a detailed investigation into the Kraken ransomware group - their operations, methods, and the broader implications for cybersecurity.
| Nov 12, 2025 Vulnerability in Simple User Capabilities Plugin Exposes WordPress Sites CVE-2025-12158 is a critical privilege escalation vuln. affecting the Simple User Capabilities WordPress plugin (all versions up to + including 1.0).
