On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

15/05/2026 0 Comments 0 tags

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

15/05/2026 0 Comments 0 tags

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

14/05/2026 0 Comments 0 tags

Cybersecurity researchers are sounding the alarm about what has been described as “malicious activity” in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

14/05/2026 0 Comments 0 tags

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

14/05/2026 0 Comments 0 tags

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

14/05/2026 0 Comments 0 tags

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked

How AI Hallucinations Are Creating Real Security Risks

14/05/2026 0 Comments 0 tags

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

14/05/2026 0 Comments 0 tags

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

14/05/2026 0 Comments 0 tags

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON).

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

14/05/2026 0 Comments 0 tags

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third