Topic
Exploited Vulnerabilities.
10 stories of advisories, analysis, and defensive guidance in this topic.
VS Code Zero-Day Exposes GitHub Tokens to Theft via Malicious Links
A zero-day vulnerability in Visual Studio Code (VS Code) allows attackers to steal GitHub OAuth tokens with just one click.
Actively Exploited Linux and Android Flaws Prompt Urgent Patching by CISA
Two vulnerabilities have been actively exploited: a Linux kernel flaw allowing unexpected namespace isolation bypasses (CVE-2022-0492) and an Android issue enabling local privilege escalation without
Critical Oracle WebLogic Flaw Enables Unauthorized Data Access; Urgent Patching Recommended
An unauthenticated vulnerability in Oracle WebLogic Server has been exploited in the wild, allowing attackers to gain unauthorized access to critical data.
Critical Zero-Days Expose Acer Wave 7 Routers to Credential Theft and Backdoor Access
Acer's Wave 7 mesh routers are under threat from two critical zero-day vulnerabilities that could allow attackers to access plaintext credentials and gain persistent backdoor access.
Hackers Exploit Critical WordPress Plugin Flaw for Admin Account Takeovers
A critical vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress has been actively exploited by hackers to hijack user accounts, including admin accounts.
Microsoft Faces Legal Threats After Public Disclosure of Exploited Zero-Days
A researcher known as Nightmare Eclipse publicly disclosed several unpatched Microsoft vulnerabilities, leading to legal threats from Microsoft.
Palo Alto GlobalProtect CVE-2026-0257 Is No Longer Theoretical, Exploitation Has Reached Unpatched VPN Edges
CVE-2026-0257 is a PAN-OS GlobalProtect authentication bypass that can let an unauthenticated attacker establish an unauthorized VPN connection when authentication override is configured unsafely.
Windows 10 Snipping Tool Vulnerability Enables Network Spoofing by Attackers
An unpatched vulnerability in Microsoft's Windows 10 Version 1607 Snipping Tool allows unauthorized actors to spoof over a network, posing medium severity risks.
Windows Netlogon CVE-2026-41089 Moves From Patch Tuesday Priority to Active Exploitation Risk
CVE-2026-41089 is a critical Windows Netlogon flaw that can let an unauthenticated attacker execute code over the network against vulnerable Windows Server domain controllers.
Microsoft Mitigates YellowKey BitLocker Bypass (CVE-2026-45585)
Quick one: Microsoft patched a BitLocker bypass flaw, CVE-2026-45585, with a mitigation after a zero-day exploit was disclosed. Defenders should verify if systems are running patched versions and monitor for unusual BitL