News archive

All published intel.

Every published Unpatched Intel article, sorted from newest to oldest. Search or filter by topic.

All stories

/

criticalWeb & API SecurityJun 4, 2026·6 min read

Casdoor Authentication Bypass Flaws Undermine SAML, MFA, and Token Controls

CERT/CC disclosed nine Casdoor flaws that can let attackers bypass SAML, MFA, and token controls.

criticalCloud & SaaS SecurityJun 4, 2026·5 min read

Collibra Agent Unauthenticated RCE Chain Exposes Data Governance Deployments

CERT/CC says Collibra Agent flaws can be chained from unauthenticated access to arbitrary file write and remote code execution.

highDefensive GuidanceJun 4, 2026·5 min read

Securly Chrome Extension Flaws Expose Student Filtering and Monitoring Controls

CERT/CC disclosed multiple Securly Chrome extension flaws that can expose filtering logic and disrupt browsing.

highWeb & API SecurityJun 3, 2026·6 min read

Firefox 151.0.3 Patches High-Severity JIT and Graphics Flaws

Mozilla released Firefox 151.0.3 to fix two high-severity browser flaws in the JIT engine and graphics text handling path.

highWeb & API SecurityJun 3, 2026·6 min read

Firefox for iOS 151.2 Fixes Reader View JavaScript Execution Bugs

Firefox for iOS 151.2 patches two high-severity Reader View bugs that could lead to arbitrary JavaScript execution.

highSupply Chain SecurityJun 3, 2026·6 min read

GitHub Enterprise Server Signing Key Rotation Follows Internal Repository Breach

GitHub is rotating the GitHub Enterprise Server signing key after a breach tied to a poisoned VS Code extension and says GHES administrators need to update trusted public keys now.

highExploited VulnerabilitiesJun 3, 2026·4 min read

VS Code Zero-Day Exposes GitHub Tokens to Theft via Malicious Links

A zero-day vulnerability in Visual Studio Code (VS Code) allows attackers to steal GitHub OAuth tokens with just one click.

highExploited VulnerabilitiesJun 2, 2026·4 min read

Actively Exploited Linux and Android Flaws Prompt Urgent Patching by CISA

Two vulnerabilities have been actively exploited: a Linux kernel flaw allowing unexpected namespace isolation bypasses (CVE-2022-0492) and an Android issue enabling local privilege escalation without

highExploited VulnerabilitiesJun 2, 2026·2 min read

Critical Oracle WebLogic Flaw Enables Unauthorized Data Access; Urgent Patching Recommended

An unauthenticated vulnerability in Oracle WebLogic Server has been exploited in the wild, allowing attackers to gain unauthorized access to critical data.

highExploited VulnerabilitiesJun 2, 2026·3 min read

Critical Zero-Days Expose Acer Wave 7 Routers to Credential Theft and Backdoor Access

Acer's Wave 7 mesh routers are under threat from two critical zero-day vulnerabilities that could allow attackers to access plaintext credentials and gain persistent backdoor access.

highAPT / Nation-StateJun 2, 2026·3 min read

Gamaredon Exploits WinRAR Zero-Day: Urgent Patch Needed for Windows Users

The WinRAR vulnerability (CVE-2025-8088) has been actively exploited by Gamaredon to execute arbitrary code through malicious archive files, posing a significant threat to systems using the Windows ve

criticalExploited VulnerabilitiesJun 2, 2026·3 min read

Hackers Exploit Critical WordPress Plugin Flaw for Admin Account Takeovers

A critical vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress has been actively exploited by hackers to hijack user accounts, including admin accounts.