Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency
Fortinet researchers found C0XMO, a Gafgyt variant exploiting CVE-2021-27137 in DD-WRT routers, that kills rival botnets and supports 19 DDoS
SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at
Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch
CISA, FBI, NSA, and DOE warned of active attacks on internet-exposed fuel tank monitoring systems via authentication bypass and command
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight
CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting
CVE-2026-49975 HTTP/2 Bomb exploit achieves 5,700:1 amplification against Envoy, crashing 32 GB of server memory with a single residential connection.
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.