
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch

Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch

Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on

University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight

CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting

CVE-2026-49975 HTTP/2 Bomb exploit achieves 5,700:1 amplification against Envoy, crashing 32 GB of server memory with a single residential connection.

Belgium’s CCB confirmed active exploitation of CVE-2026-41089, a CVSS 9.8 unauthenticated Windows Netlogon RCE affecting all supported Windows Server versions.

CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, saw active exploitation begin just four days after public disclosure, with attacks ongoing for

UK officials confirmed Russian submarines are surveying critical undersea cables, prompting Royal Navy deployment and emergency legislation to protect national

Dutch law enforcement dismantled a botnet of 17 million compromised devices by seizing over 200 command-and-control servers in a major

UK officials confirmed Russian submarines are surveying critical undersea cables, prompting Royal Navy deployment and emergency legislation to protect national
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.