Network Security

CVE Vulnerability Alerts
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch until end of month.
Application Security
Public PoC Released for Cisco Unified CM SSRF Bug
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
Application Security
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
CVE Vulnerability Alerts
CVE-2026-0826 (CVSS 9.2): Unauthenticated RCE in HP Poly VoIP Phones
CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting the SDP/ICE parser.
Application Security
CVE-2026-49975 HTTP/2 Bomb Hits nginx, Apache, Envoy, and Cloudflare
CVE-2026-49975 HTTP/2 Bomb exploit achieves 5,700:1 amplification against Envoy, crashing 32 GB of server memory with a single residential connection.
CVE Vulnerability Alerts
CVE-2026-41089 Exploited: Windows Netlogon RCE Under Active Attack
Belgium's CCB confirmed active exploitation of CVE-2026-41089, a CVSS 9.8 unauthenticated Windows Netlogon RCE affecting all supported Windows Server versions.
CVE Vulnerability Alerts
PAN-OS CVE-2026-0257 Exploited Just 4 Days After Public Disclosure
CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, saw active exploitation begin just four days after public disclosure, with attacks ongoing for weeks.
Cybersecurity
Russia Sends Submarines to Survey UK Undersea Internet Cables
UK officials confirmed Russian submarines are surveying critical undersea cables, prompting Royal Navy deployment and emergency legislation to protect national communications infrastructure.
Cybersecurity
Dutch Police Seize 200+ Servers in 17-Million-Device Botnet Takedown
Dutch law enforcement dismantled a botnet of 17 million compromised devices by seizing over 200 command-and-control servers in a major coordinated takedown with hosting provider ...
Cybersecurity
Russia Sends Submarines to Survey UK Undersea Internet Cables
UK officials confirmed Russian submarines are surveying critical undersea cables, prompting Royal Navy deployment and emergency legislation to protect national communications infrastructure.