
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack, with honeypots logging crafted XML payloads targeting the /OA_HTML endpoint.

Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack, with honeypots logging crafted XML payloads targeting the /OA_HTML endpoint.

Apple’s iOS 26.2 and macOS Tahoe 26.2 updates patch 30-plus flaws, including four WebKit vulnerabilities co-discovered by OpenAI and Anthropic

watchTowr Labs published a working exploit for CVE-2026-8037, a pre-authentication root RCE in Progress Kemp LoadMaster, weeks after patches were

Attackers exploited SimpleHelp’s OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.

CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first

CISA disclosed three Daktronics LED controller vulnerabilities that give remote attackers root access to highway signs, billboards, and roadside message

An anonymous researcher’s 130-plus zero-day dump included Gitea CVE-2026-20896, a Docker default misconfiguration that grants admin access with one HTTP

A public PoC exploit for CVE-2026-55200, a CVSS 9.2 out-of-bounds write in libssh2, is live with no fixed tagged release

The Athena coalition of about 24 companies including Docker, Cisco, and Cloudflare used AI to find 20,000+ vulnerabilities across 500

Microsoft confirmed CVE-2026-50656, a zero-day in the Defender Malware Protection Engine allowing SYSTEM-level privilege escalation, is under active exploitation with
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.