Resources

Severe Command Injection Flaw Discovered in SGLang

Andrew Doyle April 21, 2026

A critical vulnerability in SGLang could allow remote code execution. Tracked as CVE-2026-5760, this flaw scores 9.8 on CVSS.

Attackers Exploit QEMU Virtualization to Evade Detection

CVE Vulnerability Alerts

Attackers Exploit Three Zero-Day Flaws in Microsoft Defender to Gain Elevated Access

Gabby Lee April 21, 2026

Three zero-day flaws in Microsoft Defender, dubbed BlueHammer, RedSun, and UnDefend, are being actively exploited to gain elevated system access.

CVE Vulnerability Alerts

Critical Nginx-UI Vulnerability Lets Attackers Seize Full Server Control

Mitchell Langley April 16, 2026

Nginx servers vulnerable to attacks via a flaw (CVE-2026-33032) that allows authentication bypass.

Application Security

Critical Security Flaws in Composer Put PHP Applications at Risk

Andrew Doyle April 15, 2026

Two severe security vulnerabilities identified in PHP's Composer might allow arbitrary command execution.

CVE Vulnerability Alerts

Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates

Gabby Lee April 13, 2026

Adobe releases emergency patches to fix a critical flaw in Acrobat Reader actively exploited in the wild, CVE-2026-34621.

Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs

CVE Vulnerability Alerts

Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization

Andrew Doyle April 8, 2026

A new Docker Engine vulnerability allows attackers to bypass authorization plug-ins due to an incomplete fix.

CVE Vulnerability Alerts

Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users

Mitchell Langley April 7, 2026

Fortinet issues emergency patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS, already exploited in the wild.

Cybersecurity

Cybercrime Group Targets Developers with Malicious Telnyx Package on PyPI

Mitchell Langley March 31, 2026

Cybercrime group associated with Trivy attack uploads malicious Telnyx packages to PyPI aiming to deploy credential-stealing malware.

CVE Vulnerability Alerts

Hackers Exploit a Critical Citrix Vulnerability to Steal Sensitive Data

Mitchell Langley March 31, 2026

Critical Citrix vulnerability CVE-2026-3055 is targeted by attackers to steal data.

CVE Vulnerability Alerts

Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform

Mitchell Langley March 12, 2026

Two critical security vulnerabilities in n8n automation platform have been patched.

Weekly Newsletter

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Resources

Severe Command Injection Flaw Discovered in SGLang

Attackers Exploit Three Zero-Day Flaws in Microsoft Defender to Gain Elevated Access

Critical Nginx-UI Vulnerability Lets Attackers Seize Full Server Control

Critical Security Flaws in Composer Put PHP Applications at Risk

Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates

Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization

Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users

Cybercrime Group Targets Developers with Malicious Telnyx Package on PyPI

Hackers Exploit a Critical Citrix Vulnerability to Steal Sensitive Data

Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform

Weekly Newsletter

HR Emails Are the New Phishing Bait — And MFA Won’t Save You

Tax Season Never Really Ends for Hackers

When Amazon Sends the Phishing Email

Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers

U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”

Phony Root Certificate Scheme Puts Open Source Developers at Risk

APT28 Deploys PRISMEX Malware Against Ukraine and Its Allies

Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs

New Extortion Crew Uses Phishing to Breach High-Value Corporations

Bogus Traffic Violation Text Scam Targeting Americans

Daily Briefing Newsletter