Resources

CVE Vulnerability Alerts
CISA Orders Patch for Linux Container Escape CVE-2022-0492
CISA added the Linux kernel CVE-2022-0492 container escape flaw to the KEV catalog, confirming active exploitation with a three-day federal patch deadline.
Application Security
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000 e-commerce stores worldwide.
Application Security
Burst Statistics CVE-2026-8181 Under Mass Exploitation
CVE-2026-8181 in Burst Statistics for WordPress is under mass exploitation, with Wordfence blocking 7,400 daily attempts against over 200,000 affected sites.
CVE Vulnerability Alerts
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch until end of month.
Application Security
Public PoC Released for Cisco Unified CM SSRF Bug
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
Application Security
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
Application Security
CVE-2026-8206 Kirki Plugin Exploited; 500,000 WordPress Sites at Risk
CVE-2026-8206 in the Kirki WordPress plugin is under active attack, with Wordfence detecting 222 exploitation attempts targeting admin account takeover.
CVE Vulnerability Alerts
CVE-2026-0826 (CVSS 9.2): Unauthenticated RCE in HP Poly VoIP Phones
CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting the SDP/ICE parser.
Application Security
CISA Adds CVE-2024-21182 Oracle WebLogic to KEV; Feds Have 3 Days
CISA confirmed active exploitation of Oracle WebLogic CVE-2024-21182, giving federal agencies a June 4 deadline to patch the unauthenticated data-access flaw.
Application Security
CVE-2026-49975 HTTP/2 Bomb Hits nginx, Apache, Envoy, and Cloudflare
CVE-2026-49975 HTTP/2 Bomb exploit achieves 5,700:1 amplification against Envoy, crashing 32 GB of server memory with a single residential connection.

Weekly Newsletter

Weekly Cybersecurity Newsletter: 14th to 18th August
Cybersecurity Newsletter
Weekly Cybersecurity Newsletter: 14th to 18th August
Explore our latest cybersecurity podcast episodes featuring ransomware attacks, phishing campaigns, corporate breaches, legal showdowns, and deep dives into evolving threats and digital defenses.
This Week In Cybersecurity: 23rd June to 27th June
Cybersecurity Newsletter
This Week In Cybersecurity: 23rd June to 27th June
News Stories New ‘FileFix’ Attack Exploits Windows File Explorer to Deliver Stealthy Commands Threat actors use the search-ms URI protocol ...
This Week In Cybersecurity: 26th to 30th May, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 26th to 30th May, 2025
"Cybersecurity threats escalate as ransomware attacks target major organizations, exposing sensitive data and highlighting vulnerabilities in systems across various industries. Stay informed."
This Week In Cybersecurity: 19th to 23rd May, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 19th to 23rd May, 2025
This week, significant cybersecurity incidents include ransomware attacks, data breaches affecting major organizations, and ongoing threats from state-sponsored groups, highlighting vulnerabilities across various sectors.
This Week In Cybersecurity: 21st - 25th April, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 21st – 25th April, 2025
Targeted malware, ransomware, phishing, and ad fraud hit SK Telecom, Baltimore schools, Google, and more this week—exposing critical data and abusing trusted systems.