top of page
ALL POSTS
Chrome 149 and Spring HATEOAS Security Updates Address Critical Vulnerabilities and UAF Bugs
Key Findings Chrome 149 addresses 28 security vulnerabilities across desktop platforms, with 5 critical flaws that could enable arbitrary code execution Critical use-after-free bugs dominate the patch set, affecting Core, DigitalCredentials, WebMIDI, and GPU components One critical flaw involves insufficient input validation in Accessibility features, while another is a heap buffer overflow in GPU 23 high-severity issues span Network, Media, Cast, Autofill, DevTools, and Exte
Jun 122 min read
Microsoft Patch Tuesday June 2026: 206 Vulnerabilities and Security Updates
Key Findings Microsoft released 206 vulnerabilities in June 2026 Patch Tuesday, the largest monthly batch on record 32 vulnerabilities marked as critical, with 28 being remote code execution flaws 4 critical vulnerabilities flagged as more likely to be exploited in active attacks 23 critical vulnerabilities assessed as less likely to be exploited but still pose significant risk 3 vulnerabilities were publicly known but not yet exploited at time of release Affected products sp
Jun 94 min read
FreeRADIUS and Chrome Security Updates Address Critical Buffer Overflow and Multiple Vulnerabilities
Key Findings FreeRADIUS released emergency patches to fix critical unauthenticated buffer overflow vulnerabilities affecting multiple authentication protocols Malicious actors can crash vulnerable servers without any authentication by sending specially crafted UDP packets Chrome 149 stable release addresses 429 security vulnerabilities including critical memory corruption bugs in graphics and GPU handling Developers are intentionally limiting technical disclosure details to p
Jun 53 min read
Google's June 2026 Android Security Update Fixes 124 Vulnerabilities Including One Active Zero-Day Exploit
Key Findings Google released patches for 124 Android security vulnerabilities in June 2026, including one actively exploited flaw CVE-2025-48595 (CVSS 8.4) is a privilege escalation vulnerability in the Android Framework currently under limited, targeted exploitation The flaw affects Android 14, 15, 16, and 16 QPR2, requires no user interaction, and allows code execution through integer overflow CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on Ju
Jun 32 min read
Critical Security Updates: Privilege Escalation and Remote Code Execution Vulnerabilities Patched in OpenVPN Connect and Veeam
Key Findings Critical privilege escalation vulnerability (CVE-2026-9560, CVSS 9.4) in OpenVPN Connect for macOS allows local attackers to gain root access Affected versions 3.5.1 through 3.8.1 contain insecure local IPC handling in the privileged helper component Version 3.8.2 patches the vulnerability along with authentication and profile management bugs Enterprise deployments require immediate updates to secure corporate endpoints Multiple critical flaws discovered in Veeam
May 282 min read
Apache CXF and ECharts Frameworks Patch Critical Security Vulnerabilities
Key Findings Apache CXF framework patches three severe vulnerabilities including remote code execution, LDAP injection, and XXE attacks LDAP injection flaw (CVE-2026-44930) allows attackers to retrieve arbitrary certificates from internal repositories WS-Transfer XXE vulnerability (CVE-2026-44618) enables adversaries to read sensitive files and map internal networks Incomplete RCE fix (CVE-2026-44417) creates another code execution path through JMS configuration Apache EChart
May 252 min read
Drupal Emergency Security Update Alert: May 20 Critical Patch Required for All Sites
Key Findings Drupal Security Team releasing emergency core security update May 20, 5-9 p.m. UTC across all supported branches Vulnerability is severe enough that exploits could be developed within hours or days of patch release Update affects Drupal 11.3.x, 11.2.x, 10.6.x, and 10.5.x with best-effort patches for 11.1.x and 10.4.x End-of-life versions (Drupal 8 and 9) receiving manual patch files only, with no guarantees Drupal 7 is not affected by this vulnerability Backgroun
May 192 min read
Critical cPanel and WHM Security Update: Three New Vulnerabilities Patched to Prevent File Read, Code Execution, and Privilege Escalation
Key Findings cPanel and WHM released patches for three vulnerabilities affecting multiple versions CVE-2026-29201 allows arbitrary file read through insufficient input validation CVE-2026-29202 enables arbitrary Perl code execution for authenticated users CVE-2026-29203 exploits unsafe symlink handling for denial-of-service and potential privilege escalation No evidence of active exploitation yet, but disclosure follows recent zero-day attacks using Mirai and Sorry ransomware
May 102 min read
Apple Expands iOS 18 Updates Across Multiple Devices to Block Critical DarkSword Exploit
Key Findings Apple expanded iOS 18.7.7 availability on April 1, 2026 to protect users from the DarkSword exploit kit, which targets iOS versions 18.4 through 18.7 The update now covers iPhone XR through iPhone 16e and multiple iPad models, allowing users to patch vulnerabilities without upgrading to iOS 26 DarkSword spreads through watering hole attacks on compromised legitimate websites and can deploy backdoors and data miners for persistent access Approximately 20% of users
Apr 23 min read
Apple Releases Critical Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Key Findings Apple released security updates for older iOS and iPadOS versions to address vulnerabilities in the Coruna exploit kit Updates cover devices that cannot upgrade to the latest iOS versions Patches address multiple vulnerabilities, including WebKit and kernel-related issues Coruna exploit kit targets iOS versions 13.0 through 17.2.1 with 23 total exploits Background The Coruna exploit kit, also known as CryptoWaters, was first identified by Google's Threat Intellig
Mar 122 min read
Microsoft Patch Tuesday for March 2026 — Snort rules and prominent vulnerabilities
Key Findings Microsoft released its monthly security update for March 2026, addressing 79 vulnerabilities 3 vulnerabilities were marked as "critical" by Microsoft Remaining vulnerabilities were classified as "important" Microsoft assessed that exploitation of the "critical" vulnerabilities is "less likely" Background CVE-2026-26110 and CVE-2026-26113 are "critical" Microsoft Office Remote Code Execution Vulnerabilities CVE-2026-26144 is a "critical" information disclosure vul
Mar 101 min read
Microsoft Releases Emergency Patch for Critical Office Vulnerability
Key Findings Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. The vulnerability is a security feature bypass that allows an unauthorized attacker to bypass security protections locally by sending a malicious Office file. Microsoft confirmed the Preview Pane is not an attack vector, but did not disclose technical details about the active exploits. Office 2021 and later are automa
Jan 272 min read
GitLab Issues High-Severity 2FA Bypass and DoS Flaws, Urgent Update Patches
Key Findings GitLab has released urgent security updates to address several high-severity vulnerabilities, including a critical two-factor authentication (2FA) bypass flaw and multiple denial-of-service (DoS) issues. The 2FA bypass vulnerability (CVE-2026-0723) could allow an attacker to bypass the authentication mechanism designed to protect accounts, potentially leading to account takeovers. The DoS vulnerabilities affect various GitLab components, including the Jira Connec
Jan 212 min read
Pixel 9's Zero-Click Exploit Chain: Breaching the Kernel
Key Findings Researchers from Google Project Zero have discovered a comprehensive "zero-click" exploit chain targeting the Google Pixel 9 smartphone. The exploit chain spans from remote code execution during media decoding to the ultimate compromise of the kernel. The vulnerabilities were patched in the security updates released on January 5, 2026. Background The pivotal shift in recent years lies in the propensity of "intelligent" smartphone features to preemptively analyze
Jan 192 min read
bottom of page
