This post was originally published on this site. 32Critical 166Important 0Moderate 0Low Microsoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days. Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release, with 32 rated critical and 166 rated as important. Our counts omitted 6 CVEs that were already addressed by […]

This post was originally published on this site. Oracle addresses 35 CVEs in its May 2026 Critical Security Patch Update with 35 patches, including 11 critical updates. Key Takeaways The May 2026 Critical Security Patch Update (CSPU) contains fixes for 35 unique CVEs in 35 security updates 11 issues (31.4% of all patches) were assigned […]

This post was originally published on this site.[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 – 16:00 Sensor Proxy leverages third-party software to help provide underlying functionality. Several of the third-party components (openresty, openresty – nginx) were found to contain vulnerabilities, and updated versions have been made available by the providers. […]

This post was originally published on this site. A self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud credentials across the npm […]

This post was originally published on this site. A highly critical SQL injection vulnerability in Drupal core’s database abstraction layer affects sites running PostgreSQL. Key Takeaways CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core’s database abstraction API that can be exploited by unauthenticated attackers on sites using PostgreSQL. No exploitation has been […]

This post was originally published on this site.Severity: Informational First Published: Wed, 20 May 2026 10:30:00 GMT Updated: Wed, 20 May 2026 00:00:00 GMT Publication ID: sophos-sa-20260520-github-internal-systems-breach Article Version: 1

This post was originally published on this site. The 2026 Verizon Data Breach Investigations Report (DBIR) reveals a troubling trend: vulnerability exploitation has surged to become the number one initial access vector while remediation rates have worsened. Key takeaways Vulnerability exploitation has surged to become the leading initial access vector for breaches, accounting for 31% […]

This post was originally published on this site. Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been exploited as a zero-day by a sophisticated threat actor. Key Takeaways CVE-2026-20182 is a critical (CVSSv3 10.0) authentication bypass in Cisco Catalyst […]

This post was originally published on this site.[R2] Tenable Network Monitor 6.5.4 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/14/2026 – 13:00 Tenable Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components (OpenSSL, curl, sqlite3, handlebars, expat, and dpdk) were found to contain vulnerabilities, and updated versions have been made available […]

This post was originally published on this site. A new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. Key Takeaways CVE-2026-46300 (Fragnesia) is the latest high severity local privilege escalation vulnerability in the Linux kernel, following the disclosure of both Dirty […]