HIGH

A hacker group is poisoning open source code at an unprecedented scale

Ars Technica Security • May 22, 2026

HIGH

First Shai-Hulud Worm Clones Emerge

SecurityWeek • May 18, 2026

MEDIUM

Analysis reveals concerning features in official White House app

SC Media • May 08, 2026

MEDIUM

How to exfiltrate data using only numeric outputs

Reddit r/netsec • May 02, 2026

MEDIUM

CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration

Microsoft Security Response Center • Apr 11, 2026

HIGH

CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial

Microsoft Security Response Center • Apr 15, 2026

HIGH

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Microsoft Security Response Center • Apr 15, 2026

CRITICAL

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

CSO Online • Apr 08, 2026

CRITICAL

OpenAI Codex: How a Branch Name Stole GitHub Tokens

Reddit r/netsec • Mar 30, 2026

HIGH

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

The Hacker News • Mar 27, 2026

CRITICAL

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

The Hacker News • Mar 20, 2026

HIGH

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Alerts • Mar 20, 2026

HIGH

Schneider Electric EcoStruxure Automation Expert

CISA ICS Advisories • Mar 19, 2026

HIGH

Siemens SIMATIC

CISA ICS Advisories • Mar 12, 2026

MEDIUM

Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains Part 2

Malpedia •

CRITICAL

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

The Hacker News • Mar 11, 2026

HIGH

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Code Injection Vulnerability

Cisco Security • Mar 04, 2026

HIGH

Claude collaboration tools left the door wide open to remote code execution

The Register Security • Feb 26, 2026

CRITICAL

January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day

Recorded Future • Feb 24, 2026

HIGH

SAP Security Patch Day Fixes Critical Code Injection Flaw in SAP CRM and S/4HANA

Web Discovery • Feb 10, 2026

CRITICAL

SAP Security Patch Day - Critical SAP CRM and SAP S/4HANA Code Injection Vulnerabilities Fixed

Web Discovery • Feb 10, 2026

MEDIUM

NCSC-2026-0052 [1.00] [M/H] Kwetsbaarheden verholpen in SAP producten

NCSC Netherlands • Feb 10, 2026

CRITICAL

From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent

Tenable Research • Feb 03, 2026

HIGH

USN-8004-1: FreeRDP vulnerabilities

Ubuntu Security • Feb 03, 2026

CRITICAL

Ivanti’s EPMM is under active attack, thanks to two critical zero-days

CyberScoop • Feb 03, 2026

HIGH

GlassWorm Malware Returns to Shatter Developer Ecosystems

Dark Reading • Feb 03, 2026

CRITICAL

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

The Hacker News • Feb 03, 2026

HIGH

Hundreds of Malicious Crypto Trading Addons Found in Moltbot/OpenClaw

Infosecurity Magazine • Feb 03, 2026

HIGH

DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon

Infosecurity Magazine • Feb 03, 2026

CRITICAL

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

The Hacker News • Feb 03, 2026

CRITICAL

Hackers exploit critical React Native Metro bug to breach dev systems

BleepingComputer • Feb 03, 2026

CRITICAL

Hackers exploit critical React Native Metro bug to breach dev systems

BleepingComputer • Feb 03, 2026

CRITICAL

Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant

SecurityWeek • Feb 03, 2026

CRITICAL

Critical React Native Vulnerability Exploited in the Wild

SecurityWeek • Feb 03, 2026

HIGH

USN-7995-1: OpenJDK 25 vulnerabilities

Ubuntu Security • Feb 02, 2026

HIGH

USN-7996-1: CRaC JDK 25 vulnerabilities

Ubuntu Security • Feb 02, 2026

HIGH

USN-7998-1: OpenJDK 17 vulnerabilities

Ubuntu Security • Feb 03, 2026

CRITICAL

Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack

CSO Online • Feb 03, 2026

HIGH

USN-8000-1: OpenJDK 8 vulnerabilities

Ubuntu Security • Feb 02, 2026

HIGH

USN-8001-1: OpenJDK 11 vulnerabilities

Ubuntu Security • Feb 02, 2026

HIGH

USN-8002-1: OpenJDK 21 vulnerabilities

Ubuntu Security • Feb 02, 2026

HIGH

USN-8003-1: CRaC JDK 21 vulnerabilities

Ubuntu Security • Feb 02, 2026

HIGH

RedHat Linux Kernel Multiple Vulnerabilities

HKCERT • Feb 03, 2026

CRITICAL

OpenSSL Multiple Vulnerabilities

HKCERT • Feb 03, 2026

HIGH

Chinese Hackers Hijack Notepad++ Updates for 6 Months

Dark Reading • Feb 02, 2026

HIGH

Notepad++ users take note: It's time to check if you're hacked

Ars Technica Security • Feb 02, 2026

HIGH

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

The Hacker News • Feb 02, 2026

HIGH

Notepad++ update feature hijacked by Chinese state hackers for months

BleepingComputer • Feb 02, 2026

CRITICAL

OpenClaw patches one-click RCE as security Whac-A-Mole continues

The Register Security • Feb 02, 2026

CRITICAL

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Rapid7 Research • Jan 30, 2026

CRITICAL

How state-sponsored attackers hijacked Notepad++ updates

Help Net Security • Feb 02, 2026

CRITICAL

Critical RCE bugs expose the n8n automation platform to host‑level compromise

CSO Online • Jan 29, 2026

CRITICAL

Ivanti patches two actively exploited critical vulnerabilities in EPMM

CSO Online • Jan 30, 2026

HIGH

175,000 Exposed Ollama Hosts Could Enable LLM Abuse

SecurityWeek • Jan 30, 2026

CRITICAL

GLSA 202601-01: inetutils: Remote Code Execution

Gentoo GLSA • Jan 26, 2026

HIGH

GLSA 202601-02: Vim, gVim: Multiple Vulnerabilities

Gentoo GLSA • Jan 26, 2026

CRITICAL

GLSA 202601-03: GIMP: Arbitrary Code Execution

Gentoo GLSA • Jan 26, 2026

CRITICAL

GLSA 202601-04: Asterisk: Multiple Vulnerabilities

Gentoo GLSA • Jan 26, 2026

CRITICAL

GLSA 202601-05: Commons-BeanUtils: Arbitary Code Execution

Gentoo GLSA • Jan 26, 2026

CRITICAL

VU#244846: Server-Side Template Injection (SSTI) vulnerability exist in Genshi

CERT/CC • Jan 20, 2026

HIGH

VU#818729: Safetica contains a kernel driver vulnerability

CERT/CC • Jan 20, 2026

CRITICAL

VU#458022: Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key

CERT/CC • Jan 20, 2026

HIGH

VU#102648: Code injection vulnerability in binary-parser library

CERT/CC • Jan 20, 2026

HIGH

AI Coding Assistants Secretly Copying All Code to China

Schneier on Security • Feb 02, 2026

HIGH

vr2jb: Pwning the PlayStation VR2 using Sony's hidden recovery mode

Reddit r/netsec • Feb 02, 2026

CRITICAL

Zoom Products Remote Code Execution Vulnerability

HKCERT • Jan 21, 2026

CRITICAL

VMWare Products Multiple Vulnerabilities

HKCERT • Jan 26, 2026

CRITICAL

Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers

Dark Reading • Jan 20, 2026

HIGH

Vulnerabilities Threaten to Break Chainlit AI Framework

Dark Reading • Jan 20, 2026

HIGH

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Dark Reading • Jan 21, 2026

CRITICAL

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

Dark Reading • Jan 23, 2026

CRITICAL

Another week, another emergency patch as Cisco plugs Unified Comms zero-day

The Register Security • Jan 22, 2026

CRITICAL

Ancient telnet bug happily hands out root to attackers

The Register Security • Jan 22, 2026

CRITICAL

Patch or die: VMware vCenter Server bug fixed in 2024 under attack today

The Register Security • Jan 23, 2026

CRITICAL

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

The Hacker News • Jan 22, 2026

CRITICAL

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

The Hacker News • Jan 23, 2026

HIGH

TP-Link Router Multiple Vulnerabilities

HKCERT • Jan 28, 2026

CRITICAL

Google Chrome Remote Code Execution Vulnerability

HKCERT • Jan 28, 2026

CRITICAL

Aruba Product Multiple Vulnerabilities

HKCERT • Jan 28, 2026

HIGH

SolarWinds Web Help Desk Multiple Vulnerabilities

HKCERT • Jan 30, 2026

CRITICAL

Microsoft Edge Remote Code Execution Vulnerability

HKCERT • Feb 02, 2026

HIGH

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

Google Project Zero • Jan 30, 2026

CRITICAL

Microsoft Rushes Emergency Patch for Office Zero-Day

Dark Reading • Jan 27, 2026

CRITICAL

Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest

Dark Reading • Jan 28, 2026

CRITICAL

Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk

Dark Reading • Jan 29, 2026

HIGH

Case study: Securing AI application supply chains

Microsoft Security Blog • Jan 30, 2026

CRITICAL

"Open sesame": Critical vulnerabilities in dormakaba physical access control system enable unlocking arbitrary doors

Reddit r/netsec • Jan 26, 2026

HIGH

Bypassing Windows Administrator Protection

Reddit r/netsec • Jan 26, 2026

HIGH

OpenSSL January 2026 Security Update: CMS and PKCS#12 Buffer Overflows

Reddit r/netsec • Jan 27, 2026

CRITICAL

CVE-2025-40551: SolarWinds WebHelpDesk RCE Deep-Dive and Indicators of Compromise

Reddit r/netsec • Jan 28, 2026

MEDIUM

Gakido - CRLF Injection

Reddit r/netsec • Jan 29, 2026

CRITICAL

Fun RCE in Command & Conquer: Generals

Reddit r/netsec • Jan 28, 2026

CRITICAL

How We Exploited Qodo: From a PR Comment to RCE and an AWS Admin Key - Leaked Twice

Reddit r/netsec • Jan 30, 2026

CRITICAL

1-Click RCE in OpenClaw/Moltbot/ClawdBot

Reddit r/netsec • Feb 01, 2026

HIGH

CVE-2020-36952: IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to ...

NIST NVD • Jan 26, 2026

HIGH

CVE-2026-1284: An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawin...

NIST NVD • Jan 26, 2026

HIGH

CVE-2026-1283: A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS e...

NIST NVD • Jan 26, 2026

MEDIUM

CVE-2026-1429: Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerabil...

NIST NVD • Jan 26, 2026

CRITICAL

Office zero-day exploited in the wild forces Microsoft OOB patch

The Register Security • Jan 27, 2026

CRITICAL

Fortinet unearths another critical bug as SSO accounts borked post-patch

The Register Security • Jan 28, 2026