JSP webshells being dropped on unpatched PTC Windchill instances
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle managem...
20 articles
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle managem...
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-pl...
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat int...
A newly disclosed high-severity vulnerability in Splunk Secure Gateway (SSG) allows low-privileged authenticated users to achieve remote code execution (RCE)...
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48558 SimpleHel...
A critical security vulnerability, identified as CVE-2026-50160, has been discovered in the self-hosted Hoppscotch backend. This vulnerability allows unauthe...
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, to compromise interne...
A critical vulnerability has been identified in Google’s Gemini CLI and the associated run-gemini-cli GitHub Action. This flaw exposes headless continuous in...
A newly disclosed remote code execution (RCE) vulnerability in Microsoft 365 Apps is raising concerns in enterprise environments. Attackers can exploit malic...
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption...
A newly disclosed flaw in the Linux kernel’s traffic-control subsystem, now assigned CVE-2026-46331 and referred to as “Pedit COW,” has been found to grant a...
DirtyClone: a Linux kernel privilege escalation that silently rewrites executables in memory, leaving no disk trace. Patch now.
A critical Local Privilege Escalation flaw has been uncovered within the Linux kernel, allowing unprivileged local users to seamlessly gain root access by ma...
A critical security flaw discovered in the Amazon Q Developer Extension for Visual Studio Code (VS Code) left developers vulnerable to arbitrary code executi...
Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizatio...
The vulnerability, tracked as CVE-2026-12957, allowed attackers to execute arbitrary commands by embedding malicious code in workspace configuration files.
The update includes fixes for issues discovered through AI-assisted analysis, with AISLE identifying six CVEs, including the oldest known bug, CVE-2026-8932,...
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer...
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW,...
Analysis of CVE-2024-2658 as found in Schneider Electric's Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially allows att...