News ScadaBR 1.2.0 flagged by CISA for four serious flaws (CVE-2026-8602 through CVE-2026-8605) May 21, 2026 / May 21, 2026 by Alex Mira | Leave a Comment CISA warns that ScadaBR 1.2.0 contains four vulnerabilities (CVE-2026-8602 to CVE-2026-8605) that could enable unauthenticated RCE, data injection, CSRF abuse, and admin access via hard-coded credentials. Read more » CISA advisory cve Industrial control systems Remote code execution SCADA security ScadaBR
News Microsoft Defender CVEs: CVE-2026-41091 (local privilege escalation) and CVE-2026-45498 (denial of service) May 21, 2026 / May 21, 2026 by Alex Mira | Leave a Comment Two Microsoft Defender flaws—CVE-2026-41091 (local privilege escalation via link following) and CVE-2026-45498 (denial of service)—are now listed in NVD and MSRC. Here’s what’s confirmed, what remains unclear, and where to find official guidance. Read more » CVE-2026-41091 CVE-2026-45498 Endpoint security Microsoft Defender Vulnerability Management Windows security
News Pwn2Own Berlin 2026 day two: Exchange, Windows 11, and AI tooling fall to fresh zero-days May 17, 2026 / May 17, 2026 by Alex Mira | Leave a Comment Pwn2Own Berlin 2026 day two delivered 15 new zero-days—spanning Microsoft Exchange, Windows 11, RHEL Workstations, NVIDIA Container Toolkit, and AI coding agents—triggering $385,750 in awards and setting up a busy patch cycle. Read more » AI security Microsoft Exchange NVIDIA Container Toolkit Pwn2Own Red Hat Enterprise Linux Windows 11 Zero-day
News CVE-2026-42897: Exchange Server XSS exploited against Outlook on the web — mitigation via EEMS May 15, 2026 / May 15, 2026 by Alex Mira | Leave a Comment CVE-2026-42897 is an actively exploited XSS spoofing flaw in Microsoft Exchange Server targeting Outlook on the web. No patch yet—enable Exchange Emergency Mitigation Service (EEMS) and monitor Microsoft’s advisories. Read more » CVE-2026-42897 EEMS Microsoft Exchange OWA Security advisory XSS
News CVE-2026-43500: Linux rxrpc shared‑fragment bug tied to “Dirty Frag” page‑cache writes May 14, 2026 / May 14, 2026 by Alex Mira | Leave a Comment CVE-2026-43500 fixes a Linux rxrpc flaw in how shared packet fragments are handled. It’s linked to the “Dirty Frag” chain enabling page‑cache writes and local root. Update kernels promptly. Read more » CVE-2026-43500 Dirty Frag Linux kernel Privilege escalation rxrpc Security updates vulnerability
News SAP patches critical Commerce Cloud RCE and S/4HANA SQL injection (CVE-2026-34263, CVE-2026-34260) May 14, 2026 / May 14, 2026 by Alex Mira | Leave a Comment SAP’s May 2026 updates fix two critical issues: unauthenticated RCE in Commerce Cloud (CVE-2026-34263) and authenticated SQL injection in S/4HANA Enterprise Search (CVE-2026-34260). Read more » CVE-2026-34260 CVE-2026-34263 S/4HANA SAP SAP Commerce Cloud Security updates Vulnerabilities
News CVE-2026-42945: NGINX rewrite-module bug tied to PCRE captures and “?” in replacements May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment CVE-2026-42945 affects NGINX’s rewrite module under specific PCRE capture and replacement patterns, causing a heap overflow and worker restarts; code execution may be possible if ASLR is disabled. Version and patch details are not yet clear. Read more » CVE-2026-42945 NGINX PCRE Reverse Proxy Security advisory vulnerability Web Security
News Claude Code CVE-2026-39861: symlink-assisted sandbox escape fixed May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment A GitHub advisory for CVE-2026-39861 details a symlink-based sandbox escape in Claude Code, now fixed. A separate CVE in jotty.page (CVE-2026-42564) addresses an unauthenticated path traversal fixed in 1.22.0. Read more » Claude Code cve Path Traversal Sandbox Security advisory Symlink
News CVE-2026-43284: Linux fixes an ESP decryption flaw tied to “Dirty Frag” reports May 11, 2026 / May 11, 2026 by Alex Mira | Leave a Comment Linux has patched CVE-2026-43284 in the xfrm/ESP input path to avoid unsafe in-place decryption on shared fragments. Media link it to the “Dirty Frag” LPE chain, but only parts are confirmed. Here’s what’s known and what to do next. Read more » CVE-2026-43284 ESP IPsec kernel linux security vulnerability
News Ivanti EPMM updates address multiple flaws (CVE-2026-5786/5787/5788/6973/7821) May 10, 2026 / May 10, 2026 by Alex Mira | Leave a Comment Ivanti’s May 2026 advisory fixes five EPMM flaws spanning access control, certificate validation, and admin-level RCE prerequisites. Here’s what’s confirmed and what to do now. Read more » Access control Certificate validation CVE-2026-5786 EPMM Ivanti Security advisory Vulnerabilities
