News Claude Code CVE-2026-39861: symlink-assisted sandbox escape fixed May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment A GitHub advisory for CVE-2026-39861 details a symlink-based sandbox escape in Claude Code, now fixed. A separate CVE in jotty.page (CVE-2026-42564) addresses an unauthenticated path traversal fixed in 1.22.0. Read more » Claude Code cve Path Traversal Sandbox Security advisory Symlink
News CVE-2026-26956: vm2 sandbox escape in 3.10.4 enables host code execution, patch available May 7, 2026 / May 7, 2026 by Alex Mira | Leave a Comment CVE-2026-26956 allows a vm2 sandbox escape in version 3.10.4, enabling host code execution under specific Node.js 25 settings. NVD says it’s patched in 3.10.5. Read more » cve JavaScript security Node.js Sandbox vm2 vulnerability WebAssembly
News Security Critical cPanel Vulnerability CVE-2026-41940 Actively Exploited: What Website Owners and Hosting Providers Need to Know May 4, 2026 / May 4, 2026 by Corentin C | Leave a Comment CVE-2026-41940 is a critical cPanel and WHM authentication bypass vulnerability actively exploited in the wild. Learn who is affected, what attackers can do, and how to patch. Read more » cpanel cve cve-2026-41940 security vulnerability web hosting
News Security CVE-2026-31431 (“Copy Fail”): What You Need to Know April 30, 2026 / May 7, 2026 by Corentin C | Leave a Comment CVE-2026-31431 (“Copy Fail”) is a high-severity Linux kernel vulnerability enabling local privilege escalation and container escape. Learn its impact and how to patch or mitigate it effectively. Read more » cve CVE-2026-31431 kernel linux security
Microsoft Security Windows Microsoft May 2025 Patch Tuesday – Overview and Analysis May 14, 2025 / May 14, 2025 by Corentin C | Leave a Comment Microsoft's May 2025 Patch Tuesday delivers crucial security updates for 71 vulnerabilities, including five zero-days actively exploited in the wild. This month’s patch spans across major products like Windows, Azure, and Visual Studio, strengthening defenses against Remote Code Execution (RCE) and Elevation of Privilege (EoP) vulnerabilities. Read more » cve security update windows
Microsoft Security Windows Microsoft’s April 2025 Patch Tuesday: 121 Vulnerabilities Patched, Including One Zero-Day Exploited in the Wild April 9, 2025 / April 9, 2025 by Corentin C | Leave a Comment Microsoft's April 2025 Patch Tuesday addresses 121 vulnerabilities, including a zero-day actively exploited. Critical RDP and LDAP flaws highlight the urgency of this month's security updates. Read more » april 2025 cve ldap patch tuesday rdp security sharepoint windows
News Security OpenSSH Vulnerabilities: CVE-2025-26465 and CVE-2025-26466 February 21, 2025 by Corentin C | Leave a Comment Two critical OpenSSH vulnerabilities have been discovered: a MitM attack (CVE-2025-26465) and a DoS attack (CVE-2025-26466). Learn how to protect your systems with recommended security measures. Read more » cve dos mitm openssh qualys ssh
Apple News Security Apple Releases Security Fixes in iOS 18.3.1 and iPadOS 18.3.1 February 19, 2025 / February 25, 2025 by Corentin C | Leave a Comment Apple’s latest iOS 18.3.1 and iPadOS 18.3.1 updates fix a critical security flaw that could allow attackers to bypass USB Restricted Mode on locked devices. This vulnerability (CVE-2025-24200) has been exploited in targeted attacks. Learn why this update matters and how to secure your device. Read more » apple cve ios security
Security Windows Critical Windows Vulnerability – PoC for CVE-2024-43452 Now Available January 9, 2025 / January 9, 2025 by Corentin C | Leave a Comment A new PoC exploit for CVE-2024-43452 affects Windows 11 23H2, allowing attackers to escalate privileges to SYSTEM level through malicious SMB responses. This flaw, discovered by Google Project Zero, exposes serious risks, and Microsoft has already addressed it in the November 2024 updates. Apply the patch immediately and follow best practices to secure your systems. Read more » cve elevation poc security windows
News Security High-Severity Vulnerability Found in Dell SupportAssist: CVE-2024-52535 January 8, 2025 / January 8, 2025 by Corentin C | Leave a Comment A newly disclosed vulnerability, CVE-2024-52535, in Dell SupportAssist could allow attackers to escalate privileges and delete critical files. Affecting both Home and Business PC versions, this high-severity flaw highlights the importance of updating to the latest software versions. Find out how to mitigate this risk effectively. Read more » cve dell security
