Alerts

Alerts

Chaotic Eclipse Releases MiniPlasma — A Five-Year-Old Windows Zero-Day That Still Grants SYSTEM Privileges on Fully Patched Systems

Chaotic Eclipse has released a third wave of Windows zero-day disclosures, publishing a proof-of-concept for a privilege escalation vulnerability codenamed MiniPlasma that grants SYSTEM privileges on fully patched Windows systems — including those running the latest May 2026 updates. The flaw resides in cldflt.sys, the Windows Cloud Files Mini Filter

Alerts

Chaotic Eclipse Returns With Two More Windows Zero-Days — BitLocker Bypass YellowKey and CTFMON Privilege Escalation GreenPlasma

The anonymous security researcher known as Chaotic Eclipse — responsible for the BlueHammer, RedSun, and UnDefend Microsoft Defender zero-days that ZDW covered last month — has returned with two additional Windows zero-days, escalating an increasingly public confrontation with Microsoft over vulnerability disclosure handling. The first vulnerability, codenamed YellowKey, is a BitLocker bypass

Alerts

SAP Patches Critical Code Injection Flaws in S/4HANA and Commerce Cloud

SAP has released 15 security notes as part of its May 2026 Security Patch Day, including fixes for two critical vulnerabilities carrying CVSS scores of 9.6 in S/4HANA and Commerce Cloud. The S/4HANA flaw, tracked as CVE-2026-34260, is an SQL injection caused by missing input validation and

Alerts

Critical MetInfo and Weaver E-cology Flaws Under Active Exploitation — Unauthenticated RCE Targeting Chinese Enterprise Infrastructure

Two critical vulnerabilities in widely deployed Chinese enterprise software are under active exploitation, with threat actors leveraging unauthenticated remote code execution flaws in MetInfo CMS and Weaver E-cology to compromise servers without requiring any credentials. CVE-2026-29014 (CVSS 9.8) affects MetInfo, a PHP and MySQL-based enterprise content management system popular

Alerts

Critical GitHub RCE Vulnerability Exposed Millions of Public and Private Repositories to Backend Server Compromise (CVE-2026-3854)

Wiz researchers have disclosed a critical remote code execution vulnerability in GitHub's internal Git infrastructure that exposed millions of repositories across both GitHub.com and GitHub Enterprise Server. Tracked as CVE-2026-3854, the flaw allowed any authenticated user to execute arbitrary commands on GitHub's backend servers using

Alerts

Microsoft Defender Zero-Day Exploited in the Wild — BlueHammer Attack Chain Extracts SAM Hashes and Kills Defender via Race Condition

A privilege escalation vulnerability in Microsoft Defender is under active exploitation using publicly available proof-of-concept code, with Huntress confirming attacks began on April 10 — four days before Microsoft released a patch. CISA added the flaw to its Known Exploited Vulnerabilities catalog on Wednesday, setting a May 6 federal patching deadline.

Alerts

Critical Cohere AI Terrarium Sandbox Escape Allows Root Code Execution via JavaScript Prototype Chain Traversal (CVE-2026-5752)

A critical sandbox escape vulnerability has been disclosed in Terrarium, an open-source Python sandbox developed by Cohere AI for running untrusted code in Docker-deployed containers. Tracked as CVE-2026-5752 with a CVSS score of 9.3, the flaw allows attackers to break out of the sandbox and execute arbitrary system commands

Alerts

Microsoft Issues Emergency Patch for Critical ASP.NET Core Flaw Allowing SYSTEM Privilege Escalation via Forged Auth Cookies

Microsoft has pushed an emergency out-of-band security update to address CVE-2026-40372, a critical privilege escalation vulnerability in ASP.NET Core's Data Protection cryptographic APIs that allows unauthenticated attackers to forge authentication cookies and gain SYSTEM-level access on affected systems. The flaw originated from a regression introduced in the

Alerts

CISA Adds Eight Exploited Vulnerabilities to KEV Catalog Including Three Cisco SD-WAN Manager Flaws and Quest KACE CVSS 10.0

CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog on Monday, setting aggressive federal patching deadlines after confirming active exploitation across a range of enterprise products. Three of the flaws target Cisco Catalyst SD-WAN Manager, while the remaining five affect Quest KACE, PaperCut, JetBrains TeamCity, Kentico Xperience, and

Alerts

CISA Orders Emergency Patch for Actively Exploited Citrix NetScaler Flaw Resembling CitrixBleed (CVE-2026-3055)

CISA has issued an emergency patching directive for a critical Citrix NetScaler vulnerability that is already being exploited in the wild to hijack administrator sessions on exposed appliances. The agency added CVE-2026-3055 to its Known Exploited Vulnerabilities catalog on Monday and ordered all Federal Civilian Executive Branch agencies to secure

Alerts

Quest KACE CVSS 10.0 Authentication Bypass Exploited to Hijack Admin Accounts and Target Backup Infrastructure

Arctic Wolf observes active exploitation of CVE-2025-32975 in Quest KACE SMA — a maximum-severity authentication bypass enabling full admin takeover, Mimikatz credential harvesting, and RDP access to Veeam and Veritas backup systems.

Alerts

CISA Adds SolarWinds, Ivanti, and Workspace One Flaws to KEV Catalog — SolarWinds Linked to Warlock Ransomware Activity

CISA has added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — a critical SolarWinds deserialization flaw linked to Warlock ransomware operations, an Ivanti Endpoint Manager authentication bypass, and a long-standing Workspace One SSRF vulnerability now being weaponized in coordinated campaigns. Federal agencies face an accelerated two-day deadline for