Vulnerability Management
Tech Giants Unveil AI-Powered Project to Fortify Software Defenses
Major tech players have joined forces to launch Project Glasswing, an AI-powered initiative that uses machine learning to identify and patch critical software vulnerabilities before malicious actors can exploit them. This game-changing project aims to stay one step ahead of attackers by harnessing the same AI technology that can be used for defense - and turning it into a powerful force for good.
Hackers Exploit Flaw in Ninja Forms WordPress Plugin
A critical vulnerability in the Ninja Forms File Uploads premium WordPress plugin allows hackers to upload malicious files and execute code on your server - putting your entire site at risk. This flaw lets unauthenticated users wreak havoc, making it essential to take immediate action to protect your online presence.
Flowise RCE vulnerability exploited in attacks
Hackers are actively exploiting a critical vulnerability in Flowise, a popular open-source AI tool, that allows them to take control of systems designed to run code - a fundamental flaw that raises serious questions about securing AI-powered applications. This maximum-severity flaw, tracked as CVE-2025-59528, has left developers, organizations, and regulators scrambling for answers.
GPU Rowhammer Flaw Enables System Compromise via Memory Corruption
Researchers have uncovered a chilling new threat: GPUBreach, a flaw that uses GPU Rowhammer to corrupt memory, granting hackers a backdoor to escalate privileges and take control of your entire system. This sneaky attack exploits GDDR6 memory, flipping bits and paving the way for a complete system compromise.
Docker Flaw Exposes Hosts to Unauthorized Access
A recent security patch meant to tighten up Docker Engine's defenses has left a gaping hole, exposing hosts to unauthorized access - and it's up to you to make sure you're not the one who gets exploited. A high-severity flaw, tracked as CVE-2026-34040, allows attackers to bypass authorization plugins and potentially gain access to your host.
Fortinet Rushes Patch for Exploited FortiClient EMS Vulnerability
Fortinet has rushed out an emergency patch for a zero-day vulnerability in its FortiClient EMS product, which was being exploited by attackers before the fix was even available. This swift response aims to protect businesses from potential security breaches through its endpoint security clients.
CUPS Flaws Expose Linux, Unix Systems to Remote Code Execution
A harmless printing service? Think again! Two flaws in the Common UNIX Printing System can be exploited by an unauthenticated attacker to execute code remotely and overwrite files as root, turning a routine print stack into a potential entry point for intruders.
Windows Zero-Day Exploit Leaked, Enables Instant Admin Access
A disgruntled researcher has leaked working exploit code for a previously unknown Windows vulnerability, dubbed BlueHammer, allowing attackers to instantly gain administrator access to any system. This alarming development comes after the researcher privately submitted the flaw to Microsoft, which had not yet patched the vulnerability.
Fortinet EMS Flaw Exploited in Wild, CISA Warns
Fortinet has urgently patched a critical flaw in its FortiClient Enterprise Management Server (EMS) after confirming it was being exploited in the wild, sparking a dilemma for organizations: patch now and risk disruption, or wait and risk a potentially devastating cyberattack. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities list, underscoring the need for swift action.
Microsoft Deprecates Support Tool in Windows Updates
Microsoft just pulled the plug on the Support and Recovery Assistant (SaRA) command-line utility, a trusted tool for diagnosing and repairing Windows systems, from all supported Windows updates as of March 10. This small change could have big operational consequences for users relying on this tool.
CISA Mandates Patching of Exploited Fortinet Flaw by Friday
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to act fast - by this Friday, they must patch a vulnerable Fortinet flaw that's already being exploited by hackers. Don't wait: secure your FortiClient Enterprise Management Server instances now to stay protected.
Google Accelerates Post-Quantum Cryptography Migration
Google just made a bold move towards a more secure future, announcing plans to fully transition to post-quantum cryptography by 2029 - but what does this mean for your security planning today? This forward-thinking shift is a great step towards crypto-agility, and experts are already weighing in on its potential impact.
Fortinet Rushes Patch for Exploited EMS Flaw
When the very tool designed to safeguard your network becomes a vulnerability, swift action is crucial - and that's exactly what Fortinet took by issuing an emergency security update over a weekend to patch a critical flaw in FortiClient Enterprise Management Server (EMS) that's being actively exploited by attackers. This out-of-the-usual-cycle patch underscores the urgency to protect your organization from prolonged exposure to potential threats.
Fortinet Fixes Exploited Flaw in FortiClient EMS Software
Fortinet has urgently patched a critical vulnerability in its FortiClient EMS software, which had already been exploited in the wild, to prevent further security breaches. The flaw, tracked as CVE-2026-35616, allows for pre-authentication API access bypass and privilege escalation, posing a significant threat to endpoint security.
Bugs Chain Into Massive Backdoors, Threats Multiply
When small flaws are linked together, they can create massive backdoors - and the latest ThreatsDay Bulletin is sounding the alarm on this rapidly escalating threat landscape. The result? A multiplying list of active problems demanding attention now.
Progress ShareFile Flaws Enable Pre-Auth RCE Attacks
When the tool designed to safeguard confidential documents becomes a vulnerability, data theft can occur without a single login credential. Progress ShareFile's two chained flaws allow for pre-authentication remote code execution attacks, putting sensitive files at risk of unauthorized exfiltration.
Report Exposes Open Source Vulnerability Trends
A new report, The State of Trusted Open Source, reveals eye-opening trends on open source vulnerability, shedding light on what teams consume and how those choices impact build artifacts and libraries. By analyzing real product data, it provides crucial insights into the open source components developers use every day.
Cisco Patches Authentication Bypass in Integrated Management Controller
Cisco just patched a critical vulnerability in its Integrated Management Controller that lets attackers bypass authentication and gain Admin access - essentially, walk right past the lock on the network's control panel. This fix is a must-have for any Cisco IMC users looking to keep their network secure.
Unified Platforms Fortify Recovery Against Ransomware, AI Threats
As ransomware attacks intensify and AI-powered threats accelerate, consolidating infrastructure and automating recovery can be a game-changer for organizations, enhancing safety while slashing costs. By fortifying defenses with unified platforms, IT leaders and senior managers can meaningfully reduce risk and stay ahead of evolving cyber threats.
Qodo Raises $70M to Mitigate AI Code Risks with Governance Platform
As businesses increasingly turn to AI to generate production code, a pressing question emerges: who will be accountable when machines write the software that runs our critical systems? With AI-generated code comes a new set of risks - bugs, security threats, and noncompliance - that governance gaps must address to ensure speed and scale don't compromise safety and reliability.
AI Revamps SAST to Cut Noise, Boost AppSec Effectiveness
Tired of static application security testing (SAST) screaming false alarms, only to be ignored by your team? AI is revolutionizing SAST by cutting through the noise, helping you focus on real threats and making application security more effective.
LLMs Introduce New Vectors for Cyber Threats
Imagine a chatbot designed to streamline your workflow secretly leaking confidential information - a frightening possibility that's no longer just hypothetical. As large language models are rapidly integrated into everyday tools, a new wave of hidden vulnerabilities is emerging, threatening to turn convenience into a security nightmare.
Google Chrome Zero-Day Flaw CVE-2026-5281 Under Active Exploitation
Google just patched a zero-day vulnerability in Chrome (CVE-2026-5281) that's already being exploited in the wild, so it's crucial to update your browser ASAP to avoid potential risks. This urgent patch is a stark reminder that even secure software can become a target overnight.
Anthropic Confirms Claude Code Source Leaked via npm Error
A recent mishap at Anthropic led to the public leak of internal code for its AI coding assistant, Claude Code, due to a simple human error during the npm packaging process. Fortunately, the company confirmed that no sensitive customer data was exposed, and swift action can mitigate the impact of this isolated incident.