Cisco Secure Workload Gets the Full CVSS 10.0 Treatment Cisco has patched a critical CVSS 10.0 vulnerability affecting Secure Workload environments. The flaw could allow unauthenticated remote attackers to compromise affected systems completely. Cisco confirmed the issue impacts certain management components and urged organisations to apply updates immediately. The vulnerability highlights the continued risks associated […]

Drupal SQL Injection Bug Reminds Everyone It’s Still 2008 Somewhere An actively exploited SQL injection vulnerability has been identified in Drupal Core. The flaw could allow attackers to execute malicious database queries, potentially resulting in data exposure, authentication bypass, or remote code execution under certain conditions. Researchers have confirmed exploitation attempts in the wild, and […]

LiteSpeed Plugin Flaw Gives Hosting Admins Another Headache A critical vulnerability (CVE-2026-48172) has been identified in a LiteSpeed cPanel plugin, potentially allowing attackers to compromise hosting environments remotely. The flaw impacts systems running vulnerable plugin versions and could lead to unauthorised access or server compromise. Hosting providers and administrators are strongly advised to apply patches […]

“Trapdoor” Shows Why Trusted Software Isn’t Always Trustworthy Researchers have uncovered a supply chain malware campaign named “Trapdoor”, where attackers compromised trusted software distribution channels to deliver malicious payloads to downstream users. The attack leveraged legitimate update mechanisms and trusted software packages, making detection significantly more difficult. Once installed, the malware enabled remote access, persistence, […]

Lazarus Deploys RemotePE Malware North Korean threat group Lazarus has deployed a memory-only malware framework named RemotePE in recent campaigns. The malware executes payloads directly in memory, reducing forensic visibility and bypassing traditional security controls. Researchers believe the campaign targets organisations for espionage and credential theft. The use of fileless malware techniques continues to increase […]

Linux’s “Copy Fail” Shows Old Bugs Never Truly Die Researchers disclosed a nine-year-old Linux kernel vulnerability nicknamed “Copy Fail” (CVE-2026-31431), enabling local privilege escalation to root. The flaw impacts the Linux kernel cryptographic subsystem and has already been observed in active exploitation. Several major Linux distributions are affected, including Ubuntu, RHEL, and Amazon Linux. Public […]

SharePoint Servers Once Again Having a Rough Week Microsoft has patched a remote code execution vulnerability affecting SharePoint Server. The flaw could allow attackers to execute arbitrary code remotely under certain conditions, potentially leading to server compromise. The issue primarily affects on-premise SharePoint deployments and highlights continued risks facing legacy collaboration infrastructure. Microsoft has released […]

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities Microsoft has disclosed two actively exploited vulnerabilities affecting Microsoft Defender components. The flaws include a privilege escalation vulnerability (CVE-2026-41091) and a denial-of-service issue (CVE-2026-45498). Attackers could potentially gain SYSTEM-level privileges or disrupt Defender operations. Both vulnerabilities affect older versions of the Malware Protection Engine and Defender Antimalware […]