Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access ...

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE ...

Cisa has added six CVEs to its Kev catalogue this week, including newly-disclosed issues in Google Chromium and Dell ...

Threat actors began targeting a recently patched BeyondTrust vulnerability shortly after a proof-of-concept (PoC) exploit was released.

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws ...

Microsoft confirms CVE-2026-20841, a Remote Code Execution flaw in Windows 11 Notepad via Markdown links. Patch now rolling out.

CERT-In warns of a high-risk Chrome vulnerability on Windows, macOS and Linux. Update Chrome now to prevent system compromise ...

It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication ...

CERT-In has issued a high-severity alert for Google Chrome desktop users, warning of a vulnerability that could allow remote ...

Microsoft has confirmed that hackers are actively exploiting multiple critical 'zero-day' vulnerabilities affecting its ...

The campaign exploits an Office vulnerability to deliver the modular XWorm RAT, chaining HTA, PowerShell, and in-memory .NET execution to sidestep detection and expand post-compromise control.