GitHub rushed to fix a critical vulnerability in less than six hours

GitHub’s engineering team developed a fix and deployed it just over an hour after identifying the root cause, protecting both ...
SecurityWeek

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical-severity authentication bypass vulnerability in cPanel & WHM has been exploited as a zero-day since February 2026.

Update Linux Now As 9-Year-Old Root Hack Confirmed, CISA Warns Users

The Cybersecurity and Infrastructure Security Agency has warned users to update their Linux systems following the discovery ...
SecurityWeek

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

Hackers rushed to target a critical LiteLLM SQL injection flaw to steal keys, credentials, and environment-variable ...

YubiKey Manager: Security vulnerability allows execution of injected code

Yubico warns of a search path vulnerability in YubiKey Manager, libfido2 and python-fido2. Updates fix the bugs.

AI tools have made vulnerability exploitation faster and easier

“That world no longer exists”: AI has terminated the "grace period" for closing security vulnerabilities, here's what you ...
Windows Report

CISA Orders Urgent Patch for Actively Exploited Windows Shell Vulnerability

CISA orders urgent patching of a Windows Shell flaw actively exploited in zero-click attacks. Federal agencies must update by ...
InfoQ

Microsoft Patches Critical ASP.NET Core Vulnerability with 9.9 Severity Score

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
PC World

High-risk Office security flaw: Microsoft issues emergency updates

PCWorld reports that Microsoft issued emergency updates for a critical zero-day vulnerability (CVE-2026-21509) in Office that attackers exploited against Ukrainian authorities and EU institutions. The ...
Executive Gov

NIST Revamps Vulnerability Database Prioritization to Manage CVE Surge

The National Institute of Standards and Technology has implemented changes to how it processes cybersecurity vulnerabilities and exposures, or CVEs, in its National Vulnerability Database, or NVD, ...