EUVD-2026-30765

SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...

Analysis of active exploitation of SolarWinds Web Help Desk

The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...

Linux Distros Unpatched Vulnerability : CVE-2019-14511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet unless filtered by a firewall or...

SUSE CVE-2019-14511

Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only...

Authentication flaw

Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only...