Update Chrome: Google patches actively exploited vulnerability and 73 others

Google has issued updates for the Chrome browser, patching a number of high‑severity vulnerabilities. The update includes fixes for 74 vulnerabilities, including one that is being actively exploited in the wild. The stable channel has been updated to 149.0.7827.102/.103 for Windows/Mac, and...

EUVD-2026-34858

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

CVE-2026-7473 Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills

AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chai...

May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

Linux Distros Unpatched Vulnerability : CVE-2024-0744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects...

Exploit for Link Following in Microsoft

Microsoft Defender Vulnerability Scanner 🛡️ CVE-2026-41091...

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Astra Linux - уязвимость в firefox

In some cases, JIT-compiled code might have dereferenced a wild pointer value. This could lead to a exploitable crash. This vulnerability affects Firefox versions earlier than 122...

Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution

This module exploits CVE-2023-7102, an arbitrary code execution vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the Amavis scanner processes Excel attachments using the Perl Spreadsheet::ParseExcel library. The library's Utility.pm contains an...

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 CVSS score: 8.1, has been described as a spoofing bug stemming from a cross-site scriptin...

PT-2026-41417

Claude Mythos Preview case studies also, read your transcripts! https://t.co/drNlAH5mLE "Mythos demonstrates its bug reproduction and exploitation capabilities on CVE-2024-051912, an in-the-wild exploited bug that has no public report nor a working PoC whatsoever in the public domain. This bug ha...

PT-2026-39534

Critical cPanel vulnerabilities CVE-2026-41940, CVE-2026-41941, CVE-2026-41942 exploited in the wild. Update your servers immediately to protect against unauthorized access. Link: https://t.co/BvY5rEh9wr cPanel Cybersecurity Vulnerabilities Exploits Patching Servers Security Infosec Malware Threa...

Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this...

Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild

Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution RCE with root privileges...

PT-2026-46983

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms where tunnel decapsulation configurations such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface are present, the switch...

Astra Linux – Vulnerability in Firefox

An unexpected message in the WebGPU IPC framework could lead to a use-after-free error and an exploitable sandbox escape. There have been reports of attacks exploiting this flaw in real-world scenarios. This vulnerability affects Firefox versions earlier than 97.0.2, Firefox ESR versions earlier...

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability

April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...

Patch Tuesday - April 2026

Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation...

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass...