YellowKey Bitlocker Bypass Mitigation

YellowKey is a zero-day physical attack vulnerability discovered in May 2026 that allows attackers with physical access to completely bypass BitLocker encryption on Windows 11 devices. This is a mitigation that modifies the Windows Recovery Environment to remove or disable the vulnerable...

PT-2026-30673

Name of the Vulnerable Software and Affected Versions Labcenter Electronics Proteus affected versions not specified Description A flaw exists in the parsing of PDSPRJ files due to insufficient validation of user-supplied data, leading to a type confusion condition. This allows remote attackers to...

CVE-2026-5276

creationtimestamp| type| source ---|---|--- 2026-03-31 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0385/ 2026-04-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260402 2026-04-02 17:00:00+00:00| seen|...

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center FMC Software. The vulnerability in question is CVE-2026-20131 CVSS score: 10.0, a case of insecure...

PT-2026-25917

🚨 CVE-2026-32295: JetKVM insufficient login rate l... KVM-over-IP devices with zero brute-force protection are basically screaming "pwn me" to every script kiddie with a wor... https://t.co/xBzcOcZWDZ netsec vulnerability CVE sysadmin zeroday...

Update your browser: Security fix for Chrome zero-days CVE 2026-3909 & CVE-2026-3910

News, Security Update your browser: Security fix for Chrome zero-days CVE 2026-3909 & CVE-2026-3910 Share March 14th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including two zero-day exploits CVE 2026-3909 and CVE-2026-3910. We recommend...

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group GTIG. The activity...

Update Chrome now: Zero-day bug allows code execution via malicious webpages

Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it...

Update your browser: Security fix for Chrome zero-day CVE-2026-2441

News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-2441 Share February 16th, 2026 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, Opera Neon, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2026-2441. We...

Apple patches zero-day flaw that could let attackers take control of devices

Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, and Safari, fixing, in particular, a zero-day flaw that is actively exploited in targeted attacks. Exploiting this zero-day flaw would allow cybercriminals to run any code they want on the affected device,...

PT-2026-7658

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 MSHTML affected versions not specified Description An OS command injection issue exists in XWEB Pro, allowing a user with network access to execute code remotely by injecting malicious input into the request...

PT-2026-6785

Name of the Vulnerable Software and Affected Versions Xmind affected versions not specified Description The software contains a flaw related to insufficient UI warnings when handling attachments. This could lead to remote code execution. There is no information about the number of potentially...

PT-2026-6803

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support versions prior to 25.3.2 BeyondTrust Privileged Remote Access versions prior to 25.1.1 Description BeyondTrust Remote Support and Privileged Remote Access contain a critical pre-authentication remote code execution...

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Overview On January 29, 2026, Ivanti disclosed two new critical vulnerabilities affecting Endpoint Manager Mobile EPMM: CVE-2026-1281 and CVE-2026-1340. The vendor has indicated that exploitation in the wild has already occurred prior to disclosure. This has been echoed by CISA who added...

Microsoft Office zero-day lets malicious documents slip past security checks

Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files. Microsoft pushed the emergency patch for the zero‑day, tracked as CVE-2026-21509, and classifie...

Microsoft releases update to address zero-day vulnerability in Microsoft Office

Microsoft has published three out-of-band OOB updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild. Additional OOB updates have been published to resolve operational...

ZeroDay vulnerability fixed in Microsoft Office

Microsoft has fixed a ZeroDay vulnerability in Microsoft Office. The vulnerability is in the way Microsoft Office handles untrusted input, which allows attackers to bypass security features locally. This can affect the integrity of security decisions made by the software. The reliance on untruste...

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced...

PT-2026-1990

Name of the Vulnerable Software and Affected Versions Foundation Agents MetaGPT affected versions not specified Description A flaw exists in the deserialize message function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation...

PT-2026-1994

Name of the Vulnerable Software and Affected Versions GPT Academic affected versions not specified Description A flaw exists that allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this issue. The vulnerability is...