Microsoft MSRC
CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling
Information published.
vulnerability
Security Radar
Page 1 of 10 · 1128 stories from the last 30 days across 14 trusted sources.
Actively exploited 12 actively exploited CVEs in current coverage
View all CVEs →- CVE-2025-8088
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
1storyEPSS 81% - CVE-2026-42271
CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 54% - CVE-2026-50751
CISA Adds Two Known Exploited Vulnerabilities to Catalog
1storyEPSS 41% - CVE-2026-0257
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
1storyEPSS 19% - CVE-2026-45498
CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability
1storyEPSS 3% - CVE-2026-20253
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
1storyEPSS 2%
Microsoft MSRC
CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
Information published.
vulnerability
Microsoft MSRC
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Information published.
vulnerability
Microsoft MSRC
CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
Information published.
vulnerability
Microsoft MSRC
CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read
Information published.
vulnerability
Microsoft MSRC
CVE-2026-53689
Information published.
vulnerability
Microsoft MSRC
CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin
Information published.
vulnerability
Microsoft MSRC
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
Information published.
vulnerability
Help Net Security
BlackFog brings shadow AI visibility to macOS endpoints with ADX Vision
BlackFog has announced the general availability of ADX Vision for macOS, extending its shadow AI detection, governance, and prevention platform to Apple endpoints. With this release, enterprises can now apply a single, consistent AI data-loss policy across Windows and macOS de...
microsoft
SANS Internet Storm Center
eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
I detected an interesting phishing email this morning. It targets a major Belgian bank:
phishing
BleepingComputer · Help Net Security2 stories
CISA warns Fortinet users to secure devices after FortiBleed leak
AICISA warns Fortinet users after ~74,000 firewall and VPN credentials were exposed in the "FortiBleed" leak by a Russian-speaking cybercriminal group.
data breach
Show all coverage
The Hacker News · BleepingComputer2 stories
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
AIApple patched a high-severity Beats Studio Buds flaw (CVE-2025-20701) enabling attackers in Bluetooth range to spy via the microphone.
vulnerability
EPSS 3%
Show all coverage
Help Net Security
Your browser tab could become encrypted storage for someone else’s files
Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine holding the data can read it. A research paper by Gregory Magarshak, a professor at IENYC, describes a system called Sa...
Help Net Security
Companies are discarding the logs they need to catch a breach
Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large enterprises found that half of organizations drop or never collect an average of 86 percent of their l...
data breach
Help Net Security
Asia-Pacific scam networks generate nearly $40 billion a year
Cybercrime is taking a larger share of criminal activity in Asia and the Pacific. More than half of surveyed jurisdictions reported that cybercrime accounts for over 30% of all crimes recorded nationally, according to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Ass...
Help Net Security
New infosec products of the week: June 19, 2026
Here’s a look at the most interesting products from the past week, featuring releases from ArmorCode, Barracuda Networks, Blue Planet, Flip, Fortinet, Legit Security, Tigera, and WitnessAI. Fortinet FortiSOC unifies SIEM, SOAR, threat intelligence, and AI in one platform Forti...
Microsoft Security
AutoJack: How a single page can RCE the host running your AI agent
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter handling, attackers can trigger arbitrary...
vulnerability
BleepingComputer
Gentlemen ransomware uses multiple EDR killers to disable defenses
The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. [...]
ransomware
Dark Reading
Novo Nordisk Breach Exposes Software Development Pipeline Risk
A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.
data breach
Microsoft Security
New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI
New Forrester Total Economic Impact™ study shows Microsoft Security consolidation delivers ROI, lowers risk, and prepares organizations to secure AI. The post New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI appeared first on Micr...
microsoft