(773) 417-9994Free consultation
← All articles

CVE

12 articles

CVEAILLMpost-exploitation

CVE-2026-39987: An AI Agent Hacked a Database in Under an Hour

An attacker exploited a Marimo notebook, let an LLM agent do the post-exploitation, and it dumped an entire PostgreSQL database in 4 pivots. This is the first documented LLM-agent intrusion in the wild.

May 29, 2026
CVEPalo AltoVPNCISA KEV

CVE-2026-0257: Palo Alto GlobalProtect Auth Bypass Now on CISA's Hit List

CISA just added this Palo Alto GlobalProtect vulnerability to the Known Exploited Vulnerabilities catalog. If your VPN runs on PAN-OS, your remote workers might not be the only ones connecting.

May 28, 2026
CVEGitHubSSRFinfrastructure

CVE-2026-9312: GitHub Enterprise Server Has an SSRF. Yes, That GitHub.

An unauthenticated attacker can reach internal services and steal credentials through GitHub Enterprise Server. If GitHub can ship an SSRF, what's hiding in your infrastructure?

May 28, 2026
supply chainCVEsecurity operations

Stop Auto-Updating Everything. Seriously.

The biggest supply chain attack in npm history just happened. 160+ packages compromised. If you had auto-updates on, you swallowed the poison automatically. Here's what to do instead.

May 28, 2026
CVEGiteacontainersaccess control

CVE-2026-27771: Your 'Private' Container Images Were Never Private. For Four Years.

Gitea's container registry had a critical access control flaw that let anyone pull 'private' images without authentication. It went undetected for nearly four years. 30,000 deployments affected.

May 27, 2026
CVEAIFastAPIauthentication bypass

CVE-2026-48710 (BadHost): One Character Breaks Your Entire AI Stack

A single slash in the HTTP Host header bypasses authentication on FastAPI, vLLM, MCP servers, and basically every Python AI service. 325 million downloads per week affected.

May 26, 2026
CVEUniFinetwork security

CVE-2026-34908: Your UniFi Router Is Wide Open

Three CVSS 10.0 vulnerabilities in Ubiquiti UniFi OS. 100,000 exposed devices. No authentication required. If you run UniFi gear, patch right now.

May 23, 2026
supply chainVSCodeCVE

Your Code Editor Just Became a Backdoor. Here's What Happened.

A poisoned VS Code extension breached GitHub's internal repos. 3,800 repositories. 18 minutes. If you install extensions without thinking, you need to read this.

May 21, 2026
CVEMicrosoftExchangezero-day

CVE-2026-42897: Microsoft Exchange Zero-Day Is Being Exploited Right Now

A crafted email is all it takes. Open it in Outlook Web Access and an attacker runs JavaScript in your browser. No patch yet. Here's what to do if you run Exchange on-prem.

May 15, 2026
CVEfirewallPalo Altonetwork security

CVE-2026-0300: Your Firewall Is the Vulnerability

Palo Alto firewalls are being exploited for root-level code execution. SonicWall and Fortinet are getting hit too. 56% of compromised networks trace back to a firewall. The irony is painful.

May 7, 2026
CVECiscoWebex

CVE-2026-20184: Anyone Can Impersonate Anyone on Cisco Webex

CVSS 9.8. No authentication required. An attacker can impersonate any user in your Webex org, access meetings, files, and conversations. Here's what you need to know.

Apr 19, 2026
CVEZoomRCEcollaboration

CVE-2026-22844: Zoom Has a CVSS 9.9 and Nobody's Talking About It

A meeting participant can execute code on your Zoom infrastructure. CVSS 9.9. If you self-host Zoom rooms or use on-prem Zoom infrastructure, this is an emergency.

Mar 11, 2026