New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Executionhttps://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.htmlRead on HackerWorkspace: https://hackerworkspace.com/article/new-exim-bdat-vulnerability-exposes-gnutls-builds-to-potential-code-execution#cybersecurity #vulnerability #exploit

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticatorhttps://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-fortiauthenticator/Read on HackerWorkspace: https://hackerworkspace.com/article/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-fortiauthenticator#vulnerability #exploit #securitypatch

️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: https://radar.offseq.com/threat/cve-2026-35428-cwe-77-improper-neutralization-of-s-2b3310c3 #OffSeq #Azure #Vulnerability #CloudSec

Researchers Report RCE Vulnerabilities in PostgreSQL and MariaDBResearchers uncovered critical RCE vulnerabilities in PostgreSQL and MariaDB, including 20-year-old heap buffer overflows in core extensions and JSON validation logic. The flaws allow authenticated users to escalate privileges and execute arbitrary OS commands, affecting a vast majority of cloud-hosted database environments.**Make sure your PostgreSQL and MariaDB databases are isolated from the internet and accessible only from trusted networks. Then update PostgreSQL to 18.2, 17.8, 16.12, 15.16, or 14.21 (and MariaDB to 11.4.10 or 11.8.6). Audit user permissions to remove any unnecessary CREATE or FILE privileges.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/researchers-report-rce-vulnerabilities-in-postgresql-and-mariadb-k-g-q-6-j/gD2P6Ple2L

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCEhttps://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.htmlRead on HackerWorkspace: https://hackerworkspace.com/article/critical-apache-http-2-flaw-cve-2026-23918-enables-dos-and-potential-rce#cybersecurity #vulnerability #exploit

Student hacked Taiwan high-speed rail to trigger emergency brakeshttps://www.bleepingcomputer.com/news/security/student-hacked-taiwan-high-speed-rail-to-trigger-emergency-brakes/Read on HackerWorkspace: https://hackerworkspace.com/article/student-hacked-taiwan-high-speed-rail-to-trigger-emergency-brakes#cybersecurity #authentication #vulnerability

Update WhatsApp now: Two new flaws could expose you to malicious fileshttps://www.malwarebytes.com/blog/news/2026/05/update-whatsapp-now-two-new-flaws-could-expose-you-to-malicious-filesRead on HackerWorkspace: https://hackerworkspace.com/article/update-whatsapp-now-two-new-flaws-could-expose-you-to-malicious-files#cybersecurity #vulnerability #securitypatch

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits - Help Net Securityhttps://www.helpnetsecurity.com/2026/05/05/google-vulnerability-reward-program-android-chrome-pixel/Read on HackerWorkspace: https://hackerworkspace.com/article/google-to-pay-up-to-1-5-million-for-zero-click-pixel-titan-m-exploits-help-net-security#cybersecurity #vulnerability #exploit

Patches cover "Debian, Ubuntu, Alma Linux, and many others. However, some newer distributions that run the latest Linux 7.0 kernel, such as Ubuntu 26.04 LTS, do not appear to be affected by this vulnerability."9to5Linux: Copy Fail Linux Kernel Vulnerability Now Patched in Debian, Ubuntu, and Others https://9to5linux.com/copy-fail-linux-kernel-vulnerability-now-patched-in-debian-ubuntu-and-others @9to5linux @mariusnestor #Linux #infosec #vulnerability #Ubuntu

@CVE_Program Who issues CVEs for OpenAI's SaaS offerings?

Microsoft Patches Critical CVSS 10.0 SSRF Vulnerability in Entra IDMicrosoft patched a critical SSRF vulnerability (CVE-2026-35431) in Entra ID Entitlement Management with a CVSS score of 10.0 that allowed unauthenticated spoofing and internal network access. The flaw was fixed server-side, requiring no action from users to secure their environments.**No action is needed on your part, Microsoft already fixed this vulnerability on their cloud servers on April 23, 2026. As a good practice, review your Entra ID sign-in and audit logs for any unusual activity from before that date, and ensure multi-factor authentication is enforced for all admin accounts.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/microsoft-patches-critical-cvss-10-0-ssrf-vulnerability-in-entra-id-c-d-3-y-z/gD2P6Ple2L

My Friend Made $40,000 Using Claude Code (Here's How)https://www.youtube.com/watch?v=pRPT_yrgRL0#cybersecurity #aisecurity #vulnerability

Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & Morehttps://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.htmlRead on HackerWorkspace: https://hackerworkspace.com/article/weekly-recap-fast16-malware-xchat-launch-federal-backdoor-ai-employee-tracking-more#ransomware #malware #vulnerability

PyPI package with 1.1M monthly downloads hacked to push infostealerhttps://www.bleepingcomputer.com/news/security/pypi-package-with-11m-monthly-downloads-hacked-to-push-infostealer/Read on HackerWorkspace: https://hackerworkspace.com/article/pypi-package-with-1-1m-monthly-downloads-hacked-to-push-infostealer#malware #cybersecurity #vulnerability

AI Cyber Threat Series: AI Is Now a Weapon. Day One Proved It.https://www.cyderes.com/howler-cell/ai-is-now-cyber-weaponRead on HackerWorkspace: https://hackerworkspace.com/article/ai-cyber-threat-series-ai-is-now-a-weapon-day-one-proved-it#databreach #aisecurity #vulnerability

Broadcom has three critical listings today: https://support.broadcom.com/web/ecx/security-advisory- Datacom Health Check Analyzer 1.1 Vulnerability- IDMS Server: OpenSSL Vulnerability CVE-2026-28386- MICS REST API SERVER - 14.5 Vulnerability in Spring Security Also:Cisco has a critical advisory:- CVE-2026-20122; CVE-2026-20126 and CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v Cisco has also tagged 7Zip and Adobe for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #infoec #Broadcom #vulnerability #zeroday #Adobe

Critical RCE Vulnerability in SGLang AI Framework via Malicious GGUF ModelsSGLang disclosed a critical RCE vulnerability CVE-2026-5760 caused by unsandboxed Jinja2 template rendering in its reranking endpoint. Attackers can exploit this by tricking users into loading malicious GGUF model files that run arbitrary Python code.**If you run SGLang for serving LLMs, treat it as unsafe right now: restrict the API to trusted internal networks only, run it in a non-privileged container, and do not load any GGUF models from public repositories like Hugging Face until the maintainers release a patch. As a temporary fix, have your team manually patch the source to use Jinja2's ImmutableSandboxedEnvironment instead of the default environment.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/critical-rce-vulnerability-in-sglang-ai-framework-via-malicious-gguf-models-l-4-1-8-t/gD2P6Ple2L

️ HIGH severity XSS in FreeScout (<1.8.213)! CVE-2026-40497 lets mailbox admins/agents inject CSS and steal CSRF tokens, leading to privilege escalation. Upgrade to 1.8.213 ASAP! https://radar.offseq.com/threat/cve-2026-40497-cwe-79-improper-neutralization-of-i-2ec0f6d7 #OffSeq #XSS #Vulnerability #FreeScout

Our paper "Modeling Sparse and Bursty Vulnerability Sightings: Forecasting Under Data Constraints" is now available on arXiv:https://arxiv.org/abs/2604.16038And we will present it in Munich this Thursday during the FISRT CTI 2026.#FIRSTCTI #Munich #Forecasting #Vulnerability #SARIMAX #Poisson #VLAI

HTB: AirTouchhttps://0xdf.gitlab.io/2026/04/18/htb-airtouch.htmlRead on HackerWorkspace: https://hackerworkspace.com/article/htb-airtouch#authentication #vulnerability #exploit