vulnerability

CERT-In has issued new guidelines requiring organizations to patch critical internet-facing vulnerabilities within 12 hours, warning that AI-powered cyberattacks are drastically reducing exploitation timeframes and increasing cyber risk.

A newly disclosed Linux kernel vulnerability, CVE-2026-46333, allows attackers to steal SSH private keys and gain root access through a local privilege escalation flaw affecting Linux systems for nearly nine years.

A severe MongoDB vulnerability (CVE-2026-8053) enables attackers to execute arbitrary code on affected servers, risking full system takeover and data theft. Self-hosted deployments must patch immediately to prevent potential exploitation.

Microsoft warns of a new Microsoft Teams Android vulnerability that could allow spoofing attacks on local devices. Update immediately to stay protected.

Google patches CVE-2026-0073, a critical Android zero-click flaw enabling remote shell access without user interaction. Update devices immediately.

A critical cPanel authentication bypass (CVE-2026-41940) was exploited in a cyber espionage campaign targeting government and military systems. Attackers gained root access, used SQL injection and custom malware tools, and exfiltrated over 4GB of sensitive data including defense and financial records.

Microsoft patches CVE-2026-32202, a Windows zero-click flaw exploited by APT28 hackers to bypass Defender SmartScreen and steal authentication hashes.

A critical flaw in Anthropic MCP exposes millions to RCE attacks, risking full system takeover, data theft, and AI infrastructure compromise.

AI router flaws allow attackers to inject malicious code, steal credentials, and hijack AI workflows. Learn risks and how to secure AI systems.

Adobe Acrobat Reader zero-day vulnerability exploited through malicious PDFs to steal data and gain system access. Learn risks and protection tips.