vulnerability management

The Instant Weaponization of Oracle’s 10.0 CVSS “Zero-Day-Like” Flaw PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

The Instant Weaponization of Oracle’s 10.0 CVSS “Zero-Day-Like” Flaw

Do Son March 31, 2026

The digital ink had barely dried on the disclosure of CVE-2026-21962 before threat actors began a relentless...

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 23 – March 29, 2026) Vulnerability Triage CISA KEV List

Vulnerability Triage CISA KEV List

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 23 – March 29, 2026)

Do Son March 30, 2026

Whether you are steering the organizational ship as a CISO or maintaining the operational engines as a...

Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV CISA KEV Catalog DarkSword Exploit Draytek Routers VMware vCenter RCE CVE-2024-37079

CISA KEV Catalog DarkSword Exploit Draytek Routers VMware vCenter RCE CVE-2024-37079

Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV

Do Son March 21, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding five...

CVE Watchtower Launches Enterprise Automation Suite Featuring 30-Day Intelligence Dashboards, Predictive EPSS Scoring, REST API, and ITSM Webhooks cve

cve

CVE Watchtower Launches Enterprise Automation Suite Featuring 30-Day Intelligence Dashboards, Predictive EPSS Scoring, REST API, and ITSM Webhooks

ddos-admin March 17, 2026

CVE Watchtower has announced a major expansion to its threat intelligence platform, introducing a comprehensive suite of...

CISA Flags Actively Exploited Wing FTP Server Flaw Wing FTP Server CVE-2025-47813

Wing FTP Server CVE-2025-47813

CISA Flags Actively Exploited Wing FTP Server Flaw

Do Son March 16, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive after adding a new vulnerability...

Weekly Threat Intelligence Briefing: Chrome Zero-Days, SolarWinds RCE, and a Surge in Critical PoCs CVE-2026-3910 Chrome Zero-Day CVSS 10.0 Vulnerabilities

CVE-2026-3910 Chrome Zero-Day CVSS 10.0 Vulnerabilities

Weekly Threat Intelligence Briefing: Chrome Zero-Days, SolarWinds RCE, and a Surge in Critical PoCs

Do Son March 16, 2026

The Executive Summary Over the past seven days, our CVE Watchtower intercepted 1,388 new vulnerabilities, highlighting a...

Winter CMS Urgently Patches Critical 10.0 CVSS Privilege Escalation Flaw Winter CMS Vulnerability CVE-2026-27591

Winter CMS Vulnerability CVE-2026-27591

Winter CMS Urgently Patches Critical 10.0 CVSS Privilege Escalation Flaw

Do Son March 13, 2026

Winter CMS, the popular open-source content management system favored by developers for its Laravel-based simplicity and rapid...

Apache Livy Patches Path Traversal and File Access Flaws Exposing Spark Clusters Apache Livy Security Path Traversal

Apache Livy Security Path Traversal

Apache Livy Patches Path Traversal and File Access Flaws Exposing Spark Clusters

Do Son March 13, 2026

Apache Livy, the essential bridge that allows web and mobile applications to interact seamlessly with Apache Spark...

The $32 Billion Fortress: Google Completes Historic Wiz Acquisition to Solve the “AI-Native” Risk Google Wiz acquisition 2026

Google Wiz acquisition 2026

The $32 Billion Fortress: Google Completes Historic Wiz Acquisition to Solve the “AI-Native” Risk

Do Son March 12, 2026

Google has formally promulgated the successful culmination of its acquisition of Wiz, the preeminent vanguard in global...

CISA Mandates Urgent Patch for Maximum 10.0 CVSS n8n RCE Flaw n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Mandates Urgent Patch for Maximum 10.0 CVSS n8n RCE Flaw

Do Son March 12, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a new, high-stakes entry to its Known...

Code Red: GitLab’s Latest Security Update Patches High-Severity XSS and API DoS Vulnerabilities GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

Code Red: GitLab’s Latest Security Update Patches High-Severity XSS and API DoS Vulnerabilities

Do Son March 12, 2026

GitLab has released critical security updates—versions 18.9.2, 18.8.6, and 18.7.6—for both Community Edition (CE) and Enterprise Edition...

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF WordPress 6.9.2 WordPress 6.9.2 WordPress Security Update WordPress Security Update WordPress.org Suspended

WordPress 6.9.2 WordPress 6.9.2 WordPress Security Update WordPress Security Update WordPress.org Suspended

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF

Do Son March 11, 2026

The WordPress security team has issued an urgent call to action following the release of WordPress 6.9.2...

Microsoft Patch Tuesday March 2026: 93 Vulnerabilities Addressed, Including Two Zero-Days Microsoft Patch Tuesday fixes disclosed zero day vulnerabilities Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Microsoft Patch Tuesday fixes disclosed zero day vulnerabilities Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Microsoft Patch Tuesday March 2026: 93 Vulnerabilities Addressed, Including Two Zero-Days

Do Son March 11, 2026

The March 2026 edition of Microsoft Patch Tuesday has arrived, bringing a massive wave of security updates...

AI vs. Bugs: OpenAI Launches “Codex Security” to Revolutionize AppSec OpenAI Advanced Account Security Phishing-Resistant AI Authentication OpenAI Codex Security AI Application Security

OpenAI Advanced Account Security Phishing-Resistant AI Authentication OpenAI Codex Security AI Application Security

AI vs. Bugs: OpenAI Launches “Codex Security” to Revolutionize AppSec

Do Son March 7, 2026

Recently, OpenAI has officially unveiled Codex Security, an advanced application security agent designed to identify and fix...

Update Chrome Now: Google Patches 3 Critical Flaws and 7 High-Risk Vulnerabilities

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

Update Chrome Now: Google Patches 3 Critical Flaws and 7 High-Risk Vulnerabilities

Do Son March 5, 2026

Google has released an urgent update for the Chrome Stable channel, addressing 10 security vulnerabilities, including three...

Coruna: The High-Powered iOS Exploit Kit Proliferating Across the Global Threat Landscape Coruna iOS Exploit GTIG Threat Report

Coruna iOS Exploit GTIG Threat Report

Coruna: The High-Powered iOS Exploit Kit Proliferating Across the Global Threat Landscape

Do Son March 5, 2026

The Google Threat Intelligence Group (GTIG) has detailed the curtain on “Coruna,” a formidable iOS exploit kit...

Django Releases Security Patches to Address DoS and Permission Vulnerabilities Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Releases Security Patches to Address DoS and Permission Vulnerabilities

Do Son March 4, 2026

The Django security team has issued important updates for all supported versions of the framework to address...

CISA Adds Qualcomm and VMware Flaws to Known Exploited Catalog Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Adds Qualcomm and VMware Flaws to Known Exploited Catalog

Do Son March 4, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding two...

Urgent Patch Required: HPE AutoPass License Server Hits Maximum Severity Risk HPE AutoPass Vulnerability, CVE-2026-23600 CVE-2024-22442 - HPE vulnerability HPE Storage Vulnerability CVE-2026-23594

HPE AutoPass Vulnerability, CVE-2026-23600 CVE-2024-22442 - HPE vulnerability HPE Storage Vulnerability CVE-2026-23594

Urgent Patch Required: HPE AutoPass License Server Hits Maximum Severity Risk

Do Son March 3, 2026

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin regarding a critical vulnerability in its AutoPass...

Security Alert: Android March 2026 Update Targets Actively Exploited Zero-Day

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Security Alert: Android March 2026 Update Targets Actively Exploited Zero-Day

Do Son March 3, 2026

Google has released its most substantial security update in years, addressing a total of 129 vulnerabilities in...