The Hacker News

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
SecurityWeek

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

An OpenSSH vulnerability introduced 15 years ago could allow attackers to obtain full root shell access to vulnerable servers ...
SecurityWeek

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Incomplete patch for a Windows SmartScreen and Windows Shell security prompts bypass created a new bug enabling zero-click ...
Security Boulevard

As the NVD scales back CVE enrichment, here’s what Tenable customers need to know

NIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, ...

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

CVSS vulnerability triage missed a chained Palo Alto attack that hit 13,000 devices. Five failure classes and the fixes ...
Forbes

CVE’s Near Cybersecurity Miss Averted — But The World Must Step Up

The cybersecurity world, shocked by the near-shutdown of the CVE system — a quiet crisis that nearly disrupted the backbone of global vulnerability coordination. In cybersecurity, some moments pass ...
ExecutiveGov

NIST Revamps Vulnerability Database Prioritization to Manage CVE Surge

NIST is focusing on enriching cybersecurity vulnerabilities and exposures that appear in CISA’s Known Exploited ...
The Hacker News

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.
Forbes

CVE Program Funding Reinstated—What It Means And What To Do Next

Forbes contributors publish independent expert analyses and insights. Kate O’Flaherty is a cybersecurity and privacy journalist. U.S. President Donald Trump has cut funding for the global database of ...