Older posts, still searchable. ← Back to recent posts
A critical SQL injection flaw in Drupal Core is under active attack just 48 hours after patching. CISA added it to its Known Exploited Vulnerabilities catalog, and over 15,000 attacks have already been observed. If your website runs Drupal on PostgreSQL, here's what you need to know right now.
Three Microsoft Defender vulnerabilities — two already being exploited in the wild — have been patched in a silent engine update. CISA is requiring federal agencies to fix them by June 3. Here's exactly how to check whether your PC is protected.
Two Microsoft Defender vulnerabilities are being actively exploited right now. CISA has mandated federal agencies patch by June 3 — and everyday Windows users and small businesses shouldn't wait either. Here's exactly how to check your version and get protected.
Two Microsoft Defender vulnerabilities — CVE-2026-41091 and CVE-2026-45498 — are being actively exploited in the wild. Here's what they do, why it matters that your security software is the target, and exactly how to check if your PC is protected.
GitHub confirmed that a single employee installing a malicious VS Code extension led to the theft of ~3,800 internal repositories. Here's what happened, who's behind it, and the practical steps every developer and small business should take to protect their code and tools.
A single GitHub employee installed a trojanized VS Code extension — and attackers walked away with roughly 3,800 internal repositories. Here's what happened, who's behind it, and how to vet your own extensions before the same thing happens to you.
Two critical web platform threats are converging this week. Drupal is pushing an emergency core security update on May 20, and NGINX is already being actively exploited. If you run either platform, here's exactly what to do right now.
A critical heap buffer overflow flaw in NGINX (CVE-2026-42945) is already being actively exploited just days after disclosure. Here's what it is, why it matters for your business website, and the steps you need to take right now.
Microsoft confirmed active exploitation of Exchange Server zero-day CVE-2026-42897, and CISA has now added it to its Known Exploited Vulnerabilities catalog with a May 29 deadline. Here's what your business needs to do right now.
CVE-2026-42897 is a zero-day actively targeting on-premises Microsoft Exchange servers through Outlook Web Access. No patch exists yet — but mitigations do. Here's your step-by-step emergency guide.
Microsoft has confirmed active exploitation of a new Exchange Server zero-day (CVE-2026-42897) that lets attackers run malicious JavaScript just by getting a user to open a crafted email in Outlook Web Access. No permanent patch exists yet — but mitigations are available now. Here's a step-by-step guide for small businesses.
A maximum-severity authentication bypass flaw in Cisco Catalyst SD-WAN Controller is being actively exploited in the wild. CISA has added it to its Known Exploited Vulnerabilities catalog with a federal patch deadline of May 17, 2026. Here's what it means for your business and what to do right now.
