Three Windows Zero-Days
Three Windows vulnerabilities have been recently discovered – BlueHammer, RedSun, and UnDefend.
Read MoreCISA Exploit List
Chrome Bug Lets Malicious Extensions Access Mic, Camera, And Files Through Gemini’s Permissions
Researchers disclosed a high-severity Chrome vulnerability, CVE-2026-0628, that allowed malicious browser extensions to inject code into Chrome’s Gemini Live browser panel and gain access to its privileges.
Read MoreWhisperPair Vulnerabilities Expose Most Bluetooth Headsets to Audio, Microphone, and Location Takeover
WhisperPair vulnerabilities in Google’s Fast Pair protocol let attackers silently hijack some Bluetooth audio devices – listening through microphones, controling audio, and in certain cases tracking a user’s location via Find Hub. Fixes are dependent on vendor firmware updates.
Read MoreCritical Apex Central RCE Fixed in Build 7190
Trend Micro has patched a critical RCE vulnerability in Apex Central – plus two Denial-of-Service bugs. Update to Build 7190 as soon as possible.
Read MoreUnpatched Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited
An unpatched Gogs zero-day (CVE-2025-8110) that bypasses a previous fix is being used to compromise more than 700 internet-exposed servers.
Read MoreCVSS 10.0 RCE in React Server Components
A 10.0 CVSS flaw in React and Next.js which allows remote code execution is actively exploited. Update as soon as possible.
Read MoreMicrosoft Teams Flaws Allowed Message Spoofing And Executive Impersonation
Four now-patched Microsoft Teams vulnerabilities let attackers spoof executives, edit messages without the edit tag, and forge caller identities.
Read MoreMicrosoft Patches 9.9-Rated ASP.NET Core Request-Smuggling Flaw
Microsoft fixed CVE-2025-55315, a Kestrel request-smuggling bug rated 9.9 (Critical). Updates for ASP.NET Core and Visual Studio are available; admins should patch and restart affected apps.
Read MoreCISA: Attacks Exploit Two N-able N-central Flaws; Patches Available
CISA added two actively exploited N-central flaws to the KEV catalog. N-able has released patches; admins using the software should update and enable MFA as soon as possible.
Read MoreMicrosoft and CISA Warn of High-Severity Exchange Hybrid Flaw
A new flaw affecting Microsoft Exchange Server 2016, 2019, and Subscription Edition has been disclosed. Patch is available, and Microsoft urges companies to create and use the dedicated Exchange hybrid app instead.
Read More