~ / security

Security News.

Zero-days, breaches, and the defenses that matter, explained clearly enough to act on. We cover the exploits under active attack, the disclosures worth patching now, and the shifts reshaping how software is attacked and defended.

57 articles
AssuranceAmerica Breach Hit 6.9M Driver's Licenses, Security explainer Security

AssuranceAmerica Breach Hit 6.9M Driver's Licenses

AssuranceAmerica detected an intrusion on March 17 and began notifying 6.99 million people on July 10, a 115-day gap. Attackers took names, contact details and driver's license numbers, and the company is not offering identity theft protection to those affected.

Kore · 2026-07-16 · 6 min read
Cisco UCM SSRF Flaw CVE-2026-20230 Is Under Active Attack, Security explainer Security

Cisco UCM SSRF Flaw CVE-2026-20230 Is Under Active Attack

Cisco confirmed attackers are actively exploiting CVE-2026-20230, a server-side request forgery flaw in Unified Communications Manager, and CISA has added it to its Known Exploited Vulnerabilities catalog, starting the federal patch clock.

Kore · 2026-07-16 · 6 min read
China-Linked Hackers Exploit Roundcube Flaw at Universities, Security explainer Security

China-Linked Hackers Exploit Roundcube Flaw at Universities

A China-aligned threat cluster is actively exploiting a critical Roundcube webmail cross-site scripting flaw, CVE-2024-42009 (CVSS 9.3), against U.S. and Canadian universities, using a booby-trapped email that runs script the moment a victim opens it to steal mail and credentials.

Kore · 2026-07-15 · 6 min read
BeyondTrust Patches Two Pre-Auth Remote Support Flaws, Security explainer Security

BeyondTrust Patches Two Pre-Auth Remote Support Flaws

BeyondTrust patched two critical pre-authentication vulnerabilities, CVE-2026-40138 and CVE-2026-40139 (both CVSS 9.2), in its Remote Support and Privileged Remote Access products. Patch immediately.

Kore · 2026-07-15 · 5 min read
Microsoft Patches 570 Flaws, Two Zero-Days Exploited, Security explainer Security

Microsoft Patches 570 Flaws, Two Zero-Days Exploited

Microsoft's July 2026 Patch Tuesday fixes a record 570 flaws, including two zero-days already under active attack: CVE-2026-56155 in Active Directory Federation Services and CVE-2026-56164 in SharePoint Server, both privilege-escalation bugs. A third, a BitLocker bypass, was publicly disclosed.

Kore · 2026-07-14 · 7 min read
Progress Confirms ShareFile Zero-Day Behind Server Shutdown, Security explainer Security

Progress Confirms ShareFile Zero-Day Behind Server Shutdown

Progress confirmed a high-severity path traversal zero-day in ShareFile Storage Zone Controllers is behind last week's emergency server shutdown, and has now shipped a patch. The flaw hits all 5.x and 6.x on-premises controllers; cloud-only ShareFile accounts are unaffected.

Kore · 2026-07-14 · 7 min read
OpenAI Mandates Hardware Passkeys for Cyber Access, Security explainer Security

OpenAI Mandates Hardware Passkeys for Cyber Access

OpenAI now requires every Trusted Access for Cyber member to enable a hardware-backed passkey by September 1, 2026, or lose access to its frontier cyber models, making the login itself a security control alongside GPT-5.6 Sol.

Kore · 2026-07-14 · 6 min read
Three FortiSandbox CVEs Hit by AI-Generated Exploits, Security explainer Security

Three FortiSandbox CVEs Hit by AI-Generated Exploits

Honeypots are catching in-the-wild exploitation of three patched Fortinet FortiSandbox flaws, CVE-2026-39808, CVE-2026-39813, and CVE-2026-25089, and researchers say the exploit code for one of them appears to have been written by an AI model.

Kore · 2026-07-14 · 6 min read
Microsoft Rates M365 Copilot and Exchange Bugs Critical, Security explainer Security

Microsoft Rates M365 Copilot and Exchange Bugs Critical

Microsoft disclosed two critical cloud privilege-escalation flaws: CVE-2026-41106 in M365 Copilot (open redirect to privilege escalation) and CVE-2026-54998 in Exchange Online (incorrect authorization), an unusual critical rating for privilege bugs.

Kore · 2026-07-14 · 6 min read
Grok Build CLI Secretly Uploads Your Entire Repo to xAI, Security explainer Security

Grok Build CLI Secretly Uploads Your Entire Repo to xAI

Wire-level analysis disclosed hours ago shows xAI's Grok Build CLI quietly uploads your whole Git repository, including files it never reads and unredacted secrets, to a Google Cloud bucket, and the privacy toggle does not stop it.

Kore · 2026-07-13 · 6 min read
Zimbra Patches Stored-XSS RCE in Classic Web Client, Security explainer Security

Zimbra Patches Stored-XSS RCE in Classic Web Client

Zimbra urged customers to patch a critical stored cross-site-scripting flaw in its Classic Web Client that lets a specially crafted email run malicious scripts in a victim's session, a bug class attackers have repeatedly turned into full mail-server compromise.

Kore · 2026-07-13 · 5 min read
Adobe ColdFusion Patches 11 Critical Bugs, 6 Rated 10.0, Security explainer Security

Adobe ColdFusion Patches 11 Critical Bugs, 6 Rated 10.0

Adobe shipped fixes for 11 critical ColdFusion vulnerabilities, six of them carrying the maximum CVSS 10.0 score and all enabling unauthenticated attackers to run arbitrary code on the server. Adobe assigned its highest priority and urged patching within 72 hours.

Kore · 2026-07-13 · 6 min read
Injective's npm SDK Was Hijacked to Drain Wallets, Security explainer Security

Injective's npm SDK Was Hijacked to Drain Wallets

Attackers hijacked Injective Labs' SDK GitHub repo and pushed a poisoned npm package with fake telemetry that stole crypto wallet private keys and seed phrases before it was deprecated.

Kore · 2026-07-12 · 6 min read
Nightmare Eclipse Dumps 6 Unpatched Microsoft Exploits, Security explainer Security

Nightmare Eclipse Dumps 6 Unpatched Microsoft Exploits

A pseudonymous researcher published details and proof-of-concept code for six Microsoft vulnerabilities, including Defender privilege escalations and a Secure Boot bypass, without coordinating with Microsoft.

Kore · 2026-07-12 · 6 min read
A CVSS 10 UniFi flaw exposes 100,000 gateways to takeover, Security explainer Security

A CVSS 10 UniFi flaw exposes 100,000 gateways to takeover

CVE-2026-50746 is a maximum-severity command-injection flaw in Ubiquiti's UniFi Connect app that lets an unauthenticated attacker on the network run OS commands on the host; patch to 3.4.20 now.

Kore · 2026-07-11 · 6 min read
Gitea Docker flaw CVE-2026-20896 hands over admin access, Security explainer Security

Gitea Docker flaw CVE-2026-20896 hands over admin access

A CVSS 9.8 flaw in Gitea’s Docker images, CVE-2026-20896, let any internet client impersonate users via a trusted proxy header. Sysdig caught the first in-the-wild exploit 13 days after disclosure.

Kore · 2026-07-11 · 6 min read
GhostLock: a 15-year Linux bug hands attackers root, Security explainer Security

GhostLock: a 15-year Linux bug hands attackers root

GhostLock (CVE-2026-43499) is a 15-year-old Linux kernel flaw present in nearly every major distribution since 2011 that lets a local attacker escalate to root and escape containers, making patching urgent across servers and clouds.

Kore · 2026-07-11 · 6 min read
WinRAR Heap Overflow CVE-2026-14191 Needs a Manual Patch, Security explainer Security

WinRAR Heap Overflow CVE-2026-14191 Needs a Manual Patch

A new heap overflow in WinRAR, CVE-2026-14191 (CVSS 7.8), lets a booby-trapped RAR5 recovery volume corrupt memory and potentially run code. Because WinRAR has no auto-updater, hundreds of millions of installs stay vulnerable until users patch by hand.

Kore · 2026-07-10 · 6 min read
Langflow is the first AI agent platform on CISA's KEV, Security explainer Security

Langflow is the first AI agent platform on CISA's KEV

CISA added Langflow's CVE-2026-55255, a cross-tenant IDOR flaw, to its Known Exploited Vulnerabilities catalog, the first time an AI agent orchestration platform has landed there. Sysdig saw it exploited in the wild to steal LLM and cloud keys; patch to 1.9.2 and rotate every credential.

Kore · 2026-07-10 · 6 min read
FortiBleed: Hacked Fortinet Firewalls Fuel a Ransomware Wave, Security explainer Security

FortiBleed: Hacked Fortinet Firewalls Fuel a Ransomware Wave

The FortiBleed campaign is turning compromised Fortinet firewalls into ransomware launchpads, with 74,000 stolen credentials for sale and at least 12 confirmed infections tied to the INC and Lynx ransomware crews.

Kore · 2026-07-09 · 6 min read
Microsoft Patches RoguePlanet Defender Zero-Day, Security explainer Security

Microsoft Patches RoguePlanet Defender Zero-Day

Microsoft has shipped the fix for RoguePlanet (CVE-2026-50656), the Windows Defender zero-day that let any low-privileged user open a SYSTEM shell on a fully patched Windows 10 or 11 machine. The patch lands inside Malware Protection Engine 1.1.26060.3008 and distributes automatically.

Kore · 2026-07-09 · 6 min read
JetBrains Flaws Chain From Login Bypass to Build Takeover, Security explainer Security

JetBrains Flaws Chain From Login Bypass to Build Takeover

JetBrains patched a cluster of critical flaws across Hub, YouTrack, TeamCity and its IDEs, led by a CVSS 9.8 account-takeover bug in Hub that an attacker can chain into remote code execution and control of a company's build pipeline.

Kore · 2026-07-09 · 6 min read
Sysdig logs the first end-to-end AI-agent ransomware, Security explainer Security

Sysdig logs the first end-to-end AI-agent ransomware

Sysdig documented what it calls the first ransomware attack run end to end by an AI agent, from initial access through encryption, with the model making the operational decisions a human operator normally would. It is a preview of autonomous intrusions, and it collapses the time defenders have to react.

Kore · 2026-07-08 · 6 min read
Citrix NetScaler Flaw Echoes CitrixBleed, Exploit Is Out, Security explainer Security

Citrix NetScaler Flaw Echoes CitrixBleed, Exploit Is Out

Citrix disclosed six NetScaler vulnerabilities; CVE-2026-8451 (CVSS 8.8) lets attackers leak memory from SAML identity-provider appliances. Exploit code is public and scanning began within 24 hours.

Kore · 2026-07-08 · 6 min read
EU Parliament Fast-Tracks Chat Control in 331-304 Vote, Security explainer Security

EU Parliament Fast-Tracks Chat Control in 331-304 Vote

The EU Parliament narrowly approved an urgency motion, 331 to 304, on July 7 to fast-track reviving Chat Control message scanning, setting up a decisive vote on Thursday.

Kore · 2026-07-07 · 7 min read
Januscape: a 16-Year KVM Bug Escapes Guest to Host, Security explainer Security

Januscape: a 16-Year KVM Bug Escapes Guest to Host

Januscape (CVE-2026-53359) is a use-after-free in Linux KVM's shadow MMU that lets a guest VM corrupt host kernel memory, the first guest-to-host escape triggerable on both Intel and AMD.

Kore · 2026-07-07 · 6 min read
A Windows Device ID Unmasked a Hacker Behind a VPN, Security explainer Security

A Windows Device ID Unmasked a Hacker Behind a VPN

A persistent Windows Global Device Identifier, generated at install and impossible to turn off, let the FBI unmask an alleged Scattered Spider hacker who hid behind a VPN and an ngrok tunnel. Microsoft telemetry tied his device to the attack, then to his personal Apple, Snapchat, and Facebook logins.

Kore · 2026-07-07 · 7 min read
SimpleHelp Auth-Bypass Flaw Threatens MSPs at CVSS 10, Security explainer Security

SimpleHelp Auth-Bypass Flaw Threatens MSPs at CVSS 10

A maximum-severity flaw in SimpleHelp remote-support software, CVE-2026-48558 (CVSS 10.0), lets an unauthenticated attacker forge an identity token and take over a technician session, a supply-chain risk that could cascade from one managed service provider to all its clients.

Kore · 2026-07-07 · 5 min read
Bad Epoll Flaw Hands Local Root on Most Linux Systems, Security explainer Security

Bad Epoll Flaw Hands Local Root on Most Linux Systems

A newly disclosed Linux kernel flaw, CVE-2026-46242 in the epoll subsystem, lets any unprivileged local user escalate to root across desktops, servers, and Android. A fix is out, and patching is the only real mitigation.

Kore · 2026-07-06 · 6 min read
FatFs Flaws Let a Rigged USB Take Over IoT Devices, Security explainer Security

FatFs Flaws Let a Rigged USB Take Over IoT Devices

Researchers at runZero disclosed seven vulnerabilities in FatFs, a tiny filesystem library baked into the firmware of cameras, drones, industrial controllers, and hardware crypto wallets, where a booby-trapped USB drive or SD card can corrupt memory and run attacker code.

Kore · 2026-07-06 · 6 min read
Kemp LoadMaster Bug (CVSS 9.6) Under Active Attack, Security explainer Security

Kemp LoadMaster Bug (CVSS 9.6) Under Active Attack

A critical command-injection flaw in Progress Kemp LoadMaster, CVE-2026-8037 (CVSS 9.6), is being actively exploited to run arbitrary OS commands on internet-facing load balancers, with attacks observed from June 29.

Kore · 2026-07-06 · 5 min read
SharePoint RCE Flaw Is Under Active Attack, CISA Warns, Security explainer Security

SharePoint RCE Flaw Is Under Active Attack, CISA Warns

CISA added a high-severity Microsoft SharePoint Server flaw, CVE-2026-45659, to its Known Exploited Vulnerabilities catalog on July 2 after confirming active exploitation. The bug is a remote-code-execution hole from unsafe deserialization, patched in May, and every on-prem SharePoint server that skipped that update is exposed.

Kore · 2026-07-05 · 6 min read
KDDI Breach Exposes 14M Users, Passwords in Plaintext, Security explainer Security

KDDI Breach Exposes 14M Users, Passwords in Plaintext

KDDI disclosed a breach of its email platform that may have exposed up to 14.22 million customers across six ISPs, and admitted only some passwords were hashed, meaning others sat in plaintext. Shared infrastructure widened the blast radius and weak storage turned it into a credential dump.

Kore · 2026-07-05 · 7 min read
DirtyClone Hands Local Root on Default Linux Systems, Security explainer Security

DirtyClone Hands Local Root on Default Linux Systems

DirtyClone (CVE-2026-43503) is a Linux kernel flaw that lets any local user escalate to root by cloning network packets, and it works on default Debian, Ubuntu, and Fedora installs with standard namespace configurations.

Kore · 2026-07-04 · 6 min read
Oracle PeopleSoft zero-day hit 100+ orgs, breached Nissan, Security explainer Security

Oracle PeopleSoft zero-day hit 100+ orgs, breached Nissan

A CVSS 9.8 zero-day in Oracle PeopleSoft (CVE-2026-35273) let the ShinyHunters extortion crew take over 300+ servers at 100+ organizations before Oracle's June 10 emergency patch. The unauthenticated SSRF-to-RCE flaw exposed employee Social Security and banking data at Nissan and hit dozens of universities.

Kore · 2026-07-04 · 7 min read
SharePoint RCE Flaw Lands on CISA's Exploited List, Security explainer Security

SharePoint RCE Flaw Lands on CISA's Exploited List

CISA added CVE-2026-45659, a CVSS 8.8 remote code execution flaw in Microsoft SharePoint Server, to its Known Exploited Vulnerabilities catalog after confirming active attacks. Any authenticated user can trigger it, with no admin privileges required.

Kore · 2026-07-03 · 6 min read
AirDrop and Quick Share Flaws Expose Billions of Phones, Security explainer Security

AirDrop and Quick Share Flaws Expose Billions of Phones

Researchers at CISPA disclosed six vulnerabilities in Apple AirDrop and Google and Samsung Quick Share on June 30, 2026, letting an attacker within wireless range crash nearby devices with no pairing or user tap, though the flaws cause denial of service rather than data theft or code execution.

Kore · 2026-07-03 · 6 min read
Kemp LoadMaster Pre-Auth RCE Is Now Under Active Attack, Security explainer Security

Kemp LoadMaster Pre-Auth RCE Is Now Under Active Attack

CVE-2026-8037 is a pre-authentication remote code execution flaw in Progress Kemp LoadMaster, rated up to CVSS 9.8, that lets an unauthenticated attacker run system commands on the load balancer. Exploitation attempts began June 29, 2026, the same day a public proof-of-concept dropped. Patch now if the API is enabled.

Kore · 2026-07-02 · 7 min read
DuneSlide Turns a Cursor Prompt Into Full Code Execution, Security explainer Security

DuneSlide Turns a Cursor Prompt Into Full Code Execution

Cato AI Labs disclosed DuneSlide, two 9.8-severity flaws (CVE-2026-50548 and CVE-2026-50549) that let a poisoned web page or MCP response escape Cursor's AI sandbox and run any command on a developer's machine, no click required.

Kore · 2026-07-02 · 8 min read
A PraisonAI Flaw Was Exploited Within Hours of Disclosure, Security explainer Security

A PraisonAI Flaw Was Exploited Within Hours of Disclosure

Attackers began hitting the PraisonAI authentication-bypass flaw, CVE-2026-44338, less than four hours after it was publicly disclosed, because a legacy Flask API server shipped with authentication disabled by default.

Kore · 2026-07-01 · 5 min read
A 9.8 Oracle E-Business Suite Flaw Is Under Active Attack, Security explainer Security

A 9.8 Oracle E-Business Suite Flaw Is Under Active Attack

CVE-2026-46817, a 9.8-severity unauthenticated takeover flaw in Oracle E-Business Suite's Payments module, is being exploited in the wild, first seen June 27, 2026, six weeks after a patch and before any public exploit existed.

Kore · 2026-07-01 · 5 min read
BlueHammer Defender Zero-Day Hit SYSTEM in the Wild, Security explainer Security

BlueHammer Defender Zero-Day Hit SYSTEM in the Wild

CVE-2026-33825, nicknamed BlueHammer, is a Microsoft Defender flaw that let a low-privileged attacker win SYSTEM by racing Defender's own rollback engine; it was exploited in the wild and later tied to ransomware.

Kore · 2026-07-01 · 6 min read
FortiBleed Exposed Credentials for 86,000 Fortinet Firewalls, Security explainer Security

FortiBleed Exposed Credentials for 86,000 Fortinet Firewalls

FortiBleed leaked working admin credentials for roughly 86,000 internet-facing Fortinet firewalls across 194 countries. Because it exploits no software bug, there is nothing to patch: every affected organization must treat its credentials as compromised.

Kore · 2026-06-30 · 6 min read
A Cisco Zero-Day Was Exploited for Two Months Before Anyone Knew, Security explainer Security

A Cisco Zero-Day Was Exploited for Two Months Before Anyone Knew

Mandiant found that CVE-2026-20245, a high-severity Cisco Catalyst SD-WAN flaw, was exploited as a zero-day at least two months before Cisco disclosed it on June 4, 2026. Patches began rolling out June 10, after attackers already had a long head start.

Kore · 2026-06-30 · 5 min read
Microsoft Just Shipped Its Largest Patch Tuesday Ever, and That Is Not Good News, Security explainer Security

Microsoft Just Shipped Its Largest Patch Tuesday Ever, and That Is Not Good News

June 2026 was the most patch-dense month in Microsoft history: 200 vulnerabilities in one Patch Tuesday, including six zero-days. A record like this is a symptom, not an achievement.

Kore · 2026-06-29 · 6 min read
A Self-Spreading Worm Is Eating the Open-Source Supply Chain. Its Name Is Shai-Hulud., Security explainer Security

A Self-Spreading Worm Is Eating the Open-Source Supply Chain. Its Name Is Shai-Hulud.

A self-propagating worm has compromised over 100 npm and PyPI packages in a single June wave, stealing developer credentials and using them to infect more packages. The source code is now public, and clones have arrived.

Kore · 2026-06-28 · 6 min read
An Anonymous Account Is Dumping Zero-Days Into the Open. That Should Worry Everyone., Security explainer Security

An Anonymous Account Is Dumping Zero-Days Into the Open. That Should Worry Everyone.

An anonymous GitHub account is mass-publishing working exploits for flaws vendors never got to patch. It is a direct attack on the fragile bargain that keeps software security from becoming a free-for-all.

Kore · 2026-06-28 · 5 min read
How Phishing Got Smart Enough to Fool Experts, Security explainer Security

How Phishing Got Smart Enough to Fool Experts

The cartoon image of phishing, a typo-ridden email from a fake prince, is obsolete. Modern phishing is targeted, polished, and good enough to catch professionals.

Kore · 2026-06-26 · 5 min read
Why Software Updates Are a Security Decision, Not a Chore, Security explainer Security

Why Software Updates Are a Security Decision, Not a Chore

The notification asking you to update is easy to dismiss for days. Behind that small annoyance is one of the most effective security habits available to anyone.

Kore · 2026-06-26 · 4 min read
Why Your Browser Is the Most Important Security Tool You Have, Security explainer Security

Why Your Browser Is the Most Important Security Tool You Have

People hunt for security in antivirus apps and gadgets, but the single piece of software that protects you most is the one you stare at all day: your web browser.

Kore · 2026-06-26 · 4 min read
Passkeys Are Killing the Password, Finally, Security explainer Security

Passkeys Are Killing the Password, Finally

After decades of failed attempts to replace the password, a standard called passkeys is actually gaining ground. The reason is that it removes the part humans get wrong.

Kore · 2026-06-25 · 5 min read
Why 'Zero Trust' Is More Than a Buzzword, Security explainer Security

Why 'Zero Trust' Is More Than a Buzzword

The phrase gets stamped on every security product, which makes it easy to dismiss. The idea underneath is a genuine and overdue shift in how networks are defended.

Kore · 2026-06-24 · 5 min read
The Supply-Chain Attack Problem No One Has Solved, Security explainer Security

The Supply-Chain Attack Problem No One Has Solved

You can lock down your own code perfectly and still get breached, through a dependency you trusted. It's modern software's most uncomfortable weakness.

Kore · 2026-06-23 · 5 min read
Ransomware Became a Business. Here's the Model., Security explainer Security

Ransomware Became a Business. Here's the Model.

The image of a lone hacker in a hoodie is badly out of date. Ransomware now runs on org charts, customer support, and affiliate programs.

Kore · 2026-06-22 · 5 min read
Stop Reusing Passwords, Here's the Real Risk, Security explainer Security

Stop Reusing Passwords, Here's the Real Risk

Reusing one good password across sites feels safe because the password is strong. The danger isn't the password's strength. It's what happens when any one site is breached.

Kore · 2026-06-21 · 4 min read
End-to-End Encryption, Without the Hype, Security explainer Security

End-to-End Encryption, Without the Hype

It's the feature privacy advocates demand and some governments want to weaken. Strip away the politics and end-to-end encryption is a simple, powerful idea.

Kore · 2026-06-20 · 5 min read
Two-Factor Authentication: Not All Methods Are Equal, Security explainer Security

Two-Factor Authentication: Not All Methods Are Equal

Turning on two-factor authentication is one of the best security moves you can make. But the method you choose matters more than most people realize.

Kore · 2026-06-19 · 4 min read