Threat Alerts
Real-time critical CVE alerts, security advisories, and vulnerability intelligence — curated by the Vulnios Threat Intelligence team.
USN-8525-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive inform
USN-8526-1: libheif vulnerabilities
Xianrui Dong discovered that libheif had an out-of-bounds read in its HEIF sequence track parser. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information
Chrome Beta for Desktop Update
Google Chrome Releases published an advisory on "Chrome Beta for Desktop Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References f
USN-8523-1: libsoup vulnerabilities
Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-length resources. An attacker could possibly use this issue to trigger a buffer over-read, resulting in informa
USN-8524-1: Python vulnerability
It was discovered that Python did not use sufficient entropy for Expat hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree modules. An attacker could use this to cause a denial
USN-8522-1: LibRaw vulnerabilities
It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service. (CVE-2026-5342) I
USN-8521-1: Libidn vulnerability
It was discovered that Libidn incorrectly handled certain internationalized domain name strings. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service.
USN-8520-1: Expat vulnerability
It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, le
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several
Chrome Beta for iOS Update
Google Chrome Releases published an advisory on "Chrome Beta for iOS Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References for t
Chrome Beta for Android Update
Google Chrome Releases published an advisory on "Chrome Beta for Android Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References f
USN-8519-1: Go Cryptography vulnerabilities
Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly handled SSH agent responses. An attacker could use this to cause a denial of service. (CVE-2025-47913) Yuichi Watanabe discov
Protect Your Organization
Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.