High-severity advisories
60 alerts in this category.
CVEs and security advisories rated HIGH — exploitation is straightforward and impact is significant. Should be addressed within standard high-severity SLAs (typically 7 days for internet-exposed assets).
Spectrum Security Emerges From Stealth Mode With $19 Million
The threat detection startup will invest in accelerating its engineering and go-to-market efforts. The post Spectrum Security Emerges From Stealth Mode With $19 Million appeared first on SecurityWeek.
Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak
The ShinyHunters cybercrime group claimed to have stolen 9 million records containing personal information from Medtronic. The post Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak appe
Microsoft asks iPhone users to reauthenticate after Outlook outage
Microsoft asks iPhone users to reauthenticate after Outlook outage
MicrosoftChinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
MicrosoftCVE-2026-32202Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
MicrosoftRobinhood account creation flaw abused to send phishing emails
Robinhood account creation flaw abused to send phishing emails
DSA-6231-1 openjdk-21 - security update
https://security-tracker.debian.org/tracker/DSA-6231-1
DebianAlleged Silk Typhoon hacker extradited to US for cyberespionage
Alleged Silk Typhoon hacker extradited to US for cyberespionage
Canada arrests three for operating “SMS blaster” device in Toronto
Canada arrests three for operating “SMS blaster” device in Toronto
Medieval Encrypted Letter Decoded
Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860. ]]>
FTC: Americans lost over $2.1 billion to social media scams in 2025
FTC: Americans lost over $2.1 billion to social media scams in 2025
Incomplete Windows Patch Opens Door to Zero-Click Attacks
The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries. The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on Securit
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
The tech giant found that many indirect prompt injection attempts are harmless, but some malicious exploits have also been identified. The post Malicious AI Prompt Injection Attacks Increasing, but So
GoogleOpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators. The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on
Energy and Water Management Firm Itron Hacked
Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13. The post Energy and Water Management Firm Itron Hacked appeared first on SecurityW
Home security giant ADT data breach affects 5.5 million people
Home security giant ADT data breach affects 5.5 million people
Webinar: Spotting cyberattacks before they begin
Webinar: Spotting cyberattacks before they begin
PyPI package with 1.1M monthly downloads hacked to push infostealer
PyPI package with 1.1M monthly downloads hacked to push infostealer
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Medtronic confirms breach after hackers claim 9 million records theft
Medtronic confirms breach after hackers claim 9 million records theft
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
Microsoft says Outlook.com outage is causing sign‑in failures
Microsoft says Outlook.com outage is causing sign‑in failures
MicrosoftMoney launderer linked to $230M crypto heist gets 70 months in prison
Money launderer linked to $230M crypto heist gets 70 months in prison
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
CrowdStrike Named a Leader in Frost & Sullivan 2026 Radar for Cloud-Native Application Protection Platforms
CrowdStrike Named a Leader in Frost & Sullivan 2026 Radar for Cloud-Native Application Protection Platforms
Firefox Vulnerability Allows Tor User Fingerprinting
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on S
FirefoxCVE-2026-6770Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared f
LinuxFake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
American utility firm Itron discloses breach of internal IT network
American utility firm Itron discloses breach of internal IT network
Microsoft rolls out revamped Windows Insider Program
Microsoft rolls out revamped Windows Insider Program
MicrosoftChina-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
Dubbed GopherWhisper, the group relies on multiple Go-based backdoors alongside custom loaders and injectors. The post China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks a
Friday Squid Blogging: How Squid Survived Extinction Events
Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that the
IntelCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
AWSDSA-6230-1 chromium - security update
https://security-tracker.debian.org/tracker/DSA-6230-1
DebianADT confirms data breach after ShinyHunters leak threat
ADT confirms data breach after ShinyHunters leak threat
Windows Update gets new controls to reduce forced restarts
Windows Update gets new controls to reduce forced restarts
Microsoft to roll out Entra passkeys on Windows in late April
Microsoft to roll out Entra passkeys on Windows in late April
MicrosoftNew BlackFile extortion group linked to surge of vishing attacks
New BlackFile extortion group linked to surge of vishing attacks
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
LinuxFIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
CiscoOver 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
DORA and operational resilience: Credential management as a financial risk control
DORA and operational resilience: Credential management as a financial risk control
Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents
From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. The post Why Cybersecurity Must Rethink Defense in th
Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise
Locked Shields has grown significantly over the past 16 years, with only four nations participating in the first edition. The post Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’
Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US
The Trump administration is vowing to crack down on foreign tech companies’ exploitation of U.S. artificial intelligence models. The post Trump Administration Vows Crackdown on Chinese Companies ‘Expl
IntelIn Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
Other noteworthy stories that might have slipped under the radar: Supreme Court hacker sentenced, Lovable exposed user data, Google expands enterprise security. The post In Other News: Unauthorized My
GoogleVulnerabilities Patched in CrowdStrike, Tenable Products
CrowdStrike has fixed a critical LogScale vulnerability, while Tenable addressed a high-severity Nessus flaw. The post Vulnerabilities Patched in CrowdStrike, Tenable Products appeared first on Securi
Microsoft now lets admins uninstall Copilot on enterprise devices
Microsoft now lets admins uninstall Copilot on enterprise devices
Microsoft26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
AppleBridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
CVE-2026-33626Copperhelm Raises $7 Million for Agentic Cloud Security Platform
The Israel-based company, which just emerged from stealth mode, was founded by cloud and security experts from RSA, McAfee, and Unity. The post Copperhelm Raises $7 Million for Agentic Cloud Security
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers exploit file upload bug in Breeze Cache WordPress plugin
WordPressCloudsmith Raises $72 Million in Series C Funding
The company will use the investment to accelerate product development and grow go-to-market efforts. The post Cloudsmith Raises $72 Million in Series C Funding appeared first on SecurityWeek. ]]>
Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
360 Digital Security Group claims to have uncovered 1,000 vulnerabilities using AI, including at the Tianfu Cup hacking contest. The post Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparison
New Checkmarx supply-chain breach affects KICS analysis tool
New Checkmarx supply-chain breach affects KICS analysis tool
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan