A disgruntled researcher has released a third wave of Windows zero-day exploits, including a BitLocker encryption bypass ...

A single malformed web request is all it takes. On May 4, 2026, the Apache Software Foundation quietly filed a vulnerability ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Every security team’s nightmare came true over the weekend: a ...

The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive ...

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat ...

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions ...

Exploit code confirmed: Researchers have proof-of-concept code for CVE-2026-23918, enabling denial-of-service or remote code execution on Apache HTTP Server. Widespread server exposure: Apache serves ...

A critical remote code execution flaw in GitHub allowed users to gain access to millions of repositories and compromise ...

Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly ...

Amazon has announced compensation and a rescheduled event following Throne and Liberty emergency maintenance yesterday. Today, New World: Aeternum also went into an emergency maintenance to squash ...