The Hacker News

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks ...

CISA says critical VMware RCE flaw now actively exploited

CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to ...
SecurityWeek

2024 VMware Flaw Now in Attackers’ Crosshairs

CISA and Broadcom warn that threat actors are exploiting CVE-2024-37079, a VMware vCenter Server vulnerability disclosed in ...

MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.

New Security Vulnerability Database Launches In The EU

A new vulnerability database has launched in the EU, in a bid to reduce dependence on the U.S. program. Here's what you need ...
The Hacker News

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation, urging ...

Google Chrome Pushes Critical Security Update for 3B Users

Google patched high-severity CVE-2026-0628 in Chrome 143 and added Push API rate limits to curb notification spam, with ...
Dark Reading

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a ...