Vulnerability
-
Eric Geller/Cybersecurity Dive
Deep DiveHow a government contest launched a revolution in AI-based bug hunting
Security researchers have spent months honing AI systems that can find and fix serious vulnerabilities. Critical infrastructure everywhere could benefit.
By Eric Geller • May 18, 2026 -
Getty Images
Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
Researchers discovered the authentication bypass vulnerability while investigating a prior issue in the same service.
By David Jones • May 15, 2026 -
MF3d via Getty Images
Frontier AI models reap rapid discovery of security vulnerabilities
Security teams have just a few months before AI-driven exploitation becomes the norm, researchers warn.
By David Jones • May 14, 2026 -
Justin Sullivan via Getty Images
OpenAI launches Daybreak to combat cyber threats
The cybersecurity initiative uses AI to detect software vulnerabilities, partnering with Cloudflare, Cisco and CrowdStrike to counter threats.
By Paige Gross • May 13, 2026 -
Getty Images
Identity takes center stage as a leading factor in enterprise cyberattacks
A new report shows two-thirds of ransomware attacks began with an identity-related breach.
By David Jones • May 12, 2026 -
MF3d via Getty Images
AI used to develop working zero-day exploit, researchers warn
A report by GTIG shows threat groups are increasingly leveraging AI to scale attacks. The exploitation attempt was disclosed and patched, preventing a mass incident.
By David Jones • May 11, 2026 -
Matt Kapko/Cybersecurity Dive
Palo Alto Networks warns state-linked cluster behind zero-day exploitation
A patch for the flaw, which hackers began targeting in early April, won’t be ready for another week.
By David Jones • May 7, 2026 -
Getty Images
Critical vulnerability in cPanel leads to widespread exploitation
Researchers warn that threat activity continues to surge, including brute force attacks and ransomware.
By David Jones • May 4, 2026 -
Getty Images
New MOVEit vulnerabilities prompt urgent patch warning
Progress Software warned customers to immediately upgrade the file-transfer tool to fix the serious flaws.
By Eric Geller • May 4, 2026 -
Getty Images
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog
Russia has used one of the flaws, security experts said, while North Korea has used the other.
By Eric Geller • April 29, 2026 -
Courtesy of Billington
US, UK authorities warn that Firestarter backdoor malware survives patching
A federal agency was impacted by a hacking campaign that exploited flaws in Cisco devices.
By David Jones • April 27, 2026 -
Getty Images
AI-written software creates hassles for wary security teams
A new report explains what cybersecurity practitioners need to see before they trust AI coding tools.
By Eric Geller • April 23, 2026 -
Getty Images
Microsoft SharePoint vulnerability widely exposed across multiple countries
The disclosure comes just weeks after a prior SharePoint flaw was discovered.
By David Jones • April 22, 2026 -
David Ramos via Getty Images
CISA confirms exploitation of 3 more Cisco networking device vulnerabilities
Cisco revealed six critical flaws in widely used products in February. The government has now seen evidence that hackers are abusing four of them.
By Eric Geller • April 21, 2026 -
tadamichi via Getty Images
Vulnerability exploitation surges often precede disclosure, offering possible early warnings
Organizations can get ahead of major flaws with the right threat intelligence, according to a new report.
By Eric Geller • April 20, 2026 -
Sean Gallup via Getty Images
TP-Link routers face exploitation attempt linked to high-severity flaw
Researchers warn a potential botnet is targeting a vulnerability in end-of-life devices.
By David Jones • April 17, 2026 -
BlackJack3D via Getty Images
CIOs fret over rising security concerns amid AI adoption
AI is emerging as a critical tool and a growing threat as CIOs struggle to balance innovation with risk, according to a new report.
By Scarlett Evans • April 16, 2026 -
R. Eskalis/NIST. Retrieved from NIST.
NIST limits vulnerability analysis as CVE backlog swells
The agency will stop adding detailed information to vulnerabilities that don’t meet certain criteria.
By Eric Geller • April 16, 2026 -
Ethan Miller via Getty Images
FCC exempts Netgear from foreign router ban
The commission did not explain its action beyond citing a Defense Department determination.
By Eric Geller • April 15, 2026 -
Getty Images
Medium-severity flaw in Microsoft SharePoint exploited
The flaw should be taken seriously, despite its relatively low score, according to researchers.
By David Jones • Updated April 16, 2026 -
Getty Images
CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog
The code injection flaw is similar to a prior vulnerability that was immediately flagged in January.
By David Jones • April 9, 2026 -
Getty Images
React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data
The stolen information could help intruders plan follow-up attacks and breach more organizations, Cisco researchers said.
By Eric Geller • April 7, 2026 -
Courtesy of Fortinet
Critical flaw in FortiClient EMS under exploitation
Fortinet released an emergency hotfix after security researchers discovered the vulnerability being exploited as a zero-day.
By David Jones • Updated April 6, 2026 -
Getty Images
Researchers warn of critical flaws in Progress ShareFile
Attackers could chain vulnerabilities together, leading to configuration changes or remote code execution.
By David Jones • April 3, 2026 -
Courtesy of F5 Press Kit
Critical flaw in F5 BIG-IP faces wide exploitation risk
The company revised a security advisory as newly disclosed information heightens the potential impact.
By David Jones • April 2, 2026
