A disgruntled researcher has released a third wave of Windows zero-day exploits, including a BitLocker encryption bypass ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Every security team’s nightmare came true over the weekend: a ...

A single malformed web request is all it takes. On May 4, 2026, the Apache Software Foundation quietly filed a vulnerability ...

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat ...

Exploit code confirmed: Researchers have proof-of-concept code for CVE-2026-23918, enabling denial-of-service or remote code execution on Apache HTTP Server. Widespread server exposure: Apache serves ...

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions ...

Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly ...

Friday’s release of suspected NSA spying tools is bad news for companies running Windows Server. The cyberweapons, which are now publicly available, can easily hack older versions of the OS. The ...

A critical remote code execution flaw in GitHub allowed users to gain access to millions of repositories and compromise ...

The proof-of-concept exploit is easy to execute, and could foretell wider targeting of the Fortinet vulnerability by attackers. Security researchers have released technical details and a ...

Amazon has announced compensation and a rescheduled event following Throne and Liberty emergency maintenance yesterday. Today, New World: Aeternum also went into an emergency maintenance to squash ...

Fortinet disclosed a critical vulnerability, CVE-2026-35616, in its FortiClient Endpoint Management Server that has been actively exploited and flagged in the Known Exploited Vulnerabilities catalog.