patchconfiguration-management - FUSION GLOBAL

Laura French April 21, 2026

The median lead time between activity surge and advisory publication was 11 days.

Critical RCE vulnerability in protobuf.js; Exploit code published

SC Staff April 20, 2026

The vulnerability, tracked as GHSA-xq3m-2v4x-88gg, stems from unsafe dynamic code generation within protobuf.js.

SC Staff April 17, 2026

Security researcher Chaotic Eclipse has published a proof-of-concept exploit for a Microsoft Defender zero-day vulnerability dubbed "RedSun"...

Multiple attacks weaponizing critical Marimo RCE identified

SC Staff April 17, 2026

Numerous threat actors have launched intrusions abusing the critical remote code execution flaw in the open-source Python...

Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilities

Steve Zurier April 17, 2026

CISA flags 13-year-old ActiveMQ RCE as exploited, highlighting AI-driven bug discovery.

Microsoft, others patch hundreds of security flaws

SC Staff April 16, 2026

Nearly 180 critical vulnerabilities have been collectively addressed by Microsoft, Adobe, SAP, and Fortinet as part of...

SC Staff April 16, 2026

Under the new model, NIST will only fully enrich CVEs that are listed in the Cybersecurity and...

Nginx-ui MCP missing authentication flaw actively exploited

Laura French April 16, 2026

Attackers on the same network can alter nginx configurations, leading to complete takeover.

Active exploitation of old Microsoft bugs prompt CISA catalog inclusion

SC Staff April 14, 2026

The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include four old...

Critical wolfSSL vulnerability allows forged certificates

SC Staff April 14, 2026

The vulnerability, discovered by Nicholas Carlini, is a cryptographic validation flaw affecting multiple signature algorithms in wolfSSL,...