Dell RecoverPoint zero-day CVE-2026-22769 exploited since 2024 to gain root access and deploy GRIMBOLT, BRICKSTORM backdoors in targeted attacks.

A new report from Google Threat Intelligence Group (GTIG) and Mandiant warns of a zero-day vulnerability present in Dell RecoverPoint for Virtual Machines since 2024, and that has been actively ...

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE ...

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws ...

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications.

It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication ...

Microsoft confirms CVE-2026-20841, a Remote Code Execution flaw in Windows 11 Notepad via Markdown links. Patch now rolling ...

The National Institute of Standards and Technology is preparing to shift its role in the globally-adopted vulnerability ...

More than 25 million individuals are now tied to the Conduent Business Services breach as investigations continue to expand its scope. In Canada, approximately 750,000 investors were affected in the ...

A critical remote code execution flaw in the WPvivid Backup & Migration WordPress plugin puts over 900,000 sites at risk unless patched.

The cybersecurity of business is not the function of CISA. CISA’s remit is to raise the security of FECB agencies, and KEV is ...

VulnCheck, the exploit intelligence company, today announced a $25 million Series B funding round led by Sorenson Capital, with participation from National Grid Partners and existing investors, ...