PAN-OS IKEv2 and DNS Proxy RCEs — CVE-2026-0263
CVE-2026-0263 and CVE-2026-0264 deliver RCE in PAN-OS VPN and DNS processing. FortiClient EMS CVE-2026-35616 exploited in the wild.
Posts tagged: Npm
Megalodon Poisons 5,500+ GitHub Repos
Megalodon injects malicious workflows into 5,500+ GitHub repos, CVE-2026-26980 Ghost CMS zero-day exploited, TrapDoor plants 34 packages on npm and PyPI.
NGINX Heap Overflow CVE-2026-42945 Exploited
CVE-2026-42945 NGINX heap overflow exploited 48 hours after disclosure, MiniPlasma Windows kernel zero-day PoC public, ShinyHunters hits 7-Eleven.
Microsoft AI Finds 16 Windows Zero-Days
CVE-2026-33827 and CVE-2026-33824 AI-discovered CVSS 9.8 Windows kernel RCEs patched. Shai-Hulud npm worm spreads. Foxconn confirms factory cyberattack.
First AI-Generated Zero-Day — CVE-2026-41940
Google TAG confirms first AI-crafted zero-day exploiting CVE-2026-41940 in cPanel, Shai-Hulud npm/PyPI worm, Cl0p sat in UK water utility for 730 days.
CVE-2026-41940 cPanel Auth Bypass Exploited
CVE-2026-41940 cPanel CVSS 10.0 auth bypass exploited since February with public PoC, SAP npm supply-chain backdoor, Linux Copy Fail kernel root flaw.
Microsoft Defender Zero-Day Exploited Pre-Disclosure
CISA adds Microsoft Defender zero-day to KEV. Unit 42 Zealot AI agent pwns cloud. CanisterSprawl npm worm self-propagates. Talos Q1 2026 IR data.