Known Exploited Vulnerabilities and counting....
A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.
Cybersecurity Brief – May 5, 2026
The cybersecurity workforce crisis is intensifying as AI-powered attacks outpace defensive capabilities. A critical shortage of security professionals worldwide is coinciding with what researchers are calling an "AI bugocalypse" — a surge in automated, AI-driven attack campaigns that exploit the interconnected nature of modern infrastructure. The gap between threat sophistication and available talent represents a systemic risk that organizations across sectors are struggling to address.
In vendor security news, Trellix disclosed that its source code repository was breached, though the company's investigation indicates no compromise of its source code release or distribution processes. Separately, Instructure is investigating a cybersecurity incident affecting Canvas, its widely deployed learning management platform used by educational institutions globally. Both incidents underscore the persistent targeting of security and technology providers themselves — breaches that can have cascading effects across customer bases.
Sources: Rest of World · SecurityWeek · SC Media
Common Vulnerability and Exposure
CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.
Search Known Exploits
Search for CVEs by vendor to identify known exploited vulnerabilities in your environment
Upcoming Patch Due Dates
via Binding Operational Directive 22-01
(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.
Loading...
Cyber Security News
You may have missed...
*
Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
North Korea-aligned ScarCruft group compromised a video game platform targeting ethnic Koreans in China's Yanbian region, distributing a new Android v...
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
Multiple threat actors have exploited the critical cPanel authentication bypass vulnerability to mass-breach servers, deface websites, and deploy rans...
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
Apache releases security updates to address CVE-2026-23918, a double-free vulnerability in HTTP/2 protocol handling that enables denial-of-service and...
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls - SecurityWeek
Palo Alto Networks is working on patches for a critical PAN-OS zero-day that has been exploited to hack some of the company's firewall models.
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments
A high-severity Linux kernel vulnerability enables root privilege escalation across major Linux distributions and Kubernetes workloads, with working e...
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
The critical cPanel authentication bypass vulnerability has deteriorated with multi-actor exploitation leading to disrupted websites, ransomware deplo...
Hacked, robbed, then banned: Canton Township business owner's meta AI nightmare
Jason Keilman, a Canton Township hearing aid business owner, was hacked twice, had $950 stolen from his Meta ad account, and was then permanently ...
Police unions demand answers over taser security flaw that exposes location of officers
A phone sitting on a car dashboard, on it is an app with details listed. The hacker demonstrates to Four Corners how a simple app can locate officers'...
Updated daily