Meet Fragnesia, the third Linux kernel vulnerability in a month
Similar to Dirty Frag, Fragnesia (CVE-2026-46300) is a local privilege escalation hole that exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory…
Author: Cybernoz
NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals
As of April 15, 2026, NIST enriches only CVEs that appear in the CISA Known Exploited Vulnerabilities catalog, federal government software, or software designated critical…
CVE-2026-20182: Cisco SD-WAN Active Exploitation
Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been…
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused…
Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network
A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant…
Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution
Windows systems worldwide are at risk from a new critical flaw in the Windows DNS Client that could allow remote code execution without any user…
China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage
A new wave of cyberattacks has been hitting organisations across Japan and the Asia-Pacific area. These attacks, which began in late September 2025, have been…
Microsoft turns Copilot Studio into an AI agent control center
The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in…
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as “malicious activity” in newly published versions of node-ipc. According to Socket and StepSecurity,…
CMA launches investigation into Microsoft business software
The Competition and Markets Authority (CMA) has formally launched its investigation into Microsoft’s business software to look at whether the provider of office productivity and…
F5 patches 18-year-old AI-found ‘Rift’ vulnerability in NGINX web server
F5, the company supporting the world’s most popular web server NGINX, has issued patches for a critical memory corruption bug causing a heap buffer overflow,…
Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
Mythos appears to be as powerful as claimed at detecting software vulnerabilities; but its capabilities in other areas is more nuanced. Anthropic’s Mythos AI model…