Update now: 7-Zip fixes RCE flaw exploitable with malicious archives
7-Zip has released a critical security update to address a Remote Code Execution (RCE) vulnerability...
Tag archive
7-Zip has released a critical security update to address a Remote Code Execution (RCE) vulnerability...
XZ Backdoor Analysis, WordPress WAF Rules, & AI Code Review Challenges ...
🤖 Auto-generated daily threat intelligence digest — July 18, 2026 📡 Resumen diario de threat...

How to read vulnerability scan report results becomes urgent right after the first scan finishes. The...
GitHub's Secret Scanning Zero-Inbox, Decoy Fonts for OCR, & Torvalds on AI Kernel...
GitHub Hardening, DNSSEC Failure Response, and Platform Resilience Updates ...
Two unpatched vulnerabilities in Anthropic's 'Claude for Chrome' extension could allow a second, malicious extension to access and exfiltrate a user's Google Workspace data, including Gmail, Docs, and Calendar. The flaws, which exploit the extension's trust model by allowing a script to trigger actions without genuine user consent, were reported in May but persist in the latest version. The risk is highest for users who have enabled the 'Act without asking' feature, which could allow for silent data theft.
A security researcher known as NightmareEclipse has publicly disclosed 'LegacyHive,' a new zero-day vulnerability affecting fully patched Windows systems, just one day after Microsoft's July 2026 Patch Tuesday. The researcher released a proof-of-concept (PoC) exploit that abuses path resolution in the Windows Object Manager. This allows a low-privileged user to mount and read data from another user's 'UsrClass.dat' registry hive, potentially exposing application settings and user activity history.
SonicWall has released urgent security patches for two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, affecting its SMA 1000 series appliances. Threat actors are chaining the flaws—a server-side request forgery (SSRF) and a code injection bug—to achieve unauthenticated remote code execution with root privileges. Rapid7 reported observing exploitation in the wild since late June 2026, weeks before patches were available. CISA has added both vulnerabilities to its KEV catalog, mandating immediate action for federal agencies.
Windows GDID, IoT Hardening, and C String Vulnerabilities Today's...
AI Prompt Hardening, FSF Botnet Defense, and Decentralized Identity Security ...
SAP has released its February 2024 Security Notes, addressing multiple critical vulnerabilities...