CVE Archives

When Encryption Isn’t Really Encryption

Michelle Rhodes | May 28, 2026 | CVE, CVE-2026-1789, enterprise security, IoT Security, Offensive Security, printer security, Uncategorized, Vulnerability Research

Discovery During a recent network security assessment, we were working on an environment that was well-hardened – Patching was current, password policies were strong, and network segmentation was in place. So, as ...

Offensive Security Blog: Latest Trends in Hacking | Praetorian

Cogent: AI Exploit Developer Threats Outpace Scanner Detection On Critical Vulnerabilities

Adrian Bridgwater | May 27, 2026 | AI, Application Security, CVE, Cybersecurity, Data Security, Exploits, Information Security, Privacy, remediation, scanners, security, Vulnerabilities, zero-day

AI-native cybersecurity firm Cogent reveals that AI-assisted exploit development has collapsed vulnerability-to-weaponization timelines from 125 days to 12 hours, rendering traditional scanner-based detection cycles obsolete ...

Security Boulevard

AI Vulnerability Discovery and the Open Source CVE Surge

Michael Vizard | May 7, 2026 | AI, Claude Mythos Preview, CVE, HeroDevs, Vulnerabilities

The volume of CVEs landing against widely used open source libraries has jumped sharply in the last several months, and the cause isn’t a sudden drop in code quality — it’s that ...

Security Boulevard

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Deepak Gupta - Tech Entrepreneur, Cybersecurity Author | April 23, 2026 | AI (Artificial Intelligence), bug bounty, claude-mythos, CVE, Cybersecurity, security, TechExplained, Vulnerabilities

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate vulnerabilities in isolation. That assumption is now broken ...

Deepak Gupta | AI & Cybersecurity Innovation Leader | Founder's Journey from Code to Scale

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Deepak Gupta | April 23, 2026 | AI (Artificial Intelligence), bug bounty, claude-mythos, CVE, Cybersecurity, security, TechExplained, Vulnerabilities

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate vulnerabilities in isolation ...

Deepak Gupta's notebook

What the NVD ‘Slowdown’ Means For You: How to Stay Ahead in Vulnerability Management

Flashpoint | April 1, 2026 | CVE, Flashpoint, nvd, VulnDB, Vulnerabilities, vulnerability intelligence, Vulnerability Management, vulnerability prioritization

Flashpoint’s vulnerability intelligence is powered by an independent research team that is constantly on the hunt for the latest vulnerabilities. Although the National Vulnerability Database (NVD) may be experiencing disruptions, it has ...

Threat Intelligence Blog | Flashpoint

Two Group Policy Management Editor windows showing security policies. Top window has digital sign communications enabled, bottom has it disabled.

Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem

n8n-publisher | March 26, 2026 | Active Directory, CVE, CVE-2025-33073, ntlm relay, Offensive Security, SMB Signing, Unconstrained Delegation, Vulnerability Research

The False Sense of Security SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes ...

Offensive Security Blog: Latest Trends in Hacking | Praetorian

CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution

n8n-publisher | March 19, 2026 | CVE, CVE-2026-3630, ICS Security, Offensive Security, Vulnerability Research

Key Takeaways CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA Delta Electronics COMMGR2 contains an out-of-bounds write vulnerability (CWE-787) enabling unauthenticated remote code execution NVD lists ...

Offensive Security Blog: Latest Trends in Hacking | Praetorian

CVE-2026-3342: Critical Out-of-Bounds Write Vulnerability in WatchGuard Fireware OS

n8n-publisher | March 19, 2026 | CVE, CVE-2026-3342

Key Takeaways CVSS v3.1 base score of 7.2 (High) according to NVD analysis Affects WatchGuard Fireware OS versions 11.9-11.12.4_Update1, 12.0-12.11.7, and 2025.1-2026.1.1 Authenticated privileged administrators can execute arbitrary code with root permissions ...

Offensive Security Blog: Latest Trends in Hacking | Praetorian

Dialog box showing localhost URL file-processing.local:8080 with file-processing.local text and cyan OK button

When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise

n8n-publisher | March 17, 2026 | Application Security, CVE, Offensive Security, Tools & Techniques, Vulnerability Research

What started as a standard cross-site scripting vulnerability in a document processing platform turned into a full administrative takeover of the application and, ultimately, remote code execution on the underlying server. The ...

Offensive Security Blog: Latest Trends in Hacking | Praetorian

CVE

When Encryption Isn’t Really Encryption

Cogent: AI Exploit Developer Threats Outpace Scanner Detection On Critical Vulnerabilities

AI Vulnerability Discovery and the Open Source CVE Surge

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

What the NVD ‘Slowdown’ Means For You: How to Stay Ahead in Vulnerability Management

Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem

CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution

CVE-2026-3342: Critical Out-of-Bounds Write Vulnerability in WatchGuard Fireware OS

When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On