Trend Micro Apex One Directory Traversal Zero-Day Added to CISA KEV (CVE-2026-34926)

Scope: Trend Micro Apex One On-Premises (Server and Agent Builds Below 17079)

Severity: High

Read More

Drupal Core SQL Injection Under Active Mass Exploitation Added to CISA KEV (CVE-2026-9082)

Scope: Drupal Core (All Supported Versions Using PostgreSQL Backend)

Severity: Red

Read More

npm Security Hardening Advisory: 2FA-Gated Staged Publishing and Install Source Controls Now Available

Scope: npm Ecosystem (All Package Maintainers and CI/CD Pipelines)

Severity: High

Read More

Ghost CMS SQL Injection Actively Exploited in Large-Scale ClickFix Campaign (CVE-2026-26980)

Scope: Ghost CMS Versions 3.24.0 to 6.19.0

Severity: Red

Read More

Four Malicious npm Packages Delivering Infostealers and Phantom Bot DDoS Malware

Scope: npm Ecosystem (chalk-tempalte, @deadcode09284814/axios-util, axois-utils, color-style-utils)

Severity: Red

Read More

MiniPlasma – Windows Cloud Files Mini Filter Driver Zero-Day Bypasses 2020 Patch, Grants SYSTEM Access

Scope: Windows 11 and Windows Server 2022, 2025, 2026 (All Fully Patched Builds as of May 2026)

Severity: Red

Read More