Users started filing bug reports on April 14 about broken sessions and garbled cookies in their ASP.NET Core 10 apps.
Pluto Security calls it MCPwn, which is about as on-the-nose as vulnerability names get.
Your VPN concentrator is supposed to be the wall between your internal network and the internet.
Cisco published an advisory on April 15 for CVE-2026-20184: a CVSS 9.
Most Python developers haven't looked twice at the gzip module since they first imported it. It compresses, it decompresses, it ships with the language.
Most vulnerability disclosures follow a predictable rhythm.
Everyone noticed when Axios got backdoored on March 31st.
Movable Type was the blogging platform before WordPress ate the world. If you started a blog between 2003 and 2008, there's a decent chance you used it.
If you manage endpoints with Fortinet's FortiClient EMS, stop what you're doing and patch. CVE-2026-35616 landed Saturday with a CVSS 9.
PraisonAI markets itself as a framework for building multi-agent AI teams — autonomous agents that write code, call APIs, and orchestrate complex workflows.
Google patched CVE-2026-5281 on April 1 — a use-after-free in Dawn, Chrome's WebGPU backend.
In 2005, researchers found a textbook buffer overflow in the telnet client's SLC handler — CVE-2005-0469. It got patched.
Twenty hours. That's the gap between the advisory dropping for CVE-2026-33017 and the first exploitation attempt hitting Sysdig's honeypots.