VYPR
Latest stories
3,369 stories · 2,711 sources
Top stories · 7d roundup
Synthesized by Vypr AI

Top Vulnerability Stories

Russian Hackers Target Network Devices

Russian state-sponsored actors are actively targeting network devices, including routers, with a focus on exploiting known vulnerabilities. A joint advisory from the US and its allies highlights the threat to critical infrastructure, urging organizations to improve router security and disable features like Cisco Smart Install. This campaign underscores the persistent danger posed by nation-state actors to essential services. CyberScoop CISA Alerts Infosecurity Magazine BleepingComputer Cyber Security News

BeyondTrust Patches Critical Flaws

BeyondTrust has released patches for critical authentication bypass vulnerabilities affecting its remote access software. These flaws could allow attackers to gain unauthorized access to sensitive systems. The company is urging users to update their software immediately to mitigate the risk of exploitation. BleepingComputer The Hacker News

New Ransomware Targets Industries

A new ransomware strain, dubbed "The Gentlemen," is rapidly expanding its reach across various industries. This sophisticated malware employs custom tools to disable endpoint detection and response (EDR) and antivirus solutions, making it more challenging to detect and remove. The ransomware's rapid proliferation and evasive capabilities pose a significant threat to organizations worldwide. Unit 42: No Manners Here: The Ruthless Rise of The Gentlemen Ransomware Cyber Security News

SharePoint RCE Vulnerability Details Released

Proof-of-concept (PoC) code and technical details have been made public for a critical remote code execution (RCE) vulnerability in Microsoft SharePoint. This disclosure increases the risk of exploitation, as attackers can now more easily develop and deploy attacks targeting unpatched systems. Organizations using SharePoint should prioritize applying security updates to prevent potential compromises. Cyber Security News

Most critical
Sorted by risk + recency
Critical · last 30 days
CVSS ≥ 9, by news mentions
All →
  1. 01CVE-2026-35273KEV0.64
    Oracle Corporation/Peoplesoft Enterprise Peopletools

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…

  2. 02CVE-2026-50751KEV0.80
    Checkpoint/Remote Access and Mobile Access

    A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

  3. 03CVE-2026-10520KEV0.77
    Ivanti/Sentry

    An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

  4. 04CVE-2026-48558KEV0.77
    Simple Help/Simplehelp

    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic…

  5. 05CVE-2026-20253KEV0.76
    Splunk/Splunk

    In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks…

  6. 06CVE-2026-472910.64
    Microsoft/Windows HTTP.sys

    Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

  7. 07CVE-2026-456570.64
    Microsoft/Windows Kernel

    Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

Recently published
Last 24-48 hours
All →
  1. 01CVE-2026-54919
    WolfSSL/wolfSSL backend

    cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIB_MBEDTLS_SUPPORT or…

  2. 02CVE-2026-49844
    Apache/Log4j

    Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover…

  3. 03CVE-2026-55213
    Debian/h2o

    h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800…

  4. 04CVE-2026-618610.31
    ImageMagick/Imagemagick

    ImageMagick: ImageMagick: Use-after-free vulnerability leading to denial of service or code execution

  5. 05CVE-2026-618700.12
    ImageMagick/Imagemagick

    ImageMagick: ImageMagick: Denial of Service via specially crafted VIFF images

  6. 06CVE-2026-618580.14
    ImageMagick/Imagemagick

    ImageMagick: ImageMagick: Policy bypass allows unauthorized file writing via APNG encoder

  7. 07CVE-2026-614650.29
    ImageMagick/Imagemagick

    ImageMagick: ImageMagick: Denial of Service via crafted image due to missing memory allocation check