Security – Page 6 – TheCyberThrone

CISA adds CVE-2026-6973 | Ivanti EPMM Authenticated RCE to KEV Catalog

Overview CISA has added CVE-2026-6973 to the Known Exploited Vulnerabilities catalog, giving federal civilian agencies until May 10, 2026 to remediate the flaw. The vulnerability is an improper input validation…

PravinKarthik May 10, 2026

Google 148 Stable Channel Released with 127 Bug fixes

Overview Google has released Chrome 148 to the stable channel, delivering one of the largest security update batches in the browser's history — patching 127 vulnerabilities across Windows, macOS, and…

PravinKarthik May 7, 2026

CVE-2026-0300 — Critical PAN-OS Buffer Overflow Bug

Overview Palo Alto Networks has confirmed that CVE-2026-0300, a critical PAN-OS vulnerability with a CVSS score of 9.3, is actively exploited in the wild. The flaw is a buffer overflow…

PravinKarthik May 6, 2026

Critical CVE-2026-0073 — Android ADB Wireless Authentication Bypass RCE

Overview CVE-2026-0073 is a critical remote code execution vulnerability residing in the adbd_tls_verify_cert function within auth.cpp — the Android Debug Bridge (ADB) daemon's TLS certificate verification routine. The flaw is…

PravinKarthik May 5, 2026

CISA adds cPanel and Linux Kernel to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog — a critical authentication bypass in cPanel & WHM…

PravinKarthik May 4, 2026

PyTorch Lightning Poisoned — Mini Shai-Hulud Worm Crosses Into the AI/ML Supply Chain

The lightning package on PyPI — the high-level PyTorch framework powering ML training pipelines across the globe — was compromised in an active supply chain attack on April 30, 2026.…

PravinKarthik May 1, 2026

Mini Shai-Hulud: SAP’s npm Pipeline Poisoned to Drain Enterprise Secrets

April 29, 2026 | TeamPCP Attribution | Active Exfiltration Confirmed What Hit Four packages from SAP's Cloud Application Programming Model (CAP) toolchain were poisoned: @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt —…

PravinKarthik April 30, 2026

CISA adds Two vulnerabilities to KEV catalog

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation — CVE-2024-1708, a ConnectWise ScreenConnect path traversal vulnerability, and CVE-2026-32202, a Microsoft Windows…

PravinKarthik April 29, 2026