News
WordPress WPCode patches Author-level RCE in v2.3.6, 3 million sites affected (CVE-2026-8832)
Global CompaniesDevelopmentSecurity
A code injection flaw (CVE-2026-8832, CVSS 8.8) has been disclosed in WPCode, a WordPress code-snippet management plugin installed on over 3 million sites. The flaw lets any user with Author-level access or higher run arbitrary code on the server. The vendor released v2.3.6 on May 26, 2026; Wordfence published the advisory on May 27.
2026.05.279 views
News
IBM WebSphere vulnerability roundup: CVE-2026-8633 plus four new June flaws
Global CompaniesSecurityInfrastructure
IBM WebSphereに重大欠陥が相次ぎ公開。6月1日に新たに4件(CVE-2026-8644ほか、3件が遠隔コード実行)、5月のCVE-2026-8633(CVSS9.8)も継続対象。8.5系/9.0系の確認と修正パッチの当て方を優先順位つきで整理。
2026.05.2734 views
News
LiteSpeed cPanel plugin CVE-2026-48172 actively exploited for root takeover (CISA KEV)
InfrastructureSecurityGlobal Companies
CVE-2026-48172, a CVSS 10 privilege escalation flaw in the LiteSpeed User-End cPanel plugin, is being actively exploited in 2026. Any cPanel user (including a compromised tenant on shared hosting) can run arbitrary scripts as root. CISA added it to the Known Exploited Vulnerabilities catalog. Mirai botnet variants and a ransomware strain are reportedly being dropped via the bug. Patch to plugin v2.4.7 or WHM plugin v5.3.1.0 immediately.
2026.05.2713 views
Column
The Day Google Summons Back the "Obscure Personal Blog": Beyond AI Article Fatigue
DevelopmentFreelance
The "obscure personal blogs" that Google's Helpful Content Update killed in 2023 are being summoned back by the March and May 2026 Core Updates. A field report on E-E-A-T's "Experience" axis, AI-article fatigue, and the strange world of a blog where Bing slightly outranks Google.
2026.05.2611 views
News
SGLang CVE-2026-5760 and 3 more RCE flaws hit AI inference server (3 unpatched)
InfrastructureSecurityAI
Four critical RCE vulnerabilities disclosed in SGLang, the AI inference server used by xAI, AMD, NVIDIA, and major cloud providers. CVSS 9.8, no auth required, three remain unpatched as of May 26, 2026. JPCERT/CC issued an advisory.
2026.05.2630 views
News
NEC Aterm Routers Hit With Two New Vulnerabilities — Nine Home Wi-Fi Models and Two LTE Routers Affected
InfrastructureSecurityJapanese Companies
NEC Platforms disclosed two more vulnerabilities in its Aterm router line on May 25, 2026 — a cross-site scripting flaw across nine popular Wi-Fi 6/6E/7 home models and an OS command injection in two business-grade LTE routers. The advisories follow a much larger March 2026 disclosure that affected 21 models and included an undocumented telnet backdoor.
2026.05.2519 views
News
Critical Drupal Core Flaw Lets Anyone Hijack PostgreSQL Sites — CISA Sets May 27 Deadline
InfrastructureSecurityDevelopment
The U.S. CISA gave federal agencies just five days to patch CVE-2026-9082, a highly critical SQL injection in Drupal core that lets anonymous attackers take over PostgreSQL-backed sites. Imperva already counts 15,000 attack attempts against 6,000 sites across 65 countries, including Drupal-powered government and university portals in Japan.
2026.05.2320 views
News Updated 3 days ago
UniFi OS exploited in the wild (KEV): unauth root RCE, CVE-2026-34910
InfrastructureSecurity
Three critical UniFi OS flaws (all CVSS 10.0) were added to CISA's Known Exploited Vulnerabilities (KEV) list in June 2026, and a chain to gain root with no authentication is now public. We cover affected models, fixed versions, and what to do now: update and rotate secrets.
2026.05.2260 views
News
Langflow CVE-2025-34291: visiting a web page can hijack your AI agent stack
SecurityDevelopmentAI
A CVSS 9.4 flaw has been found in Langflow, the popular AI agent OSS, and CISA has added it to the Known Exploited Vulnerabilities catalog. Visiting a malicious web page is enough to steal a user's session and hijack the entire AI agent stack, including configured OpenAI and Anthropic API keys. A fix is available in version 1.9.3.
2026.05.2217 views
News Updated 6 days ago
Is IINA Safe? One Malicious Link Can Hijack Your Mac (CVE-2026-47114) — Update to 1.4.3
DevelopmentSecurityLinux
A critical CVSS 8.8 vulnerability has been found in IINA, the popular open-source video player for Mac. Just clicking a malicious link and approving the open prompt lets attackers run arbitrary commands on your Mac. Used by 44K+ GitHub stargazers, the project has shipped a fix in version 1.4.3 and immediate updates are advised.
2026.05.2239 views
News
Apex One Hit by 14 Vulnerabilities; Console Hijack Could Reach All Company PCs
InfrastructureSecurityJapanese Companies
Trend Micro has disclosed 14 vulnerabilities in its enterprise antivirus Apex One. Two of them are rated at the maximum severity tier, letting attackers hijack the management console without login and push malware to every PC in the company. With past zero-day exploitation on record, immediate patching is advised.
2026.05.2225 views
News
Critical RCE in GUARDIANWALL MailSuite Confirmed Under Active Attack — 4,000 Japanese Firms Affected
SecurityInfrastructureJapanese Companies
A critical CVSS 9.8 vulnerability in Canon ITS's GUARDIANWALL MailSuite lets attackers run code without login. Used by 4,000+ Japanese organizations (5.8M users), exploitation is already confirmed. Here is how to identify your edition and apply the patch.
2026.05.2115 views
