Explore the latest news, real-world incidents, expert analysis, and trends in Vulnerability — only on The Hacker News, the leading cybersecurity and IT news platform.

Oracle PeopleSoft zero-day CVE-2026-35273 was exploited before Oracle's June 10 advisory, exposing data and triggering extortion attacks.

Jun 9, 2026 · Google released security updates for 74 Chrome vulnerabilities, including CVE-2026-11645, a high-severity V8 out-of-bounds memory access flaw.

2 days ago · The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM …

Nov 12, 2025 · The zero-day vulnerability that has been listed as exploited in Tuesday's update is CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. The Microsoft Threat …

Jun 10, 2026 · A ServiceNow security issue allowed unauthenticated users, in certain circumstances, to gain greater access to susceptible instances than intended.

Jun 9, 2026 · Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability …

May 8, 2026 · The vulnerability was reported to Linux kernel maintainers on April 30, 2026. "Dirty Frag is a vulnerability (class) that achieves root privileges on most Linux distributions by chaining the xfrm …

Jun 3, 2026 · Unpatched Windows search: URI flaw leaks NTLMv2 hashes via SMB requests; disclosed April 2026, enabling relay attacks.

Jun 10, 2026 · CVE-2026-5027 lets attackers abuse Langflow path traversal, exposing 7,000 AI app instances to file-write attacks.