Cyber Kendra

The Qualys Threat Research Unit (TRU) has released the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's __ptrace_may_access()…

Drupal has pushed emergency security updates for a highly critical SQL injection vulnerability in its core database abstraction layer — the kind of f…

A working proof-of-concept exploit for a new Linux kernel privilege escalation bug called PinTheft went public this week, adding another name to a gr…

The world's most popular open-source database just dropped its biggest security update of the year — and if you haven't patched yet, attacker…

The world's largest code-hosting platform just became the victim of its own ecosystem. On May 20, 2026, GitHub confirmed that a threat actor exf…

TeamPCP has quietly poisoned yet another trusted developer package — and this time the target was sitting inside Microsoft's own toolchain. Three…

Microsoft has dismantled a sophisticated criminal operation that essentially ran a paid signing service for malware, allowing ransomware groups to ma…

A single helpdesk phone call was all it took. Microsoft's Threat Intelligence team has published a detailed breakdown of how a threat actor it t…

Grafana Labs publicly confirmed this week that attackers stole a GitHub access token through a misconfigured CI/CD pipeline, downloaded private sourc…

Microsoft Exchange Server is having a very bad week. While threat actors are already exploiting a critical cross-site scripting vulnerability in the …

A logic flaw sitting quietly in the Linux kernel since at least 2020 — possibly longer — just got a working exploit, a public proof-of-concept, and a…

Google's elite Project Zero security team has done it again — this time turning the Pixel 10 into a case study for how hardware driver vulnerabil…

A memory corruption flaw in NGINX's source code, hidden since 2008, now has a working exploit. An unauthenticated attacker anywhere on the intern…

Linux administrators have barely had time to recover from Copy Fail and Dirty Frag — and now there's a third exploit joining the same dangerous f…

Millions of PHP developers who rely on Composer for dependency management were silently exposed to a token-leaking vulnerability this week — one that…

For decades, finding dangerous bugs buried deep inside Windows has been a job for elite human researchers armed with time and hard-won instinct. Toda…

A critical security vulnerability in Exim — the mail server software running on roughly half of all internet-facing email servers — allows a remote a…

For the first time, researchers have confirmed that a criminal threat actor used artificial intelligence to discover and weaponize a zero-day vulnera…

A self-propagating worm has torn through the TanStack JavaScript ecosystem, publishing 84 malicious versions across 42 widely used npm packages in a …

JDownloader, one of the most widely used free download managers with millions of users across Windows, macOS, and Linux, had its official website com…