Patch/Configuration Management

The vulnerabilities, discovered by Eclypsium across four different products including GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM, enable unauthenticated actors to achieve root access or execute malicious code.

The vulnerability enables attackers to extract and misuse ASP.NET machine keys, facilitating unauthorized session authentication.

AI agent development and deployment platform LangSmith and high-performance large language model serving framework SGLang have been impacted by vulnerabilities that could allow attackers to take over accounts and run code remotely, respectively, according to The Hacker News.

Cybersecurity Dive reports that organizations' security teams may be disregarding remediation of the high-severity Cisco Catalyst SD-WAN vulnerability, tracked as CVE-2026-20133, after warnings that only emphasized the targeting of the zero-day, tracked as CVE-2026-20127.

Apple shifts to more continuous security patches versus waiting for the next big OS release.

The vulnerability allows low-privileged attackers to discover the full local installation path of the Wing FTP Server software.

Google has released an urgent Chrome update to patch a pair of actively exploited zero-day vulnerabilities, The Register reports.