Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Every security team’s nightmare came true over the weekend: a ...

What happened: A double-free flaw in Apache HTTP Server’s HTTP/2 handling can crash servers or allow remote code execution without authentication. Why it matters: With Apache powering about a quarter ...

Exploit code confirmed: Researchers have proof-of-concept code for CVE-2026-23918, enabling denial-of-service or remote code execution on Apache HTTP Server. Widespread server exposure: Apache serves ...

Amazon has announced compensation and a rescheduled event following Throne and Liberty emergency maintenance yesterday. Today, New World: Aeternum also went into an emergency maintenance to squash ...

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions ...

Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly ...

The proof-of-concept exploit is easy to execute, and could foretell wider targeting of the Fortinet vulnerability by attackers. Security researchers have released technical details and a ...

Fortinet disclosed a critical vulnerability, CVE-2026-35616, in its FortiClient Endpoint Management Server that has been actively exploited and flagged in the Known Exploited Vulnerabilities catalog.