CISA Adds Actively Exploited Microsoft SharePoint Flaw to KEV Catalog
A deserialization vulnerability in Microsoft SharePoint is currently being exploited in the wild, prompting an urgent remediation deadline for federal agencies.
CISA has added CVE-2026-58644, a deserialization of untrusted data vulnerability (CWE-502) affecting Microsoft SharePoint, to its Known Exploited Vulnerabilities catalog. This security flaw allows an unauthorized attacker to execute code over a network, posing a significant risk to affected environments.
Because the vulnerability is being actively exploited in real-world attacks, federal agencies are required to apply vendor-provided mitigations by July 19, 2026. Organizations must follow CISA's BOD 26-04 guidance, which includes evaluating internet exposure and adhering to specific forensics triage requirements.
Continue Reading
23andMe Settles Data Privacy Claims
A multi-state settlement highlights the massive fallout from a 2023 breach that exposed sensitive genetic data for millions of customers.
LegacyHive: A New Windows Zero-Day
A persistent security researcher has unveiled a local privilege escalation bug for Windows 11, raising questions about severity.
Critical SSRF Vulnerability Discovered in stoatchat Versions Below 0.13.5
A critical server-side request forgery vulnerability in stoatchat allows unauthenticated attackers to access internal network infrastructure.