Skip to main content
Mallory
Updated continuously · 1 new this hour

The signal that matters.

Cutting through advisories, vendor PSIRTs, researcher write-ups, and the underground — correlated, deduped, and ranked so your team only sees what moves the needle.

34,358stories tracked
Story velocity
+477past 48h
5,224 sources1.6M refsLive
358k
Vulnerabilities
+2,765 mentions · 48h
8,319
Threat actors
+184 mentions · 48h
15k
Malware families
+251 mentions · 48h
206k
Products tracked
+1,526 mentions · 48h
Updated 21h ago
Actively Exploited V…Endpoint Software Vu…Widely Deployed Prod…

Google Chrome Patches Actively Exploited V8 Out-of-Bounds Flaw

Google released an urgent Chrome desktop update to fix 74 security issues, including CVE-2026-11645, a high-severity out-of-bounds memory access vulnerability in the V8 JavaScript engine. Google said an exploit for the flaw exists in the wild, making it the most pressing issue in the release. The update affects Chrome on Windows, macOS, and Linux, and Google limited technical details for some bugs until more users receive the patch.

Timeline
  • yesterdayGoogle releases Chrome update fixing exploited V8 flaw CVE-2026-11645
  • 44d agoResearcher reports Chrome zero-day CVE-2026-11645 to Google
·17sources·Updated 7h ago
Also trending
Microsoft patches 200 flaws as BitLocker zero-day and Defender RoguePlanet emerge
Widely Deployed Prod…Endpoint Software Vu…+3

Microsoft patches 200 flaws as BitLocker zero-day and Defender RoguePlanet emerge

Microsoft released its largest Patch Tuesday update on record, fixing 200 vulnerabilities across Windows, Office, Azure, Exchange Server, .NET Framework, Hyper-V, Remote Desktop Services, and HTTP.sys, including 33 critical flaws and three publicly disclosed zero-days. The disclosed issues include CVE-2026-50507, a BitLocker security feature bypass that can let an attacker with physical access recover data from affected Windows devices; CVE-2026-49160, an HTTP/2 denial-of-service flaw affecting IIS and services built on HTTP.sys; and CVE-2026-45586, a Windows CTFMON privilege-escalation bug that can give a logged-in attacker SYSTEM privileges. Researchers also highlighted CVE-2026-45657, a wormable Windows kernel use-after-free vulnerability rated CVSS 9.8 that could enable remote, unauthenticated code execution as SYSTEM.

7·Updated 34min ago
Critical RCE in Veeam Backup & Replication Exposes Domain-Joined Servers
Widely Deployed Prod…Privilege Escalation…+2

Critical RCE in Veeam Backup & Replication Exposes Domain-Joined Servers

Veeam has released fixes for a critical remote code execution flaw in Veeam Backup & Replication, tracked as CVE-2026-44963, affecting version 12.3.2.4465 and earlier 12.x builds on Windows domain-joined servers. The vulnerability was reported by WatchTowr researcher Sina Kheirkhah and allows any authenticated low-privileged domain user to execute arbitrary code on the backup server, giving attackers a path to compromise backup infrastructure in Active Directory environments. Veeam says version 13.x is not affected because of architectural changes, and the issue is resolved in Veeam Backup & Replication 12.3.2.4854.

7·Updated 16h ago
Critical Ivanti Sentry Flaws Enable Root RCE and Admin Account Creation
Perimeter Device Exp…Widely Deployed Prod…+2

Critical Ivanti Sentry Flaws Enable Root RCE and Admin Account Creation

Ivanti disclosed two severe vulnerabilities in Ivanti Sentry that allow remote compromise of exposed appliances. CVE-2026-10520 is an OS command injection flaw (CWE-78) that can let an unauthenticated attacker achieve root-level remote code execution, while CVE-2026-10523 is an authentication bypass (CWE-288) that can be used to create arbitrary administrative accounts and obtain full administrative access. Both issues affect Ivanti Sentry versions earlier than R10.5.2, R10.6.2, and R10.7.1.

7·Updated 6h ago

Newest

The latest stories across every topic, sorted by when each story was first opened.

View all

Russia Approves Fines for Sites Using Foreign Login Services

Latest · yesterday

State Duma passes bill fining sites and apps for login-rule violations

237min ago

FulcrumSec Claims Arup Breach Exposed GitHub Repos, Cloud Data, and Client Projects

Latest · 3h ago

FulcrumSec contacts Arup after analyzing allegedly stolen data

33h ago

Microsoft patches 206 flaws as exploited Exchange and Defender bugs draw urgency

Latest · 10h ago

JPCERT/CC published advisory on Microsoft's June 2026 updates

344h ago

Ivanti EPMM Updates Patch Authenticated RCE and Root Command Injection Flaws

Latest · yesterday

Canadian Centre for Cyber Security issues alert on Ivanti advisories

38h ago
13 sections hidden
Find out if you're exposed

Don't read about it. Know when it affects you.

Mallory correlates every story on this page with your attack surface (assets, vendors, identities, subsidiaries) and surfaces a small set of evidence-based cases instead of 10,000 alerts.

Get started freeRequest a live demo
Subscribe to the digest

A daily email with top stories, new KEVs, and fresh exploits. No marketing.

Get the daily digest:
Or grab the RSS feeds →