BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
Live·39 d ago·Microsoft removes GitHub account over public zero-day drops
5 articles·4 streams
TopicsCVEAIBug BountyCyberattacks

Critical CVE newsletter

Every day we curate the most relevant CVEs and break them down in plain English: CVSS, affected vendors, exploitation requirements, evidence of active exploit, and concrete mitigations — all in a 3-minute read before 20:00 CET. If you live and breathe security, this CVE newsletter skips the NVD-feed noise: filtered by AI, prioritised by Gorka, and only what's worth your time. We lead with actively abused exploits, CVEs with public PoCs, top-vendor advisories (Cisco, Fortinet, Microsoft, Apple, Linux kernel), and the reminders you need when a patch arrives late. Subscribe free and stop missing critical vulnerabilities.

Subscribe freeBrowse all articles

Latest CVE articles

CVE1 jun 2026·2 min

Microsoft removes GitHub account over public zero-day drops

Microsoft removes GitHub account of researcher who publicly dropped zero-days without coordinated disclosure, then publicly endorses CVD.

Leer artículo
CVE31 may 2026·2 min

Emergency SharePoint patch: update now

Microsoft issued an out-of-band SharePoint patch, signaling active exploitation or critical severity outside the normal Patch Tuesday cycle.

Leer artículo
CVE26 may 2026·2 min

CVE-2026-31635 DirtyDecrypt: public PoC for Linux kernel LPE

Public PoC released for CVE-2026-31635 (DirtyDecrypt), a Linux kernel local privilege escalation flaw discovered by Zellic and V12.

Leer artículo
CVE26 may 2026·2 min

SharePoint RCE CVE-2026-45659 patched — CVSS 8.8

Microsoft patches CVE-2026-45659 in SharePoint Server — RCE via untrusted data deserialization, CVSS 8.8, no special attack conditions required.

Leer artículo
CVE24 may 2026·2 min

CVE-2026-34926: Apex One zero-day actively exploited

CVE-2026-34926, a directory traversal zero-day in TrendAI Apex One on-premise, is being actively exploited in the wild; patch is available.

Leer artículo

CVE — frequently asked questions

What is a CVE and why does it matter?+

A CVE (Common Vulnerabilities and Exposures) is the unique identifier MITRE assigns to a public vulnerability. Each CVE includes its CVSS (0–10 severity), affected vendors, and evidence of active exploitation when available. It matters because it tells you what to patch first.

How do you decide which CVEs make the newsletter?+

We filter by CVSS ≥ 8, evidence of in-the-wild exploitation, availability of a public proof-of-concept (PoC), or critical vendor advisories (Cisco, Fortinet, Microsoft, Apple, Linux kernel). Otherwise it doesn't make the cut. No noise, no low-impact CVEs.

When does the daily CVE digest arrive?+

Every day before 20:00 CET you'll get the day's critical CVEs in your inbox, alongside the rest of the curated news. ~3 minute read.

BBLabs NewsBBLabs News

BBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Producto

  • Hemeroteca
  • Ediciones
  • Temas
  • Glosario
  • RSS
  • Atom
  • JSON Feed

Editorial

  • Acerca de
  • Suscribirse
  • Cuenta
  • English

Legal

  • Privacidad
  • Términos
  • Contacto: team@bblabs.es

Conectar

  • YouTube · @0xGorka
  • Instagram · @bblabs.es
  • Discord BBLabs
  • Discord Bug Bounty ES
31 artículos·10 ediciones·Desde 2026·Hecho en España
© 2026 BBLabs News·Por Gorka El Bochi