CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

CVSS vulnerability triage missed a chained Palo Alto attack that hit 13,000 devices. Five failure classes and the fixes security directors can act on now.
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
The Hacker News

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti EPMM flaw CVE-2026-6973 exploited in limited attacks; CISA mandates fixes by May 10, 2026, increasing urgency.
Hosted on MSN

Hackers exploit flaws before patches as SharePoint, Cisco remain targets

Pre-patch exploitation: Mandiant reports hackers now strike an average of seven days before patches exist, sometimes selling ...

When Breaches Cascade: Why Financial Networks Need a New Model of Cyber Risk

There is a moment in every major cyber incident — the SolarWinds compromise, the MOVEit wave, the SWIFT Bangladesh heist — ...
Infosecurity-magazine.com

Beyond the Score: Rethinking Vulnerability Management in a Contextual Era

Picture the scenario: you log into your vulnerability management dashboard on a Monday morning. The scan ran overnight, and the report lights up with a dozen new high-severity CVEs. One stands out ...