Vulert - Open Source Security Blog

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft’s June 2026 Patch Tuesday is one of the largest security updates the company has ever shipped. The release addresses a record number of vulnerabilities across Windows and related products,…

ShinyHunters CVE-2026-35273 Oracle Zero-Day Exploits

ShinyHunters Exploits Oracle PeopleSoft Zero-Day CVE-2026-35273 to Breach Universities

Oracle PeopleSoft administrators are facing an urgent zero-day incident. A critical remote code execution vulnerability, tracked as CVE-2026-35273, was exploited before Oracle published its June 10 advisory, giving attackers a…

Zero-Day Exploits Chrome V8 CVE-2026-11645

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild — Patch Now

Google has patched a high-severity Chrome zero-day vulnerability that is already being exploited in the wild. The flaw, tracked as CVE-2026-11645, affects Chrome’s V8 JavaScript and WebAssembly engine and can…

Open Source Security MTTR SBOM Software Supply Chain Attacks

Open Source Security in 2026 — State of the Industry

Open source is no longer a small part of modern software. It is the foundation. Most applications now depend on hundreds or thousands of external packages, many pulled in indirectly…

Executive Buy-In Cloud Security Tools Security Tooling

How to Get Executive Buy-In for Security Tooling — Arguments That Actually Work

The person who finds the security problem is often not the person who controls the budget. A developer sees vulnerable dependencies. An engineering lead sees wasted time. A security-minded founder…

Vulnerability Management Cybersecurity Startups

Vulnerability Management for Startups — Security at Every Stage Without Breaking the Budget

Most startups do not ignore security because they do not care. They ignore it because the roadmap is crowded, the team is small, and every new tool feels like another…

Open Source Security Agency Security Client Codebases

Open Source Security for Agencies — Managing Vulnerabilities Across Multiple Client Codebases

An agency maintaining 20 client applications does not have one dependency problem. It has 20 dependency problems, 20 security expectations, 20 delivery timelines, and 20 different conversations when a critical…

GitLab CI Dependency Vulnerability Security Scanning

GitLab CI Security Scanning — Dependency Vulnerability Detection Setup

A GitLab pipeline can build, test, and deploy successfully while still shipping a vulnerable package. Passing CI does not always mean the release is safe. It only means the checks…

GitHub ci-cd GitHub Actions Security Scanning

How to Add Security Scanning to GitHub Actions — Complete Setup Guide

A pull request can pass tests and still ship a vulnerable package, leaked API key, or unsafe code pattern. CI/CD should not only ask, “Does this build work?” It should…

Dependency Pinning Application Security Floating Versions Log4j

Dependency Pinning vs Floating Versions — What Security Teams Need to Know

A dependency version can decide whether your production build installs the same safe code every time or silently pulls a different release. lodash@4.17.21, lodash@^4.17.0, and lodash@>=4.0.0 create very different security…

You Missed