Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments. They can only be fixed by upgrading to the latest version. Of the four holes, two are more serious, because they carry CVSS scores of 8.8: CVE-2026-1580 is an improper input validation…
Category: Network Security, Security, Vulnerabilities
Exploits, Global Security News, Network Security, Security, Vulnerabilities
Ivanti patches two actively exploited critical vulnerabilities in EPMM
IT software company Ivanti released patches for its Endpoint Manager Mobile (EPMM) product to fix two new remote code execution vulnerabilities already under attack in the wild. “We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the company said in a security advisory that…
Global Security News, Network Security, Security, Vulnerabilities
Palo Alto Networks patches firewalls after discovery of a new denial-of-service flaw
Palo Alto Networks has issued patches for its PAN-OS firewall platform after a researcher uncovered a high-severity vulnerability which could be exploited by attackers to cause a denial-of-service (DoS). The flaw, identified as CVE-2026-0227 with a CVSS 7.7 (‘high’) severity rating, affects customers running PAN-OS NGFW (Next-Generation Firewall) or Prisma Access configurations with the company’s…
Exploits, Global Security News, Network Security, Security, Vulnerabilities
High-severity bug in Broadcom software enables easy WiFi denial-of-service
A high-severity flaw in Broadcom WiFi chipset software can allow an attacker within radio range to completely knock wireless networks offline by sending a single malicious frame, forcing routers to be manually rebooted before connectivity can be restored. The flaw, uncovered by the Cybersecurity Research Center (CyRC) at Black Duck during fuzz testing of 802.11…
Exploits, Global Security News, Network Security, Security, Vulnerabilities
HPE OneView vulnerable to remote code execution attack
A maximum severity remote code execution vulnerability in Hewlett Packard Enterprise (HPE) OneView network and systems management suite is “bad” and needs to be patched immediately, says a cybersecurity expert. “Vendors typically downplay the severity of a vulnerability,” says Curtis Dukes, executive VP for security best practices at the Center for Internet Security, “but HPE…
Global Security News, Network Security, Security, Vulnerabilities
EOL-Software gefährdet Unternehmenssicherheit
Geräte mit End-of-Life-Software (EOL) stellen nach wie vor ein weit verbreitetes Sicherheitsproblem in Unternehmen dar. tookitook -shutterstock.com Laut einer Studie von Palo Alto Networks laufen 26 Prozent der Linux-Systeme und acht Prozent der Windows-Systeme mit veralteten Versionen. Die Ergebnisse basieren auf Telemetriedaten von 27 Millionen Geräten in den Netzwerken von 1.800 Unternehmen. Die Analyse offenbart…
Exploits, Global Security News, Network Security, Security, Vulnerabilities
Source code and vulnerability info stolen from F5 Networks
CSOs with equipment from F5 Networks in their environment should patch their devices immediately and be alert for suspicious activity after the company acknowledged in a regulatory filing today that an unnamed threat actor stole some source code for its BIG-IP products earlier this year, as well as information on undisclosed vulnerabilities and device configuration…
Exploits, Global Security News, Network Security, Security, Vulnerabilities
Public exploits already available for a severity 10 Erlang SSH vulnerability; patch now
Experts are urging enterprises to immediately patch an Erlang/OTP Secure Shell (SSH) vulnerability that allows unauthenticated attackers to gain full access to a device. The remote code execution (RCE) vulnerability (CVE-2025-32433) has a CVSS score of 10, the highest possible severity level. Many impacted devices are widely used in Internet of Things (IoT) and telecom…
Exploits, Global Security News, Network Security, Security, Vulnerabilities
Hackers gain root access to Palo Alto firewalls through chained bugs
A high-severity authentication bypass vulnerability in Palo Alto Networks’ PAN-OS software, patched last week, is now being actively exploited by threat actors to gain root-level access to affected firewall systems. Tracked as CVE-2025-0108, the vulnerability allows an unauthenticated attacker with network access to the PAN-OS management web interface to bypass authentication requirements. The flaw received…
Asia Pacific, Global Security News, Network Security, Security, Vulnerabilities
US eyes ban on TP-Link routers amid cybersecurity concerns
The US government is investigating TP-Link, a Chinese company that supplies about 65% of routers for American homes and small businesses, amid concerns about national security risks. Reports suggest these routers have vulnerabilities that cybercriminals exploit to compromise sensitive enterprise data. Investigations by the Commerce, Defense, and Justice Departments indicate that the routers may have…