The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.0 through 6.19.0, allowing unauthenticated attackers to steal admin API keys.
Tag: allowing
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945
A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shortly after disclosure. “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer…
Global Security News
Google Launches Android Spyware Forensics Tool for High-Risk Users
Google’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infections
AI, Global Security News
Are Those Brake Lights or a House on Fire? Your Security Camera Can’t Tell.
AI is allowing home-security cameras to offer detailed descriptions of what they see. The notifications are often spot on. They can also be wildly wrong.
AI, Compliance, Data Breaches, Europe, Exploits, Global Security News, privacy, Risk Management
Meta accused of violating DSA by failing to safeguard minors
The European Commission accuses Meta of failing to protect children, allowing users under 13 on Instagram and Facebook, in breach of the DSA rules. The European Commission has accused Meta of violating child safety rules. Instagram and Facebook allegedly failed to prevent children under 13 from accessing their platforms. According to the Commission, Meta did…
AI, Global Security News
Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories.
AI, Exploits, Global Security News
Critical Cursor bug could turn routine Git into RCE
Security researchers have disclosed a high-severity vulnerability affecting the Cursor IDE, allowing arbitrary code execution on a developer’s machine through a seemingly routine repository interaction. According to findings by AI pentesting platform Novee Security, once a developer cloned and interacted with a malicious repository, the IDE’s AI agent could trigger embedded Git logic, resulting in…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security
Critical bug in CrowdStrike LogScale let attackers access files
CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote attacker to read arbitrary files from the server filesystem. “CrowdStrike has released security updates…
AI, Apps, Exploits, Global Security News, privacy
iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix
Apple fixed an iOS flaw that kept deleted notifications on devices, allowing recovery of messages, including from apps like Signal. Apple released updates for iOS and iPadOS to address the vulnerability CVE-2026-28950, a flaw in Notification Services that stored notifications even after deletion. This logging issue could allow recovery of sensitive data, including messages from…
Global Security News
Fake Ledger Live App on Apple Store Linked to $9.5M Crypto Theft
Apple approved a fake Ledger Live app on its App Store, allowing scammers to steal $9.5 million from more than 50 users. Did you install this app?
AI, Global Security News
Google rolls out Gmail end-to-end encryption on mobile devices
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. […]
AI, Compliance, Global Security News
Gmail’s end-to-end encryption comes to mobile, no extra apps required
Google has expanded Gmail client-side encryption to Android and iOS devices, allowing users to engage with their organization’s most sensitive data on mobile devices while ensuring data remains compliant with sovereignty and compliance requirements. This feature is available for Enterprise Plus users with the Assured Controls or Assured Controls Plus add-on. Composing a E2EE message…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Zero‑click Grafana AI attack can enable enterprise data exfiltration
Indirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security researchers are warning about a critical Grafana issue, dubbed GrafanaGhost, that allows attackers to leak sensitive data from Grafana environments, including financial metrics, infrastructure health data, private customer data, and operational logs, among others. Noma Security disclosed…
AI, Global Security News
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. […]
Global Security News
WhatsApp introduces parent-managed accounts for pre-teens
WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join. […]
AI, Global Security News, malware, Russia
‘BlackSanta’ EDR Killer Targets HR Workflows
A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.
Global Security News
Microsoft Teams will tag third-party bots trying to join meetings
Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. […]
Global Security News
Anthropic brings Claude Code to mobile devices
Anthropic has introduced a new Claude Code feature called Remote Control, allowing developers to continue a local coding session from a phone, tablet, or any web browser. The feature is rolling out as a research preview to Max users. This is another in a series of additions the company has introduced recently, following Claude Opus…
AI, Global Security News
New Relic Launches Agentic Platform, a No-code Solution to Build and Govern Custom AI Agents for Observability at Scale
COMPANY NEWS: Solution democratises AI by allowing SREs and Ops teams to build powerful AI agents, without writing code, to accelerate workstreams and automation Enterprises can now build, deploy, and manage a full spectrum of agents that move operations from passive observation to active task execution, directly within their observability stack
AI, china, Exploits, Global Security News, malware
Dell’s Hard-Coded Flaw: A Nation-State Goldmine
A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.
AI, Artificial Intelligence, Global Security News, News, privacy
DuckDuckGo enables AI voice chat without saving voice data
DuckDuckGo has added voice chat to Duck.ai, allowing users to speak to an AI assistant while keeping audio private, unrecorded, and excluded from AI training. Voice chat is available in the DuckDuckGo browser and most third-party browsers, with support for Mozilla listed as coming soon. According to the company’s help page, “DuckDuckGo limits access to…