A single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, the open-source Python framework that powers FastAPI, researchers said. The flaw, tracked as CVE-2026-48710 could allow attackers to bypass host-validation protections using malformed Host headers, according to an advisory from cybersecurity…
Tag: attacker
AI, Exploits, Global Security News
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
AI, Global Security News
Microsoft Exchange Zero-Day Under Attack, No Patch Available
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
White House cyber official: identity security matters more than ever in the age of AI
As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI…
Global Security News
PyPI package with 1.1M monthly downloads hacked to push infostealer
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. […]
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Risk Management
Vercel’s security breach started with malware disguised as Roblox cheats
Vercel customers are at risk of compromise after an attacker hopped through multiple internal systems to steal credentials and other sensitive data, the company said in a security bulletin Sunday. The attack, which didn’t originate at Vercel, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. An attacker traversed third-party…
Exploits, Global Security News
Adobe Patches Actively Exploited Zero-Day That Lingered for Months
An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.
Global Security News
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
New “Storm” infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. […]
AI, Global Security News
Axios npm packages backdoored in supply chain attack
An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans. How the attack unfolded On March 30, 2026, with an account using a separate…
Global Security News, malware
Android devices ship with firmware-level malware
Keenadu malware gives an attacker control over a device but appears to be used primarily to facilitate ad fraud Categories: Threat Research Tags: Android, Keenadu
Exploits, Global Security News
VMware Aria Operations Bug Exploited, Cloud Resources at Risk
Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims’ cloud environments.
Data Breaches, Endpoint, Global Security News, Risk Management
Autonomous Endpoint Management Isn’t Just Efficiency, It’s a Security Imperative
Autonomous Endpoint Management cuts exposure time by matching patch speed to attacker breakout timelines, reducing risk, workload delays, and breach costs.
AI, Global Security News, Russia
Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances
AI, china, Exploits, Global Security News, malware
Dell’s Hard-Coded Flaw: A Nation-State Goldmine
A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.