Geek-Guy.com

Tag: Flaws

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2022-0492 (CVSS score of 7.0) Linux Kernel Improper Authentication…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in…

Read more →

Cybersecurity, Exploits, Global Security News

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-34291 (CVSS score: 9.4) – An origin validation error vulnerability in Langflow that could

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL…

Read more →

Global Security News

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver,

Read more →

AI, Cybersecurity, Global Security News

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below –

Read more →

AI, Exploits, Global Security News, Network Security

Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming

Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator

Fortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute arbitrary commands or code on unpatched systems. The first vulnerability, tracked as CVE-2026-44277, is an improper access control issue in FortiAuthenticator.…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

WannaCry, the ransomware attack that changed the history of cybersecurity

WannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant events in recent cybersecurity history, not only for its global scale but also…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

New cPanel vulnerabilities could allow file access and remote code execution

cPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, execute code, or escalate privileges on vulnerable systems. Below are the descriptions for these…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

Pen tests show AI security flaws far more severe than legacy software bugs

Penetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as high risk — nearly 2.5 times the rate (13%) of severe flaws found…

Read more →

AI, Exploits, Global Security News, Network Security

Cisco patches high-severity flaws enabling SSRF, code execution attacks

Cisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for multiple high‑severity vulnerabilities affecting its enterprise products. Successful exploitation could allow code execution, server‑side request forgery (SSRF), or denial‑of‑service attacks. Two notable flaws, CVE‑2026‑20034 and CVE‑2026‑20035, impact Cisco…

Read more →

AI, APAC, Exploits, Global Security News

Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-23918 (CVSS score of 8.8). The issue involves a “double free” error in HTTP/2 handling…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management

MOVEit automation flaws could enable full system compromise

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access…

Read more →

Global Security News

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.  The

Read more →

AI, Exploits, Global Security News

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access. SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services,…

Read more →

Cybersecurity, Exploits, Global Security News

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in  ConnectWise ScreenConnect

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters

22 BRIDGE:BREAK flaws hit Lantronix and Silex Technology converters, exposing approximately 20,000 devices to hijacking and data tampering. Researchers at Forescout Research Vedere Labs found 22 BRIDGE:BREAK flaws in serial-to-IP devices from Lantronix and Silex Technology. Serial-to-IP converters, also known as serial device servers, connect legacy serial equipment to modern IP networks for remote monitoring…

Read more →

AI, Exploits, Global Security News, Network Security

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy

NIST cuts down CVE analysis amid vulnerability overload

Overwhelmed by an escalating volume of security flaws, the National Institute of Standards and Technology (NIST) has announced significant changes to how it handles cybersecurity vulnerabilities and exposures (CVEs). Rather than commit to providing enrichment for all entries in its National Vulnerability Database (NVD), the agency will focus on just the most critical CVEs, which…

Read more →

AI, Exploits, Global Security News, Risk Management

Cisco fixed four critical flaws in Identity Services and Webex

Cisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code and impersonate any user within the affected services. The issues pose serious security risks, prompting…

Read more →

AI, Global Security News

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below – CVE-2026-20184 (CVSS score: 9.8) – An improper certificate validation in the integration of single sign-on…

Read more →

AI, Exploits, Global Security News

PHP Composer flaws enable remote command execution via Perforce VCS

Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security

Seven IBM WebSphere Liberty flaws can be chained into full takeover

Security researchers are warning of a set of flaws affecting IBM WebSphere Liberty, a lightweight, modular Java application server, that can be chained into a full server compromise. The flaws, a total of seven, that led to the ultimate compromise of the server were initiated by a newly discovered pre-authentication issue in the platform’s SAML…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. Microsoft…

Read more →

AI, china, Data Breaches, Exploits, Global Security News, Network Security

Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment,…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security

Cisco fixed critical and high-severity flaws

Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data. Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate privileges, and access sensitive information. One of these critical flaws is CVE-2026-20093 (CVSS score of…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Chrome Vulnerability CVE-2026-5281 Exploited in the Wild

Google has released a Chrome update for multiple high-severity flaws and confirmed that one of the vulnerabilities is being actively exploited in the wild.  We are “… aware that an exploit for CVE-2026-5281 exists in the wild,” said Google in its advisory. Inside CVE-2026-5281 The vulnerability, tracked as CVE-2026-5281, is a use-after-free flaw affecting Chrome’s…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

OpenAI patches twin leaks as Codex slips and ChatGPT spills

OpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways. The issues, disclosed by researchers at BeyondTrust and Check Point Research, affect the OpenAI Codex coding agent and ChatGPT’s code execution environment, respectively. One enabled GitHub token theft through command injection, while the other…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Vulnerabilities from years ago still opening doors for attackers

Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining active years after disclosure. (Source: Cisco Talos) Findings from Cisco Talos’ 2025 Year in Review show how attackers combined rapid weaponization with long-term exposure spanning infrastructure, identity systems, and user workflows. Top-targeted vulnerabilities show…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ([1, 2]) SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-20963 (CVSS score of 8.8) – Microsoft SharePoint Deserialization…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts

RondoDox botnet targets 174 flaws, reaching 15,000 daily exploit attempts in a more focused and strategic campaign. RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with up to 15,000 daily exploitation attempts in a more focused and strategic campaign, Bitsight reported. “We gathered all these exploit attempts (identifiable by indicators like the User-Agent and…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

Unprivileged users could exploit AppArmor bugs to gain root access

Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have existed since 2017 and could allow unprivileged users to bypass protections, escalate privileges to root,…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability This…

Read more →

AI, Cybersecurity, Global Security News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below – CVE-2026-27577 (CVSS score: 9.4) – Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score: 9.5) – Unauthenticated

Read more →

Apps, Exploits, Global Security News

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below – CVE-2019-17571 (CVSS score: 9.8) – A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) – An insecure deserialization

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX

Hewlett Packard Enterprise (HPE) fixed several flaws in Aruba AOS-CX, including a critical bug that lets attackers reset admin passwords. Hewlett Packard Enterprise (HPE) patched multiple vulnerabilities in Aruba AOS-CX, the operating system used in Aruba CX switches. The most severe issue, tracked as CVE-2026-23813 (CVSS score of 9.8), allows unprivileged attackers to bypass authentication…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2021-22054 (CVSS score of 7.5) Omnissa Workspace ONE…

Read more →

Cybersecurity, Exploits, Global Security News

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows – CVE-2021-22054 (CVSS score: 7.5) – A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM)…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise.…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

U.S. CISA adds Apple, Rockwell, and Hikvision  flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2023-43000 (CVSS score of 8.8) Apple Multiple products Use-After-Free Vulnerability CVE-2017-7921 (CVSS…

Read more →

Cybersecurity, Exploits, Global Security News

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below – CVE-2017-7921 (CVSS score: 9.8) – An improper authentication vulnerability affecting

Read more →

AI, Cloud Security, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management

Automate or orchestrate? Implementing a streamlined remediation program to shorten MTTR

Security teams want lower MTTR, but flaws persist. How to use automation vs. orchestration to reduce risk effectively? Almost all security teams want to reduce their Mean Time to Remediate (MTTR). And for good reason: research from 2024 found that it takes an average of 4.5 months to remediate critical vulnerabilities. The problem is that…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News

Trend Micro fixes two critical flaws in Apex One

Trend Micro fixed two critical Apex One flaws enabling remote code execution on vulnerable Windows systems and urged immediate updates. Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2022-20775 Cisco Catalyst SD-WAN Path Traversal Vulnerability CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited Since 2023

New day, new vulnerability in the spotlight. We’re once again seeing how quickly weaponized flaws in widely deployed platforms turn into real operational risk. Coverage of maximum-severity Cisco bugs (CVE-2025-20393, CVE-2026-20045), as well as the Dell RecoverPoint zero-day CVE-2026-22769, shows that attackers are increasingly prioritizing edge-facing infrastructure that quietly controls traffic flows, identity paths, and…

Read more →

AI, Global Security News, Network Security, Risk Management

Untrusted repositories turn Claude code into an attack vector

Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthropic’s Claude Code AI coding assistant that could lead to remote code execution and API key theft. The vulnerabilities abuse features such as Hooks, MCP servers, and…

Read more →

Exploits, Global Security News

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below – CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system…

Read more →

AI, APAC, Compliance, Exploits, Global Security News, Risk Management

VMware Aria Operations flaws could enable remote attacks

Broadcom patched multiple VMware Aria Operations flaws, including high-severity issues that could enable remote code execution. Broadcom has released security updates to address multiple vulnerabilities affecting VMware Aria Operations. VMware Aria Operations is an IT operations management platform that helps organizations monitor and optimize virtual, cloud, and hybrid environments. It provides performance monitoring, capacity planning,…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-49113 (CVSS score of 9.9) RoundCube Webmail Deserialization of Untrusted Data Vulnerability…

Read more →

AI, Cybersecurity, Exploits, Global Security News

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-49113 (CVSS score: 9.9) – A deserialization of untrusted data vulnerability that allows remote code

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2021-22175 (CVSS score 6.8) GitLab Server-Side Request Forgery (SSRF)…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Six flaws found hiding in OpenClaw’s plumbing

Security researchers have uncovered six high-to-critical flaws affecting the open-source AI agent framework OpenClaw, popularly known as a “social media for AI agents.” The flaws were discovered by Endor Labs as its researchers ran the platform through an AI-driven static application security testing (SAST) engine designed to follow how data actually moves through the agentic…

Read more →

AI, Global Security News, Network Security, Risk Management

VS Code extensions with 125M+ installs expose users to cyberattacks

Four popular VS Code extensions with 125M+ installs have flaws that could let hackers steal files and run code remotely. OX Security researchers warn that security flaws in four widely used VS Code extensions (Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview) could allow attackers to steal local files and execute code…

Read more →

Cybersecurity, Exploits, Global Security News

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to…

Read more →

AI, Endpoint, Exploits, Global Security News, Uncategorized

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit…

Read more →

AI, Breaking News, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, hacking, hacking news, intelligence, Security

Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data

Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…

Read more →