Ubiquiti has released security updates to patch three maximum severity vulnerabilities in Unify OS that can be exploited by remote attackers without privileges. […]
Tag: severity
AI, Exploits, Global Security News
Max-severity RCE flaw found in Google Gemini CLI
Security researchers are warning about a max severity vulnerability in Google Gemini CLI that could allow remote code execution (RCE) in environments where the tool processes untrusted inputs. The issue was disclosed by Novee Security researchers and affects the @google/gemini-cli package and its associated GitHub Action, widely used in CI/CD workflows. “Gemini CLI (@google/gemini-cli) and…
Global Security News
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems. “The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,”
AI, Global Security News, Risk Management
BeyondTrust’s 13th Annual Microsoft Vulnerabilities Report Reveals Drop in Total Volume, But Surge in Critical Risk
GUEST RESEARCH: Critical vulnerabilities doubled year-over-year, signalling rising risk severity as AI-driven discovery and expanding attack surfaces reshape the Microsoft security landscape Elevation of Privilege vulnerabilities accounted for 40% of all flaws, continuing to dominate threat actor pathways and reinforcing identity as the primary attack vector Azure and Dynamics 365, saw a 9x increase in…
Global Security News
NIST to stop rating non-priority flaws due to volume increase
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. […]
Global Security News
Critical MCP Integration Flaw Puts NGINX at Risk
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.
AI, Exploits, Global Security News
Critical Citrix NetScaler memory flaw actively exploited in attacks
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. […]
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Patch now: TP-Link Archer NX routers vulnerable to firmware takeover
TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link issued security updates for its Archer NX router series to fix multiple vulnerabilities, including CVE-2025-15517 (CVSS score of 8.6), a critical authentication bypass flaw. The vulnerability impacts multiple models, including NX200, NX210, NX500,…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager
Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web…
Exploits, Global Security News
Ransomware gang exploits Cisco flaw in zero-day attacks since January
The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. […]
AI, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google warns of two actively exploited Chrome zero days
Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fixes for holes as part of March Patch Tuesday, and a zero day…
AI, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google warns of two actively exploited Chrome zero days
Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fixes for holes as part of March Patch Tuesday, and a zero day…
AI, APAC, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
March Patch Tuesday: Three high severity holes in Microsoft Office
Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities. Still, Jack Bicer, director of vulnerability research at Action1, says these Office-related flaws should be treated “with urgency.” “Productivity tools remain one of the most…
Cybersecurity, Global Security News
‘Richter Scale’ Model Measures Magnitude of OT Cyber Incidents
ICS/OT experts have devised a scoring system for rating the severity and effects of cybersecurity events in operational technology environments.
china, Exploits, Global Security News
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded…
Exploits, Global Security News
Flaws in popular VSCode extensions expose developers to attacks
Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. […]
Global Security News
Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day
A high severity vulnerability in Google Chrome and allows remote attackers to execute code