Tag: cve
-
Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support…
-
CVE-2025-64712 in Unstructured.io Puts Amazon, Google, and Tech Giants at Risk of Remote Code Execution
A newly disclosed critical flaw, CVE-2025-64712 (CVSS 9.8), in Unstructured.io’s “unstructured” ETL library could let attackers perform arbitrary file writes and potentially achieve remote code execution (RCE) on systems that process untrusted documents. Unstructured is widely used to convert messy business files into AI-ready text and embeddings, and the vendor’s ecosystem footprint is often cited as spanning…
-
New XWorm RAT Campaign Leverages Phishing and CVE-2018-0802 Excel Exploit to Bypass Detection
Tags: attack, control, cve, cyber, cybercrime, data, ddos, detection, exploit, marketplace, phishing, ransomware, rat, theft, windowsXWorm, a multi-functional .NET”‘based RAT first observed in 2022, remains actively traded across cybercrime marketplaces and continues to attract both low-skilled and advanced operators thanks to its rich feature set and plugin-based architecture. Once deployed, it enables full remote control of compromised Windows systems, including data theft, remote desktop control, DDoS attacks, and ransomware execution.…
-
CVE-2026-1281 CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM
Learn how CVE-2026-1281 and CVE-2026-1340 enable pre-auth RCE in Ivanti EPMM, now actively exploited, and how AppTrana helps block attacks across applications. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/cve-2026-1281-cve-2026-1340-actively-exploited-pre-authentication-rce-in-ivanti-epmm/
-
next-mdx-remote Vulnerability Allows Arbitrary Code Execution in React SSR
A security vulnerability has been discovered in next-mdx-remote, a popular TypeScript library used for rendering MDX content in React applications. The flaw, tracked as CVE-2026-0969 and identified by researchers at Sejong University, enables attackers to execute arbitrary code on servers when untrusted MDX content is processed. The vulnerability affects the serialize function in next-mdx-remote versions…
-
BeyondTrust RCE Vulnerability Under Active Exploitation Urgent Patch Released
BeyondTrust has urgently released security updates to address a critical remote code execution (RCE) vulnerability affecting its widely used Remote Support (RS) and Privileged Remote Access (PRA) products. Designated as CVE-2026-1731, this severe flaw carries a near-maximum CVSS v4 score of 9.9. The vulnerability creates a dangerous opening for unauthenticated remote attackers to execute arbitrary…
-
Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching
Apple urges users to update after patching CVE-2026-20700, a zero-day flaw exploited in sophisticated targeted attacks across multiple devices. The post Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-zero-day-cve-update-february-2026/
-
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could…
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Apple patches zero-day flaw that could let attackers take control of devices
Apple issued security updates for all devices which include a patch for an actively exploited zero-day”, tracked as CVE-2026-20700. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/apple-patches-zero-day-flaw-that-could-let-attackers-take-control-of-devices/
-
Apple fixed first actively exploited zero-day in 2026
Apple fixed an exploited zero-day in iOS, macOS, and other devices that allowed attackers to run code via a memory flaw. Apple released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to address an actively exploited zero-day tracked as CVE-2026-20700. The flaw is a memory corruption issue in Apple’s Dynamic Link Editor (dyld) that…
-
Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)
Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/apple-zero-day-fixed-cve-2026-20700/
-
WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks
Tags: attack, backup, cve, cvss, cyber, malicious, remote-code-execution, risk, vulnerability, wordpressA critical vulnerability in the popular WPvivid Backup & Migration plugin is putting more than 800,000 WordPress websites at risk of complete takeover through remote code execution (RCE) attacks. Tracked as CVE-2026-1357 and rated 9.8 on the CVSS scale, the vulnerability allows unauthenticated attackers to upload arbitrary files to vulnerable sites and execute malicious PHP…
-
Palo Alto Networks Firewall Vulnerability Lets Attackers Trigger Reboot Loops
Palo Alto Networks has disclosed a PAN-OS firewall vulnerability that can let remote attackers force repeated reboots, potentially pushing a device into a “reboot loop” that ends in maintenance mode. Tracked as CVE-2026-0229, the issue sits in the Advanced DNS Security (ADNS) feature. It can be triggered by an unauthenticated attacker using a maliciously crafted…
-
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could…
-
Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass
Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit…
-
Apple 0-Day Flaw Actively Exploited in Targeted Cyberattacks on Individuals
Apple has released emergency security updates for iOS and iPadOS to fix a critical >>zero-day<>extremely sophisticated<< cyberattacks targeting specific individuals. The Critical Flaw: CVE-2026-20700 The vulnerability […] The post Apple 0-Day Flaw Actively Exploited in Targeted Cyberattacks on Individuals appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on…
-
CVE volumes may plausibly reach 100,000 this year
The number of vulnerabilities to be disclosed in 2026 is almost certain to exceed last year’s total, and may be heading towards 100,000, according to new analysis. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638949/CVE-volumes-may-plausibly-reach-100000-this-year
-
Microsoft Patches Windows Flaw Causing VPN Disruptions
Microsoft patches CVE-2026-21525, an actively exploited RasMan flaw that can crash Windows VPN services and disrupt remote access. The post Microsoft Patches Windows Flaw Causing VPN Disruptions appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-rasman-cve-vpn/
-
CVE-2026-25646: Legacy Libpng Flaw Poses RCE Risk
A decades-old libpng flaw exposes widely used systems to denial-of-service and potential code execution via crafted PNG files. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-25646-legacy-libpng-flaw-poses-rce-risk/
-
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security
Microsoft patched an actively exploited Word flaw that bypasses OLE protections and executes malicious documents without standard warnings. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-21514-actively-exploited-word-flaw-evades-ole-security/
-
Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days
Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most…
-
Cyberangriff auf EU-Kommission
Tags: advisory, authentication, bug, cve, cvss, cyberattack, endpoint, exploit, germany, ivanti, mail, mobile, usa, vulnerabilityCyberkriminellen ist es gelungen, in ein System der EU-Kommission einzudringen.Die Europäische Kommission wurde Ziel einer Cyberattacke. Wie aus einer kürzlich veröffentlichten Mitteilung hervorgeht, erfolgte der Angriff Ende Januar und zielte auf ein System zur Verwaltung mobiler Endgeräte ab (Mobile Device Management MDM) .Demnach sind die Täter möglicherweise an Namen und Rufnummern einiger Mitarbeiter gekommen. Es…
-
SAP Security Patch Day Fixes Critical Code Injection Flaw in SAP CRM and S/4HANA
SAP said the February 10, 2026 Patch Day delivered fixes across multiple SAP products and urged customers to apply patches with priority via the Support Portal to protect their SAP landscape. The highest-risk item highlighted this month is CVE-2026-0488, described as a code injection vulnerability affecting SAP CRM and SAP S/4HANA (Scripting Editor) and tracked…