Tag: cve
-
20-Year-Old PostgreSQL Flaw Gets Public PoC Exploit for Remote Code Execution
A newly released proof-of-concept (PoC) exploit for CVE-2026-2005 has brought renewed attention to a critical vulnerability in PostgreSQL’s pgcrypto extension, exposing systems to remote code execution (RCE). Security researchers warn that the flaw, rooted in legacy code paths dating back nearly two decades, could allow attackers to escalate privileges and execute arbitrary commands on affected…
-
Four-Faith Industrial Routers Targeted in Botnet Hijacking Campaign
Tags: authentication, botnet, cve, cyber, data-breach, exploit, flaw, malicious, router, vulnerabilityFour-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as CVE-2024-9643. Security researchers warn that attackers are rapidly weaponizing the vulnerability to hijack exposed devices and repurpose them as part of large-scale malicious infrastructure. Four-Faith Industrial Routers Targeted CVE-2024-9643 affects Four-Faith F3x36 industrial routers…
-
Critical NGINX Vulnerability CVE-2026-42945 Now Under Active Attack
Cybersecurity researchers are warning that attackers have already started exploiting a newly disclosed NGINX vulnerability, tracked as CVE-2026-42945, just days after technical details and proof-of-concept code became public. The flaw, also referred to as NGINX Rift, affects millions of potentially exposed servers and has raised concerns across the security community due to its potential impact on core internet…
-
SEPPmail Gateway Flaws Expose Organizations to RCE and Email Traffic Interception
Multiple critical vulnerabilities in the SEPPmail Secure E-Mail Gateway are putting thousands of organizations at risk of remote code execution (RCE) and the interception of sensitive email. The flaws, tracked under several CVEs, impact widely deployed SEPPmail appliances used for encrypted email communication, particularly across the DACH region (Germany, Austria, Switzerland). Security researchers warn that…
-
CVE-2026-20182: Unauthenticated Cisco SD-WAN Control-Plane Compromise via vHub Authentication Bypass
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cve-2026-20182-unauthenticated-cisco-sd-wan-control-plane-compromise-via-vhub-authentication-bypass
-
Microsoft Exchange Zero-Day Under Attack, No Patch Available
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch
-
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
Nightmare-Eclipse’s Windows disclosure spree keeps growing: MiniPlasma is only the latest entry in what has become one of 2026’s most chaotic Windows disclosure runs.The spree began with BlueHammer, a Windows Defender privilege escalation flaw later assigned CVE-2026-33825. That was followed by RedSun and UnDefend, two additional Windows privilege escalation and denial-of-service disclosures. Huntress later reported…
-
Gamaredon Deploys GammaDrop, GammaLoad in Phishing Campaigns
Gamaredon Uses GammaDrop and GammaLoad Downloaders in Multi-Stage Phishing Attacks. A sustained cyber-espionage campaign linked to the Gamaredon threat group is actively targeting Ukrainian government entities using multi-stage phishing attacks and evolving malware loaders. Gamaredon, also known as UAC-0010 or Shuckworm, continues to exploit CVE-2025-8088, a directory traversal vulnerability in WinRAR that allows attackers to…
-
Critical NGINX Vulnerability Lets Hackers Launch Remote Code Execution Attacks
Tags: attack, cve, cyber, cybersecurity, exploit, flaw, hacker, open-source, remote-code-execution, vulnerabilityA newly disclosed vulnerability in NGINX is already being actively exploited, raising serious concerns across the global cybersecurity community. Tracked as CVE-2026-42945, the flaw affects both NGINX Open Source and NGINX Plus, potentially allowing attackers to crash servers or execute remote code under specific conditions. Security researcher Patrick Garrity of VulnCheck revealed that exploitation attempts…
-
Critical NGINX Vulnerability Lets Hackers Launch Remote Code Execution Attacks
Tags: attack, cve, cyber, cybersecurity, exploit, flaw, hacker, open-source, remote-code-execution, vulnerabilityA newly disclosed vulnerability in NGINX is already being actively exploited, raising serious concerns across the global cybersecurity community. Tracked as CVE-2026-42945, the flaw affects both NGINX Open Source and NGINX Plus, potentially allowing attackers to crash servers or execute remote code under specific conditions. Security researcher Patrick Garrity of VulnCheck revealed that exploitation attempts…
-
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945
A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shortly after disclosure. >>We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer…
-
EUVD-2026-28396 / CVE-2026-6973 – Ivanti EPMM-Schwachstelle in Zero-Day-Angriffen ausgenutzt
First seen on security-insider.de Jump to article: www.security-insider.de/ivanti-epmm-zero-day-cve-2026-6973-aktiv-ausgenutzt-a-97f2a7459c9c680d8e986bdb1dd2d342/
-
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the First…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace installers with Python RAT malware New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment Operation…
-
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that “no product changes were made,” despite the researcher documenting a silent fix. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-rejects-critical-azure-vulnerability-report-no-cve-issued/
-
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, threat, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…
-
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier.…
-
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange…
-
VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges
A newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privileges to root on affected systems. The flaw, tracked as CVE-2026-41702, has been rated high severity with a CVSS score of 7.8, highlighting its potential impact in real-world environments. VMware Fusion Flaw Broadcom, which…
-
Cisco warns of an actively exploited SD-WAN flaw with max severity
Tags: access, advisory, cisco, cloud, control, cve, cvss, cybersecurity, data-breach, exploit, flaw, infrastructure, kev, malicious, mitigation, network, service, software, update, vulnerabilityroot user account,” Cisco said. “Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.”The issue, tracked as CVE-2026-20182, received a max-severity rating of CVSS 10.0. The company said that the issue is configuration-independent, meaning vulnerable systems remain exposed regardless of deployment-specific settings.Cisco…
-
PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public
A high-severity vulnerability in PraisonAI is drawing urgent attention after security researchers observed exploitation attempts within hours of public disclosure. The flaw, tracked as CVE-2026-44338 and documented in the GitHub advisory GHSA-6rmh-7xcm-cpxj, exposes a critical authentication bypass in the platform’s legacy API server, potentially allowing attackers to execute AI workflows without credentials. PraisonAI Vulnerability The…
-
Fragnesia Linux Kernel Flaw Enables Root Privilege Escalation
Security researchers have disclosed a newly identified local privilege escalation vulnerability in the Linux Kernel, dubbed “Fragnesia,” which belongs to the broader Dirty Frag family of flaws. The issue, officially tracked as CVE-2026-46300, affects the Linux Kernel’s XFRM ESP-in-TCP subsystem and allows unprivileged local attackers to escalate privileges to root by corrupting page-cache memory. First seen on…
-
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks
Amazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-8178, affects the widely used Amazon Redshift JDBC Driver and raises concerns for organizations that rely on Java-based database connectivity. Redshift JDBC Driver Flaws The…
-
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under attack The vulnerability, tracked as CVE-2026-20182, carries a maximum CVSS score of 10.0 and affects Cisco Catalyst SD-WAN Controller (vSmart) and…
-
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the…
-
Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces
Next.js, one of the most widely used React frameworks, has been hit by a high-severity vulnerability that could allow attackers to extract sensitive cloud credentials, API keys, and even access internal admin interfaces. The flaw, tracked as CVE-2026-44578, exposes a critical weakness in how certain server-side deployments handle WebSocket upgrade requests. Next.js Security Flaw The…
-
Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root
A devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthenticated attackers to seize complete control of enterprise security infrastructure. The flaw, tracked as CVE-2026-0300 with a critical CVSS score of 9.3, targets the User-ID Authentication Portal service in PAN-OS software and has been weaponized since at…
-
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026.The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It’s First seen on thehackernews.com…
-
AI agent finds 18-year-old remote code execution flaw in Nginx
Tags: ai, api, application-security, cve, cvss, data, dos, endpoint, exploit, flaw, github, leak, mitigation, network, open-source, remote-code-execution, risk, service, technology, update, vulnerability, wafngx_http_rewrite_module, a component that handles URL rewrites, and impacts Nginx versions from 0.6.27 to 1.30.0. The issue has been given a 9.2 CVSS severity score and was patched in versions 1.31.0 and 1.30.1.The commercial product, Nginx Plus, owned and developed by network and application security firm F5, is also vulnerable, and received patches in versions…
-
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-new-critical-sd-wan-flaw-exploited-in-zero-day-attacks/