Tag: exploit
-
Microsoft Authenticator leitet Token an Angreifer weiter – Kritische Authenticator-Lücke ermöglicht Kontoübernahme ohne Exploit
First seen on security-insider.de Jump to article: www.security-insider.de/cve-2026-41615-microsoft-authenticator-token-kontouebernahme-a-82db6c3664efe48582e8c605aebde967/
-
Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. First seen on cyberscoop.com Jump to article: cyberscoop.com/palo-alto-networks-cve-2026-0257-exploited-vulnerability/
-
Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. First seen on cyberscoop.com Jump to article: cyberscoop.com/palo-alto-networks-cve-2026-0257-exploited-vulnerability/
-
Microsoft’s Zero-Day Legal Threats Spark Backlash
After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-zero-day-legal-threats-backlash
-
CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation
The vulnerability in a vital defensive technology creates serious risks for federal networks, CISA said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/palo-alto-networks-firewall-flaw-exploitation-cisa-kev/821598/
-
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/patch-palo-alto-auth-bypass-bug-exploit
-
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/
-
Race Against Time: Why Faster Vulnerability Alerts Matter
Attackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/
-
Attackers Exploit Docker, Kubernetes Misconfigs to Breach Hosts
Attackers are increasingly targeting Docker and Kubernetes environments by exploiting misconfigurations, weak isolation boundaries, and insecure APIs to compromise host systems and entire clusters. As containerization becomes the backbone of modern cloud infrastructure, threat actors are shifting focus from traditional endpoints to container ecosystems, where a single weakness can expose critical services at scale. A…
-
âš¡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Monday hit like a cron job with anger issues.A busted auth path here, a repo-side faceplant there, some “patched-ish” thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already thought…
-
Critical Windows Netlogon RCE flaw now exploited in attacks
Tags: attack, country, cybersecurity, exploit, flaw, rce, remote-code-execution, threat, vulnerability, windowsThe Centre for Cybersecurity Belgium (CCB), the country’s national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/
-
Zoff mit Microsoft: Verärgerter Sicherheitsforscher kündigt Bitskrieg an
Der verärgerte Sicherheitsforscher Chaotic Eclipse will im Juni einen neuen Bitlocker-Exploit leaken. Microsoft kämpft derweil gegen einen Shitstorm. First seen on golem.de Jump to article: www.golem.de/news/zoff-mit-microsoft-veraergerter-sicherheitsforscher-kuendigt-bitskrieg-an-2606-209243.html
-
Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257)
Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in >>limited exploit … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/hackers-are-exploiting-palo-alto-globalprotect-vpn-authentication-bypass-cve-2026-0257/
-
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites.WP Maps Pro allows site owners to embed customizable Google Maps and OpenStreetMap with markers, listings, and advanced location features…
-
Palo Alto Warns High-Severity Bug Is Being Actively Exploited
A vulnerability in Palo Alto Networks’ PAN-OS software is being exploited in attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/palo-alto-highseverity-bug/
-
U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2026-0257 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May…
-
Windows Netlogon 0-Click RCE Vulnerability Under Active Exploitation
Tags: cve, cyber, exploit, microsoft, rce, remote-code-execution, risk, update, vulnerability, windowsMicrosoft’s May 2026 Patch Tuesday release has taken a critical turn after security researchers confirmed that a high-risk Windows Netlogon vulnerability is now being actively exploited in the wild. Tracked as CVE-2026-41089, the vulnerability allows unauthenticated attackers to execute remote code against domain controllers without any user interaction, making it one of the most dangerous…
-
CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers
CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. The flaw impacts the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS…
-
WP Maps Pro bug exploited to create admin accounts on WordPress sites
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/
-
WP Maps Pro bug exploited to create admin accounts on WordPress sites
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/
-
Week in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/31/week-in-review-infostealer-dropped-via-forticlient-ems-flaw-exploited-trend-micro-apex-one-flaw/
-
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/
-
Google verrät versehentlich Exploit: Millionen Internetnutzer potenziell angreifbar
First seen on t3n.de Jump to article: t3n.de/news/google-exploit-nutzer-angreifbar-1744153/
-
KnowledgeDeliver flaw exploited as a zero-day to install web shells
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/knowledgedeliver-flaw-exploited-as-a-zero-day-to-install-web-shells/
-
The AI Era Is Creating a Bug-Hunting Arms Race
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. First seen on wired.com Jump to article: www.wired.com/story/the-ai-era-is-creating-a-bug-hunting-arms-race/
-
Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/26/actively-exploited-trend-micro-apex-one-flaw-cve-2026-34926/
-
CERT-In Mandates 12-Hour Patch Deadline for Internet-Facing Vulnerabilities
India’s national cyber security agency CERT-In has issued a new blueprint that tells organizations to fix critical vulnerabilities in internet”‘facing and “crown”‘jewel” systems within 12 hours of discovery, as AI”‘driven attackers slash exploitation timelines. The guidance marks one of India’s most aggressive expectations yet on patching speed for exposed infrastructure. CERT-In’s 38″‘page document, titled “Blueprint…
-
Kinetische Angriffe auf Cloud-Infrastrukturen Die physische Dimension digitaler Resilienz
Wenn wir an Bedrohungen für digitale Infrastrukturen denken, denken wir an Ransomware, an Zero-Day-Exploits, an kompromittierte Lieferketten. Woran wir seltener denken: Sabotageakte, durchtrennte Seekabel oder in Krisengebieten sogar Drohnen und Raketen. Doch genau diese physischen Bedrohungen rücken zunehmend ins Zentrum und zwingen zu einer unbequemen Erkenntnis: Die Cloud ist kein abstrakter Raum. Sie besteht aus…
-
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met.The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity.”Deserialization of untrusted data in Microsoft Office SharePoint…
-
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/26/sharepoint-vulnerability-cve-2026-45659/