Tag: exploit
-
Erster KI-generierte Zero-Day-Exploit sollte Weckruf für jede Organisation sein, die noch auf MFA setzt
Googles Entdeckung des ersten von KI generierten Zero-Day-Exploits markiert einen bedeutenden Zeitpunkt. Die Bedeutung dieses Fundes liegt nicht darin, dass die zugrundeliegende Technik eine völlig neue Idee ist. Vielmehr bestätigt er, dass KI von einem theoretischen Beschleuniger für Angriffe zu einem operativen Werkzeug geworden ist. Besonders alarmierend ist, dass der Exploit auf die Umgehung von…
-
AI Exploits, Ransomware Breaches, and Cloud Security Gaps Define this Week in May 2026
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-exploits-ransomware-breaches-and-cloud-security-gaps-define-this-week-in-may-2026/
-
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange…
-
The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be
Google reported the first confirmed AI-assisted zero-day exploit, raising new concerns about logic flaws, supply chain risk, and containment. The post The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-ai-crafted-zero-day-exploit/
-
CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.” First seen on therecord.media Jump to article: therecord.media/cisa-orders-all-federal-agencies-to-patch-cisco-sd-wan-bug
-
Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)
Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by >>a highly … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/cisco-sd-wan-zero-day-cve-2026-20182/
-
Cisco warns of an actively exploited SD-WAN flaw with max severity
Tags: access, advisory, cisco, cloud, control, cve, cvss, cybersecurity, data-breach, exploit, flaw, infrastructure, kev, malicious, mitigation, network, service, software, update, vulnerabilityroot user account,” Cisco said. “Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.”The issue, tracked as CVE-2026-20182, received a max-severity rating of CVSS 10.0. The company said that the issue is configuration-independent, meaning vulnerable systems remain exposed regardless of deployment-specific settings.Cisco…
-
Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
A powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulnerable video processing driver. The work shows both how quickly Google can now patch critical issues and how shallow mistakes in vendor drivers can still undermine Android’s security…
-
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (PhaaS) platforms, making the once obscure technique widely accessible. New kits are appearing almost weekly, many seemingly…
-
PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public
A high-severity vulnerability in PraisonAI is drawing urgent attention after security researchers observed exploitation attempts within hours of public disclosure. The flaw, tracked as CVE-2026-44338 and documented in the GitHub advisory GHSA-6rmh-7xcm-cpxj, exposes a critical authentication bypass in the platform’s legacy API server, potentially allowing attackers to execute AI workflows without credentials. PraisonAI Vulnerability The…
-
Autonomous systems are finally working. Security is next
Security still runs at human speed: Despite advances in infrastructure, cloud and AI, the underlying workflow of security operations has not fundamentally changed. At its core, security still operates as a human-driven process: Alerts are generated, analysts investigate, context is assembled manually and decisions are made under pressure. This model was sufficient when environments were…
-
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts. First seen on hackread.com Jump to article: hackread.com/calphishing-eviltokens-kit-outlook-invites-m365/
-
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/exchange-server-cve-2026-42897-exploited/
-
Rocky Linux launches opt-in security repository for urgent fixes
Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/rocky-linux-launches-security-repository/
-
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/
-
Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
Tags: attack, cyber, cyberattack, exploit, malware, microsoft, software, threat, tool, vulnerabilityMicrosoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to silently infiltrate networks. The technique highlights a growing shift in cyberattacks where adversaries rely on legitimate software and existing trust relationships to evade detection. Notably, no vulnerability in HPE OA was exploited. Instead, threat actors…
-
Mithilfe von Mythos Preview: Forscher entwickeln Exploit für Apples M5-Hardware
Durch den Einsatz von Mythos hat es nur sechs Tage gedauert, bis Apples Memory Integrity Enforcement umgangen werden konnte. First seen on golem.de Jump to article: www.golem.de/news/mithilfe-von-mythos-preview-forscher-entwickeln-exploit-fuer-apples-m5-hardware-2605-208706.html
-
EU’s Cyber Resiliency Act will put IT leaders to the test
Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerabilityProduct safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
-
Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026
The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, researchers demonstrated 24 unique zero-day exploits, earning a total of $523,000 in rewards, according to Trend…
-
Google AI Threat Tracker: KI entwickelt erstmals Zero-Day-Exploit und skaliert Cyberangriffe weltweit
Laut GTIG ist dies der erste bekannte Fall, in dem Angreifer KI erfolgreich zur Entwicklung einer Zero-Day-Schwachstelle eingesetzt haben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/google-ai-threat-tracker-ki-entwickelt-erstmals-zero-day-exploit-und-skaliert-cyberangriffe-weltweit/a45150/
-
EU’s Cyber Resiliency Act will put IT leaders to the test
Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerabilityProduct safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
-
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under attack The vulnerability, tracked as CVE-2026-20182, carries a maximum CVSS score of 10.0 and affects Cisco Catalyst SD-WAN Controller (vSmart) and…
-
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly effective: compromise trusted build and release workflows instead of end-user systems. By injecting malicious code into CI/CD pipelines, attackers leverage…
-
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the…
-
Zero-Click-Lücke in Outlook: Angreifer können Systeme per E-Mail kompromittieren
Das bloße Senden einer E-Mail reicht aus, um über Microsoft Outlook Schadcode zur Ausführung zu bringen. Ein Klick auf einen Link ist nicht nötig. First seen on golem.de Jump to article: www.golem.de/news/zero-click-luecke-in-outlook-angreifer-koennen-systeme-per-e-mail-kompromittieren-2605-208693.html
-
82 Prozent aller Netzwerkeinbrüche ohne klassische Malware Gruppen setzen auf Logins statt auf Exploits
First seen on security-insider.de Jump to article: www.security-insider.de/ransomware-logins-statt-exploits-identitaetsschutz-a-2ccc99681c50657fd9278dc092019d4b/
-
Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root
A devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthenticated attackers to seize complete control of enterprise security infrastructure. The flaw, tracked as CVE-2026-0300 with a critical CVSS score of 9.3, targets the User-ID Authentication Portal service in PAN-OS software and has been weaponized since at…
-
Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
Hackers linked to the long-running FrostyNeighbor cyber”‘espionage group have intensified attacks against Ukrainian government organizations, deploying updated techniques that rely on scheduled tasks for stealthy persistence and server-side validation to evade detection. FrostyNeighbor also tracked as Ghostwriter, UNC1151, and TA445 has been active since at least 2016 and is widely believed to operate in alignment…
-
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026.The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It’s First seen on thehackernews.com…
-
AI agent finds 18-year-old remote code execution flaw in Nginx
Tags: ai, api, application-security, cve, cvss, data, dos, endpoint, exploit, flaw, github, leak, mitigation, network, open-source, remote-code-execution, risk, service, technology, update, vulnerability, wafngx_http_rewrite_module, a component that handles URL rewrites, and impacts Nginx versions from 0.6.27 to 1.30.0. The issue has been given a 9.2 CVSS severity score and was patched in versions 1.31.0 and 1.30.1.The commercial product, Nginx Plus, owned and developed by network and application security firm F5, is also vulnerable, and received patches in versions…