Tag: exploit
-
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/19/splunk-vulnerability-cve-2026-20253-exploited/
-
Splunk Enterprise flaw actively exploited, patch by Sunday
CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/
-
HazyBeacon Abuses AWS Lambda Function URLs for Stealthy CommandControl Operations
HazyBeacon is a stealthy cloud-native malware campaign identified as CL-STA-1020. It is exploiting Amazon Web Services (AWS) Lambda Function URLs to create covert command-and-control (C2) channels, marking a significant evolution in attacker tactics. According to recent Qualys research, the campaign primarily targets government entities across Southeast Asia by exploiting misconfigured serverless infrastructure. This allows adversaries…
-
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips.That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use.This is…
-
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips.That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use.This is…
-
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution.Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on the same machine and spawn a process on the host.No credentials, no sign-in…
-
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users.The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device…
-
Azul schließt Sicherheitslücke im Java-Stack, die autonome KI-Angreifer ausnutzen können
Autonome KI-Exploit-Tools unterscheiden nicht zwischen regulierten und unregulierten Zielen. Doch die Konsequenzen eines Sicherheitsvorfalls in regulierten Umgebungen sind gravierend First seen on infopoint-security.de Jump to article: www.infopoint-security.de/azul-schliesst-sicherheitsluecke-im-java-stack-die-autonome-ki-angreifer-ausnutzen-koennen/a45545/
-
CVE-2026-48907 and LiteSpeed cPanel Plugin Flaws Come Under Active Attack
Security researchers and software vendors warn that attackers are actively exploiting vulnerabilities in both Joomla and the LiteSpeed cPanel plugin, posing significant risks to website administrators and shared hosting environments. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-48907-joomla-jce-litespeed-cpanel/
-
Authorities Seize 106 Servers and 101 Domains in Major SocGholish Malware Takedown
Tags: cyber, cybercrime, exploit, group, infection, infrastructure, international, law, malware, russiaInternational law enforcement agencies have successfully seized 106 servers and 101 domains as part of a coordinated global effort against the SocGholish malware infrastructure, marking a major milestone in Operation Endgame. Announced on June 18, 2026, from The Hague, this operation targeted a crucial infection chain exploited by cybercriminal groups, including the infamous Russia-linked group…
-
Mini Shai-Hulud startet Schadcode bei jedem Python-Aufruf Chain-Worm Miasma stiehlt Cloud-Zugangsdaten über PyPI
First seen on security-insider.de Jump to article: www.security-insider.de/mini-shai-hulud-miasma-pypi-supply-chain-bun-stealer-a-7ccd0e0e9f96b010c6b74ecbfbb071fd/
-
Agentjacking attack exploits AI coding tools with fake error reports
First seen on scworld.com Jump to article: www.scworld.com/brief/agentjacking-attack-exploits-ai-coding-tools-with-fake-error-reports
-
Icarus threat actors exploit Klue OAuth breach to steal Salesforce data
First seen on scworld.com Jump to article: www.scworld.com/brief/icarus-threat-actors-exploit-klue-oauth-breach-to-steal-salesforce-data
-
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems.The vulnerabilities are listed below – CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open…
-
Hostile states launched nearly 200 attacks on UK infrastructure in 12 months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief
-
Kritische Sicherheitslücke in Joomla JCE aktiv ausgenutzt
Die US-Behörde CISA warnt vor einer kritischen Schwachstelle im Joomla Content Editor. Angreifer können unauthentifiziert Schadcode ausführen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/joomla-jce-sicherheitsluecke
-
F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution
F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect HTTP modules and can be exploited remotely without authentication to trigger memory corruption, potentially causing…
-
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender
Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a proof-of-concept (PoC) exploit dubbed “RoguePlanet” by security researcher NightmareEclipse. The vulnerability, classified as an elevation-of-privilege flaw, was officially published on June 16, 2026, and is already drawing attention due to its reliability and ability to…
-
FortiBleed Exploit Campaign Hits 70,000+ Fortinet Firewalls Worldwide
A large-scale cyber espionage campaign dubbed “FortiBleed” has compromised more than 70,000 Fortinet firewalls and VPN gateways worldwide, exposing enterprise networks across 194 countries. The activity, first identified by security researcher Volodymyr Diachenko and further analyzed by Hudson Rock and Kevin Beaumont, reveals a coordinated effort targeting internet-exposed FortiGate management interfaces. The dataset contains 73,932…
-
Financially Motivated Hackers Turn Legitimate IT Tools Into Remote Access Payloads
A novel evolution of LLMjacking: a threat actor leveraging a publicly exposed Ollama model server as the reasoning engine for an automated, multi-stage offensive framework. Rather than using the model for chat or resale, the attacker integrated unauthenticated model inference into a VAPT-style pipeline that scans targets, maps vulnerabilities, synthesizes proof-of-concept exploits, and attempts command…
-
Financially Motivated Hackers Turn Legitimate IT Tools Into Remote Access Payloads
A novel evolution of LLMjacking: a threat actor leveraging a publicly exposed Ollama model server as the reasoning engine for an automated, multi-stage offensive framework. Rather than using the model for chat or resale, the attacker integrated unauthenticated model inference into a VAPT-style pipeline that scans targets, maps vulnerabilities, synthesizes proof-of-concept exploits, and attempts command…
-
LATAM Infrastructure Hit by Fortinet and Ivanti Exploits
CloudSEK maps Operation Escaneo, a campaign hitting Latin American infrastructure via perimeter bugs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/operation-escaneo-cloudsek-latam/
-
Jetzt patchen: Nginx-Webserver durch kritische Lücken angreifbar
Tags: exploitAngreifer können aufgrund von Sicherheitslücken in drei Nginx-Modulen Webserver lahmlegen oder Schadcode einschleusen. Patches verhindern das. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-nginx-webserver-durch-kritische-luecken-angreifbar-2606-209926.html
-
Gefährlicher Windows-Exploit: Microsoft verspricht ein High-Quality-Update
Microsoft will mit einem Update die Ausnutzung des Rogueplanet-Exploits auf Windows-Geräten unterbinden. Wann das passiert, bleibt aber ein Rätsel. First seen on golem.de Jump to article: www.golem.de/news/rogueplanet-exploit-microsoft-verspricht-ein-high-quality-sicherheitsupdate-2606-209904.html
-
Schadcode in 144 npm-Paketen von Mastra entdeckt
Ein Angreifer kompromittierte 144 npm-Pakete des KI-Frameworks Mastra. Betroffen ist auch die Kernkomponente mit über 918.000 wöchentlichen Downloads. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/mastra-schadcode-144-npm-paketen
-
Windows Defender Vulnerability Exposed as RoguePlanet PoC Spreads Online
A newly disclosed Windows Defender vulnerability, tracked as CVE-2026-50656 and dubbed RoguePlanet, has raised concerns across the cybersecurity community after a working proof-of-concept (PoC) exploit was released before a security patch became available. The exploit was published on GitHub by security researcher Nightmare Eclipse on June 10, 2026, only hours after Microsoft issued its June Patch Tuesday updates. First seen…
-
Hostile states launched nearly 200 attacks on UK infrastructure in five months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief
-
Hostile states launched nearly 200 attacks on UK infrastructure in five months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief
-
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data
A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data and establish command-and-control (C2) channels directly within the database engine, significantly expanding the post-exploitation attack surface. Security researcher Justin Kalnasy of SpecterOps demonstrated that newly introduced AI-focused features, intended to support…