Tag: flaw
-
Flaws in Google, Microsoft products added to Cisa catalogue
Cisa has added six CVEs to its Kev catalogue this week, including newly-disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639264/Flaws-in-Google-Microsoft-products-added-to-Cisa-catalogue
-
XSS Bug in VS Code Extension Exposed Local Files
An XSS flaw in the VS Code Live Preview extension exposed developers’ local files and credentials through the localhost server. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/xss-bug-in-vs-code-extension-exposed-local-files/
-
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Tags: control, cve, cvss, cybersecurity, data-breach, flaw, phone, remote-code-execution, voip, vulnerabilityCybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices.The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow…
-
Windows Admin Center Flaw Opens Door to Privilege Escalation
A Windows Admin Center vulnerability could allow authorized attackers to escalate privileges across enterprise environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/windows-admin-center-flaw-opens-door-to-privilege-escalation/
-
Telegram channels expose rapid weaponization of SmarterMail flaws
Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to ransomware activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/telegram-channels-expose-rapid-weaponization-of-smartermail-flaws/
-
VS Code extensions with 125M+ installs expose users to cyberattacks
Four popular VS Code extensions with 125M+ installs have flaws that could let hackers steal files and run code remotely. OX Security researchers warn that security flaws in four widely used VS Code extensions (Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview) could allow attackers to steal local files and execute code…
-
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines software since … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/exploited-dell-zero-day-cve-2026-22769-brickstorm-grimbolt/
-
Flaws in four popular VS Code extensions left 128 million installs open to attack
Tags: access, api, attack, cloud, credentials, cve, flaw, infrastructure, malicious, microsoft, risk, supply-chain, tool, update, vulnerability, xssMicrosoft quietly patched its own extension: The fourth vulnerability played out differently. Microsoft’s Live Preview extension, with 11 million downloads, contained a cross-site scripting flaw that, according to OX Security, let a malicious web page enumerate files in the root of a developer’s machine and exfiltrate credentials, access keys, and other secrets.The researchers reported the…
-
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely.The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and First seen…
-
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely.The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and First seen…
-
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. >>Mandiant and Google Threat Intelligence Group (GTIG) have identified…
-
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, microsoft, ransomware, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…
-
Zero-Day in Dell RecoverPoint Exploited by Chinese Hacker Group
A critical zero-day vulnerability, tracked as CVE-2026-22769, is being actively exploited in Dell Technologies’ RecoverPoint for Virtual Machines. According to Mandiant and Google Threat Intelligence Group (GTIG), the flaw carries a perfect score severity score of 10, and has been weaponized by a Chinese threat cluster, identified as UNC6201. First seen on thecyberexpress.com Jump to…
-
CISA Warns of Actively Exploited Google Chromium 0″‘Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Google Chromium engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracking as CVE-2026-2441, this security flaw is currently being actively exploited in the wild. The agency’s inclusion of this bug serves as a mandate for federal agencies to apply necessary…
-
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit…
-
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The vulnerability, described as an Elevation of Privilege issue, allows authorised attackers to escalate their permissions…
-
OpenClaw AI ‘Log Poisoning’ Flaw Enables Malicious Content Injection
A severe >>log poisoning<< vulnerability has been discovered in the popular OpenClaw AI assistant, potentially allowing attackers to manipulate the agent's behaviour through indirect prompt injection. OpenClaw, an open-source autonomous agent known for its deep system integrations and ability to manage complex tasks, has recently seen massive adoption. However, its ability to self-debug and read…
-
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The vulnerability, described as an Elevation of Privilege issue, allows authorised attackers to escalate their permissions…
-
Hackers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines
Threat actors linked to China have deployed a novel backdoor, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/zero-day-dell-recoverpoint-virtual-machines-exploited/812392/
-
Hsckers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines
Threat actors linked to China have deployed a novel backdoor, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/zero-day-dell-recoverpoint-virtual-machines-exploited/812392/
-
OpenClaw Flaw Enables AI Log Poisoning Risk
OpenClaw versions prior to 2026.2.13 logged unsanitized WebSocket headers, creating a potential AI log poisoning risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openclaw-flaw-enables-ai-log-poisoning-risk/
-
Flaws in popular VSCode extensions expose developers to attacks
Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
-
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/
-
CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover
CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/cve-2026-1357-wordpress-plugin-rce-exposes-sites-to-full-takeover/
-
Apache NiFi Vulnerabilities Expose Systems to Authorization Bypass Attacks
Apache NiFi users are being urged to upgrade after the project disclosed a high-severity authorization flaw tracked as CVE-2026-25903. The issue, published on 2026-02-16, can allow a less-privileged authenticated user to modify configuration properties on certain “restricted” extension components that were previously added to a flow by a more privileged user, potentially weakening security controls…
-
Exploitable Flaws Found in Cloud-Based Password Managers
‘Malicious Server Threat Model’ Threatens ‘Zero Knowledge Encryption’ Guarantees. Claims by leading stand-alone password managers that their implementation of zero knowledge encryption means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found. First seen on…
-
A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more
A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alternatives to branded drugs to make healthcare more accessible across India. DavaIndia runs…
-
CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-beyondtrust-flaw-within-three-days/