Tag: flaw
-
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation
Tags: browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, hacker, infrastructure, kev, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability affecting Google Chrome and other Chromium-based web browsers. Officially tracked as CVE-2026-5281, this security flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog because hackers are actively exploiting it in real-world attacks. The vulnerability originates…
-
Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution
Cisco has released a high-priority security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. The flaw, tracked as CVE-2026-20160, carries a near-maximum CVSS severity score of 9.8 out of 10. If exploited, it enables an unauthenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating…
-
Critical PX4 Autopilot Vulnerability Let Attackers Gain Control of Drones
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. This critical flaw could allow malicious actors to completely take over unmanned aerial vehicles (UAVs) and drones used across vital infrastructure sectors. Tracked as CVE-2026-1579, the security flaw carries a near-maximum Common Vulnerability Scoring…
-
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
P_MLE and P_SECURE) in the tabpanel sidebar introduced in 2025, and a missing security check in the autocmd_add() function.Claude Code then helpfully tried to find ways to exploit the vulnerability, eventually suggesting a tactic that bypassed the Vim sandbox by persuading a target to open a malicious file. It had gone from prompt to proof-of-concept…
-
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation, Patch Released
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard.”Use-after-free in Dawn in Google Chrome prior…
-
Google Warns of New Chrome Zero-Day Under Active Exploitation Users Urged to Update Immediately
Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is actively being exploited in the wild. Users are strongly urged to update their browsers immediately to version 146.0.7680.177/.178 for Windows and Mac, or 146.0.7680.177 for Linux . Active Zero-Day Threat The most…
-
Google Chrome Update Fixes 21 Flaws, Warns of Actively Exploited Vulnerability
Google has released a Stable Channel Update for Chrome, addressing 21 security vulnerabilities, including a high-profile code smuggling vulnerability that is actively being exploited in the wild. The update rolled out on Wednesday night. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/chrome-stable-channel-update-security/
-
Vim Modeline Vulnerability Opens Door to Arbitrary OS Command Execution
Vim is a widely used, highly configurable text editor, but a recently disclosed flaw highlights the risks associated with its file-parsing features. Tracked as CVE-2026-34982, a high-severity vulnerability allows attackers to execute arbitrary operating system commands simply by tricking a user into opening a maliciously crafted file. The issue affects all Vim versions prior to…
-
9 ways CISOs can combat AI hallucinations
Tags: access, ai, breach, ciso, compliance, control, corporate, cybersecurity, data, defense, encryption, flaw, framework, GDPR, governance, identity, metric, penetration-testing, regulation, risk, soc, tool, trainingTreat AI outputs as drafts, not finished products: One of the biggest risks is over-trusting AI, according to security experts. Coté says her organization changed its policy so AI-generated content cannot go straight into compliance documentation without a human review.”The moment your team starts treating an AI-generated answer as a finished work product, you have…
-
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw
A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and execute arbitrary commands. Proof-of-Concept (PoC) exploit code has been publicly released, prompting an urgent need for administrators to update to version 2.3.4. Backup Integrity Bypass Flaw The vulnerability stems from a circular trust model where…
-
TrueConf Vulnerability Under Active Exploitation in Southeast Asia Government Attacks
Check Point Research has discovered a critical zero-day vulnerability in the TrueConf video conferencing client. Tracked as CVE-2026-3502 with a CVSS score of 7.8, this flaw is currently being exploited in targeted attacks against government entities in Southeast Asia. Dubbed >>Operation TrueChaos,<< the campaign uses the application's trusted update system to deliver the Havoc post-exploitation…
-
Hackers Actively Exploit Critical WebLogic RCE Vulnerabilities in Ongoing Attacks
A maximum-severity vulnerability in Oracle WebLogic Server is facing rapid exploitation in the wild. Tracked as CVE-2026-21962, this unauthenticated Remote Code Execution (RCE) flaw carries a maximum CVSS score of 10.0. According to a recent honeypot study, attackers began weaponizing the flaw on January 22, 2026, the exact day public exploit code was released on…
-
Maryland Man Charged Over $53m Uranium Finance Crypto Hack
Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/man-charged-uranium-crypto-hack/
-
GIGABYTE Control Center vulnerable to arbitrary file write flaw
The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gigabyte-control-center-vulnerable-to-arbitrary-file-write-flaw/
-
Check Point Research Reveals ChatGPT Data Exfiltration Flaw
A ChatGPT flaw lets a single prompt silently exfiltrate data via DNS, bypassing safeguards. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/check-point-research-reveals-chatgpt-data-exfiltration-flaw/
-
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos.The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to…
-
OpenAI patches twin leaks as Codex slips and ChatGPT spills
ChatGPT’s hidden outbound channel leaks user data: OpenAI has reportedly fixed a parallel bug in ChatGPT that goes beyond credential theft. Check Point researchers uncovered a hidden outbound communication path in ChatGPT’s code execution runtime that could be triggered with a single malicious prompt.This channel successfully bypassed the platform’s expected safeguards around external data sharing.…
-
Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild
F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately. First seen on hackread.com Jump to article: hackread.com/critical-f5-big-ip-flaw-upgrad-to-9-8-rce-exploited/
-
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network Graphics (PNG) image files. These critical flaws allow remote attackers to trigger process crashes, leak sensitive heap memory, and potentially achieve arbitrary code execution by tricking applications into processing specially crafted, standards-compliant PNG images. Both vulnerabilities require…
-
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. In March, Citrix issued security updates for two NetScaler vulnerabilities,…
-
CISA orders feds to patch actively exploited Citrix flaw by Thursday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-citrix-flaw-by-thursday/
-
ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information
Artificial intelligence assistants increasingly handle our most sensitive data, operating under the assumption that enclosed environments keep this information secure. However, a newly disclosed vulnerability in ChatGPT shattered this expectation. Discovered by Check Point Research, this flaw exploited the isolated code execution runtime to establish a covert outbound communication channel, effectively turning standard chat sessions…
-
Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-f5-big-ip-flaw-in-attacks-patch-now/
-
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to uncover zero-day Remote Code Execution (RCE) flaws in both Vim and Emacs. The discoveries show that merely opening a malicious file in these popular text editors could allow attackers to execute arbitrary code and fully…
-
Notepad++ v8.9.3 Released With Fixes for cURL Security Flaw and Crash Bugs
Notepad++ rolled out version 8.9.3, an important update addressing a notable cURL security vulnerability and resolving multiple crash bugs. Alongside these vital security patches, this release marks the official completion of the application’s migration to a new XML parser, significantly improving the performance of configuration file operations. The most critical aspect of the v8.9.3 update…
-
F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fortinet-big-ip-vulnerability-reclassified-rce-exploitation
-
Fortinet BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fortinet-big-ip-vulnerability-reclassified-rce-exploitation
-
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point.”A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in First…