Tag: flaw
-
“Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads, Report
Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden… First seen on hackread.com Jump to article: hackread.com/claudy-day-flaws-data-theft-fake-claude-ai-ads/
-
Apple Rolls Out Real-Time Security Fixes Across iPhone, iPad, and Mac
Apple launches Background Security Improvements to fix vulnerabilities in real time, starting with a WebKit flaw affecting Safari on iPhone, iPad, and Mac. The post Apple Rolls Out Real-Time Security Fixes Across iPhone, iPad, and Mac appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-background-security-improvements-webkit-fix/
-
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Tags: attack, cisco, exploit, firewall, flaw, ransomware, remote-code-execution, software, vulnerability, zero-dayThe Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/
-
‘Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
A prompt injection vulnerability paired with other flaws can turn a Google search into a full attack chain that could threaten enterprise networks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/claudy-day-trio-flaws-claude-users-data-theft
-
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Tags: access, cisco, cve, exploit, firewall, flaw, intelligence, ransomware, threat, vulnerability, zero-dayAmazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software.The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to First seen…
-
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ubuntu-flaw-enables-root-access/
-
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ubuntu-flaw-enables-root-access/
-
Researchers warn of unpatched, critical Telnetd flaw affecting all versions
CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in…
-
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ubuntu-flaw-enables-root-access/
-
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ubuntu-flaw-enables-root-access/
-
Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks
Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mechanism on March 17, 2026, this targeted patch secures Apple devices against potential Same Origin Policy violations without requiring a full operating system…
-
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges.The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in…
-
9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts.The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow First…
-
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit
Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control…
-
Critical Telnetd Vulnerability Enables Remote Code Execution Attacks
A critical buffer overflow vulnerability has been discovered in the GNU InetUtils telnetd daemon. Tracked as CVE-2026-32746, the flaw carries a maximum CVSS 3.1 score of 9.8 and allows unauthenticated attackers to execute arbitrary code with root privileges. There is no confirmed active exploitation, and the severity of the flaw demands immediate attention from network…
-
Ubuntu Desktop Vulnerability Lets Attackers Escalate Privileges to Full Root Access
The Qualys Threat Research Unit (TRU) has disclosed a critical Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. Tracked as CVE-2026-3888, this high-severity flaw carries a CVSS v3.1 score of 7.8 and allows unprivileged local attackers to completely compromise the host system by escalating their privileges to full…
-
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level.Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system.”This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root…
-
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level.Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system.”This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root…
-
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit’s Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted…
-
Researchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM Access
Researchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as >>RegPwn<<. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how Windows handles registry configurations for its built-in Accessibility features."‹ Windows Accessibility features, such as the On-Screen Keyboard and Narrator, run…
-
FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion
Tags: authentication, control, cve, cvss, cyber, cybersecurity, flaw, fortinet, injection, sql, vulnerabilityCybersecurity researchers have a detailed a critical security flaw in Fortinet’s FortiClient Enterprise Management Server (EMS). Tracked as CVE-2026-21643, this severe pre-authentication SQL injection vulnerability carries a near-maximum CVSS severity score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and gain total control over the underlying database. The flaw specifically targets multi-tenant…
-
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges.The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in…
-
Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-pushes-first-background-security-improvements-update-to-fix-webkit-flaw/
-
Cheap and Dangerous: IP KVMs Carry Flaws
Internet-Connected Remote Access Tools Operate at UEFI Level. A flood of lost-cost devices for remote IP control of servers or human-machine interfaces has roused a concomitant wave of security warnings about their security defects. Firmware security company Eclypsium probed devices made by four KVM vendors, discovering nine vulnerabilities. First seen on govinfosecurity.com Jump to article:…
-
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter’s sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells First seen…