Tag: flaw
-
Cheap and Dangerous: IP KVMs Carry Flaws
Internet-Connected Remote Access Tools Operate at UEFI Level. A flood of lost-cost devices for remote IP control of servers or human-machine interfaces has roused a concomitant wave of security warnings about their security defects. Firmware security company Eclypsium probed devices made by four KVM vendors, discovering nine vulnerabilities. First seen on govinfosecurity.com Jump to article:…
-
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter’s sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells First seen…
-
RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts
RondoDox botnet targets 174 flaws, reaching 15,000 daily exploit attempts in a more focused and strategic campaign. RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with up to 15,000 daily exploitation attempts in a more focused and strategic campaign, Bitsight reported. >>We gathered all these exploit attempts (identifiable by indicators like the User-Agent and…
-
Angular XSS Vulnerability Threatens Thousands of Web Applications
A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-32635, has been discovered in Angular, one of the world’s most widely used web application frameworks. This flaw resides in the Angular runtime and compiler and affects internationalisation (i18n) attribute bindings. If exploited, it allows threat actors to bypass built-in sanitisation mechanisms and cleanly inject malicious scripts…
-
CISA Issues Alert on Wing FTP Server Vulnerability Used in Attacks
Tags: attack, cisa, cyber, cybercrime, cybersecurity, exploit, flaw, infrastructure, kev, network, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical vulnerability in the Wing FTP Server. On March 16, 2026, the agency officially added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog. This addition serves as a clear warning to network defenders that cybercriminals are actively exploiting…
-
WebFiling Flaw at UK Companies House Exposed Director Data for Months
The UK Companies House recently disclosed a significant security vulnerability in its WebFiling service that exposed sensitive director information for several months. Chief Executive Andy King confirmed that the flaw was initially introduced during a system update in October 2025. This vulnerability allowed authenticated users to potentially view and alter the private details of other…
-
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, CVE-2025-47813 (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions First seen on thehackernews.com…
-
CISA Alerts Users to Exploited Chrome 0-Day Flaws
Tags: browser, chrome, cisa, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, malicious, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being exploited in the wild by malicious actors. As a result, CISA has added both security issues to its Known Exploited Vulnerabilities (KEV) catalog,…
-
Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter
AWS Bedrock AI tool flaw allows data leaks via DNS queries in AgentCore Code Interpreter sandbox, exposing sensitive cloud data, researchers warn. First seen on hackread.com Jump to article: hackread.com/data-leak-risk-in-aws-bedrock-ai-code-interpreter/
-
U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Wing FTP Server flaw, tracked as CVE-2025-47813 (CVSS score of 4.3), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-47813 is an information disclosure vulnerability affecting Wing FTP…
-
Beyond CVSS: OT Security Looks for Its Risk Methodology
Individual Vulnerability Severity Not Always a Good Measure of Risk Exposure. A mainstay of IT security programs across the world, the Common Vulnerability Scoring System, may have terminal flaws when applied to the mirror universe of operational technology – a place where ordinary assumptions about risk don’t apply. First seen on govinfosecurity.com Jump to article:…
-
CISA flags Wing FTP Server flaw as actively exploited in attacks
CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-wing-ftp-server-flaw-as-actively-exploited-in-attacks/
-
UK’s Companies House confirms security flaw exposed business data
Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies’ information since October 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uks-companies-house-confirms-security-flaw-exposed-business-data/
-
Companies House Restores WebFiling After Flaw Exposed Director Details
Companies House fixed a WebFiling flaw that allowed users to view director details and alter company records before the service was taken offline and restored. First seen on hackread.com Jump to article: hackread.com/companies-house-webfiling-flaw-director-details/
-
UK Agency Exposed Corporate Executive Data
Directory Traversal Flaw Found in Companies House. The British government’s company register service temporarily deactivated its online filing service after someone found a serious vulnerability that allowed people to access directors’ sensitive personal data and potentially even amend companies’ records or file bogus accounts on their behalf. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-agency-exposed-corporate-executive-data-a-31033
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
875 Million Android Phones Face Risk Due to Hidden Chip Flaw
A MediaTek chip flaw could put up to 875 million Android phones at risk, exposing how a locked device can still be vulnerable below the surface. The post 875 Million Android Phones Face Risk Due to Hidden Chip Flaw appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-chip-flaw-875m/
-
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crackarmor-linux-privilege/
-
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crackarmor-linux-privilege/
-
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/security-flaw-aws-bedrock/
-
Flaw in UK’s corporate registry let directors rummage through rival records
Back button blunder in WebFiling service run by Companies House revealed confidential paperwork First seen on theregister.com Jump to article: www.theregister.com/2026/03/16/companies_house_breach/
-
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
From profile manipulation to root shell: The blog post detailed a full privilege escalation chain demonstrated on a default Ubuntu Server installation with the Postfix mail server. By loading a crafted security profile that blocks a specific privilege-dropping capability in Sudo, the researchers said they forced Sudo into a “fail-open” condition: unable to shed its…
-
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
From profile manipulation to root shell: The blog post detailed a full privilege escalation chain demonstrated on a default Ubuntu Server installation with the Postfix mail server. By loading a crafted security profile that blocks a specific privilege-dropping capability in Sudo, the researchers said they forced Sudo into a “fail-open” condition: unable to shed its…
-
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection
New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims. First seen on hackread.com Jump to article: hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
-
What the Recent PayPal Breach Says About Modern Web Risk
TL;DR A coding flaw in PayPal’s loan app went undetected for nearly six months, exposing sensitive customer data, not because prevention controls failed catastrophically,… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/what-the-recent-paypal-breach-says-about-modern-web-risk/
-
Unprivileged users could exploit AppArmor bugs to gain root access
Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have existed since 2017 and could allow unprivileged users to bypass protections, escalate privileges to root,…
-
What it takes to win that CSO role
Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, defense, finance, flaw, framework, google, identity, insurance, jobs, monitoring, network, resilience, risk, skills, startup, strategy, technology, threatGovern the explosion of shadow AI and establish guardrails for generative AI before it creates material data leakage.Move beyond prevention and operate as a business enabler, proving the organization can maintain a minimum viable business during a sustained outage.Address compliance burdens, such as SEC disclosure rules or the EU AI Act, not as a checklist,…
-
What it takes to win that CSO role
Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, defense, finance, flaw, framework, google, identity, insurance, jobs, monitoring, network, resilience, risk, skills, startup, strategy, technology, threatGovern the explosion of shadow AI and establish guardrails for generative AI before it creates material data leakage.Move beyond prevention and operate as a business enabler, proving the organization can maintain a minimum viable business during a sustained outage.Address compliance burdens, such as SEC disclosure rules or the EU AI Act, not as a checklist,…