Tag: flaw
-
Microsoft Fixes Two Publicly Disclosed Zero-Days
March Patch Tuesday sees Microsoft release updates for 79 flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-fixes-two-publicly/
-
Microsoft Active Directory Flaw Allows Attackers to Escalate Privileges
Microsoft has released a critical security update addressing a high-severity elevation of privilege vulnerability in Active Directory Domain Services (AD DS). This flaw, patched during the March 10, 2026, Patch Tuesday rollout, poses a significant threat to enterprise identity infrastructure by allowing attackers to gain SYSTEM-level access. Tracked as CVE-2026-25177, this security defect carries a…
-
Microsoft .NET 0-Day Flaw Opens Doors for Denial of Service Attacks
Microsoft’s March 2026 Patch Tuesday has addressed a zero-day vulnerability in the .NET framework, officially tracked as CVE-2026-26127. Disclosed publicly before a patch was available, this flaw allows unauthenticated remote attackers to trigger a denial of service (DoS) condition against applications running on affected .NET environments. The vulnerability has been categorized as an out-of-bounds read…
-
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this…
-
Microsoft Patch Tuesday security updates for March 2026 fixed 84 bugs
Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities in its products. None of the flaws are known to be exploited so far. Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities across its products. The IT giant addressed flaws across Windows, Office, Edge, Azure, SQL Server, Hyper-V, and ReFS. Including…
-
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…
-
HPE warns of critical AOS-CX flaw allowing admin password resets
Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-warns-of-critical-aos-cx-flaw-allowing-admin-password-resets/
-
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
Today is Microsoft’s March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/
-
The Economic Argument: The Real Cost of Insecure APIs in the AI Era
Tags: access, ai, api, application-security, attack, business, compliance, control, corporate, cybersecurity, data, defense, exploit, finance, flaw, framework, governance, identity, injection, international, jobs, malicious, privacy, regulation, risk, threat, tool, vulnerabilityWhen cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to…
-
New “LeakyLooker” Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims’ databases and exfiltrate sensitive data within organizations’ Google Cloud environments.The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in First seen on thehackernews.com…
-
Recently patched Ivanti EPM flaw now actively exploited
CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited/
-
SAP Releases Patches for Security Flaws Allowing Remote Code Execution
On March 10, 2026, SAP released its monthly Security Patch Day updates, addressing multiple vulnerabilities across its enterprise software products. Maintaining a structured patch management cycle aligned with this monthly schedule remains a foundational practice for enterprise SAP security. This month’s rollout includes 15 new security notes, with no updates to previously issued patches. Administrators…
-
U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is…
-
Gogs Flaw Could Let Attackers Quietly Overwrite Large File Storage Data
Tags: attack, cve, cyber, data, exploit, flaw, open-source, software, supply-chain, threat, vulnerabilityA critical security vulnerability has been identified in Gogs, a widely used open-source self-hosted Git service. / Tracked as CVE-2026-25921, this flaw allows unauthenticated attackers to silently overwrite Git Large File Storage (LFS) objects across any repository. By exploiting a lack of content verification, threat actors can conduct stealthy software supply-chain attacks, replacing legitimate project…
-
Cloudflare Pingora Flaws Enable Request Smuggling and Cache Poisoning Attacks
Tags: advisory, attack, cve, cyber, data-breach, flaw, Internet, network, open-source, vulnerabilityIn a recent security advisory, Cloudflare disclosed multiple HTTP request smuggling and cache poisoning vulnerabilities in its open-source Pingora framework. Tracked under the identifiers CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836, these flaws specifically impact standalone Pingora deployments that are exposed directly to the internet as ingress proxies. Cloudflare has explicitly confirmed that its own Content Delivery Network…
-
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability list is as follows -CVE-2021-22054 (CVSS score: 7.5) – A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that First…
-
Cloud attacks exploit flaws more than weak credentials
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-cloud-attacks-exploit-flaws-more-than-weak-credentials/
-
AVideo Zero-Click Flaw Lets Attackers Hijack Live Streams
Tags: flawAn AVideo flaw allows unauthenticated attackers to execute commands and take over streaming servers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/avideo-zero-click-flaw-lets-attackers-hijack-live-streams/
-
Hacker FreeAll Over Cisco SD-WAN Flaw
Three-Year Old Zero-Day Under Mass Attack. A flaw in Cisco Software-defined network management software has become a hacker free-for-all, warn cybersecurity experts. The flaw allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on the affected system. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hacker-free-for-all-over-cisco-sd-wan-flaw-a-30946
-
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data
Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/elastic-cloud-siem-manage-stolen/
-
Vaultwarden Vulnerabilities Enable Privilege Escalation and Data Exposure
Two high-severity vulnerabilities have been discovered in Vaultwarden, a widely used alternative Bitwarden server implementation written in Rust. These security flaws, tracked as CVE-2026-27803 and CVE-2026-27802, allow compromised Manager accounts to bypass authorization checks, escalate privileges, and expose sensitive stored credentials. Both vulnerabilities carry a High severity rating with network-based attack vectors that require low…
-
Apache ZooKeeper Flaw Exposes Sensitive Data to Attackers
Apache ZooKeeper, a centralized service used for maintaining configuration information and naming in distributed systems, has received critical security updates. The Apache Software Foundation recently addressed two >>Important<< severity vulnerabilities that could expose sensitive data and allow server impersonation in production environments. Configuration and Hostname Verification Flaws The first vulnerability, identified as CVE-2026-24308, involves sensitive…
-
Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
A newly disclosed vulnerability in Nginx UI, tracked as CVE-2026-27944, has raised major security concerns after researchers confirmed that attackers can download and decrypt server backups without authentication. The flaw, which carries a CVSS score of 9.8, represents a critical security risk for organizations that expose their Nginx UI management interface to the public internet. First seen on thecyberexpress.com Jump to article:…
-
112 or 22 to 2: Who Moved the Vulnerability Cheese?
AI can now scan codebases and generate hundreds of potential vulnerabilities in minutes. But when 112 bug reports collapse into 22 confirmed flaws and only two exploitable issues, the real disruption is how AI is reshaping the entire vulnerability lifecycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/112-or-22-to-2-who-moved-the-vulnerability-cheese/
-
112 or 22 to 2: Who Moved the Vulnerability Cheese?
AI can now scan codebases and generate hundreds of potential vulnerabilities in minutes. But when 112 bug reports collapse into 22 confirmed flaws and only two exploitable issues, the real disruption is how AI is reshaping the entire vulnerability lifecycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/112-or-22-to-2-who-moved-the-vulnerability-cheese/
-
1-Click ZITADEL Vulnerability Could Allow Full System Takeover
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical severity rating, this flaw resides in the platform’s login V2 interface, specifically within the /saml-post endpoint. It allows unauthenticated remote attackers to execute malicious JavaScript directly within a user’s browser. With a…
-
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944, this vulnerability carries a maximum critical severity score of 9.8 out of 10. The flaw exposes highly sensitive data, including user credentials, session tokens, and SSL private keys, putting entire…