Tag: flaw
-
MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update
Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security features and execute arbitrary code. APT28 is a well-documented advanced persistent threat group known for sophisticated malware campaigns. Security researchers from Akamai discovered that…
-
TPMS Flaw in Toyota, Mercedes, and Other Major Brands Enables Covert Vehicle Tracking
Tire pressure monitoring systems (TPMS) in popular brands like Toyota, Mercedes, and many others quietly broadcast radio signals that can be turned into a powerful vehicle”‘tracking tool. New research shows that these routine safety messages can be harvested at scale, allowing anyone with cheap hardware to map where cars go, when they move, and even…
-
UXSS Vulnerability in DuckDuckGo Browser’s AutoConsent JS Bridge Allows Cross-Origin Attacks
A critical vulnerability was recently discovered in the DuckDuckGo browser for Android, exposing users to Universal Cross-Site Scripting (UXSS) attacks. This flaw, found in the browser’s AutoConsent JS bridge, allows malicious code from an untrusted source to run on a trusted webpage. Security researcher Dhiraj Mishra reported the vulnerability via HackerOne. It has since been…
-
ProofConcept Released for Windows ALPC Privilege Escalation via Error Reporting
A critical local privilege escalation (LPE) vulnerability, identified as CVE-2026-20817, has been publicly documented following the release of a proof-of-concept (PoC) exploit. Discovered in the Windows Error Reporting (WER) service, the flaw allows an authenticated, low-privileged user to execute arbitrary code with SYSTEM-level access. Vulnerability Overview Feature Details CVE ID CVE-2026-20817″‹ Severity Score CVSS 7.8…
-
OneUptime Command Injection Vulnerability Poses Major Risk of Full System Takeover
A critical command injection vulnerability, identified as CVE-2026-27728, has been discovered in OneUptime, a platform for monitoring and managing online services. This flaw allows authenticated users to execute arbitrary operating system commands on the Probe server, posing a significant risk of a full system takeover. Organizations using versions prior to 10.0.7 are urged to patch…
-
ClawJacked flaw exposed OpenClaw users to data theft
“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released…
-
ClawJacked flaw exposed OpenClaw users to data theft
“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released…
-
GUEST ESSAY: Real cyber risks arise when small flaws combine and alerts are viewed in isolation
Security teams are drowning in signals. Alerts fire. Logs accumulate. Dashboards light up. Yet breaches still unfold quietly, often through a series of low-level actions that never trigger a single catastrophic alarm. Related: How ‘observability’ drives security Attackers do not… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/guest-essay-real-cyber-risks-arise-when-small-flaws-combine-and-alerts-are-viewed-in-isolation/
-
Purpose-built AI Security Agent Detected 92% of DeFi Contracts Vulnerabilities
Baseline coding agents didn’t fare too well against purpose-built AI security agents in detecting flaws in DeFi contracts underscoring that organizations must not rely on audits and must press AI into use for detecting vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/purpose-built-ai-security-agent-detected-92-of-defi-contracts-vulnerabilities/
-
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control.”Our vulnerability lives in the core system itself no plugins, no marketplace, no user-installed extensions just the bare OpenClaw gateway, running exactly as documented,” Oasis…
-
iOS Penetration Testing: Definition, Process and Tools
Tags: breach, control, data, flaw, iphone, penetration-testing, reverse-engineering, tool, vulnerabilityWhile iPhones boast robust security, attackers constantly seek weak points. Enter iOS penetration testing the security validation exercise against your controls attempting to stop data breaches and unauthorised access. Through manual and automated techniques like vulnerability scanning and reverse engineering, it uncovers hidden flaws in your iOS apps, protecting sensitive data and user trust…. First…
-
Lovable-hosted app littered with basic flaws exposed 18K users, researcher claims
Who’s to blame the vibey platforms or the humans who ignore security warnings? First seen on theregister.com Jump to article: www.theregister.com/2026/02/27/lovable_app_vulnerabilities/
-
Security hole could let hackers take over Juniper Networks PTX core routers
The hole is “especially dangerous, because these devices often sit in the middle of the network, not on the fringes,” said Piyush Sharma, CEO of Tuskira. “If an attacker gains control of a PTX, the impact is bigger than a single device compromise because it can become a traffic vantage point and a control point…
-
FreeBSD Jail Escape Flaw Breaks Filesystem Isolation
Tags: flawFreeBSD patched a critical jail escape flaw that can break filesystem isolation and expose the host system. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/freebsd-jail-escape-flaw-breaks-filesystem-isolation/
-
Juniper PTX Flaw Could Allow Full Router Takeover
A critical Juniper flaw could let attackers take full control of PTX core routers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/juniper-ptx-flaw-could-allow-full-router-takeover/
-
Trend Micro Patches Critical Apex One RCE Flaws
Trend Micro has fixed critical Apex One flaws that could enable remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/trend-micro-patches-critical-apex-one-rce-flaws/
-
5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign
Hackers exploited a critical Cisco SD-WAN flaw, prompting a rare joint warning from the US, UK, Australia, Canada, and New Zealand. The post 5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-sdwan-flaw-five-eyes-joint-warning/
-
Millions at Risk as Android Mental Health Apps Expose Sensitive Data
Oversecured flagged 1,575 flaws in 10 Android health apps with 14.7M installs, putting chats, CBT notes, and mood logs at risk, per BleepingComputer. The post Millions at Risk as Android Mental Health Apps Expose Sensitive Data appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-mental-health-apps-14-7-million-installs/
-
Juniper issues emergency patch for critical PTX router RCE
Juniper released an emergency patch for Junos OS Evolved to fix CVE-2026-21902, a critical RCE flaw affecting PTX routers. Juniper Networks issued an out-of-band security update for Junos OS Evolved to address a critical remote code execution vulnerability, tracked as CVE-2026-21902 (CVSS score of 9.3), impacting PTX routers. The company urges customers to apply the…
-
Stored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at Risk
A critical security flaw has been identified in the RustFS Console, exposing administrators to a high risk of account takeover. Tracked as CVE-2026-27822, this Stored Cross-Site Scripting (XSS) vulnerability carries a critical CVSS v3 score of 10.0 and affects versions of the Rust package before 1.0.0-alpha.82. The vulnerability allows an attacker to execute arbitrary JavaScript…
-
UK Vulnerability Monitoring Service Cuts Unresolved Security Flaws by 75%
The UK government says its new Vulnerability Monitoring Service has cut unresolved security flaws by 75% and reduced cyber-attack fix times from nearly two months to just over a week First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-vuln-monitoring-service-cuts/
-
Critical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code Execution
Trend Micro has disclosed eight security vulnerabilities in its Apex One endpoint protection platform, including two critical-severity flaws that allow unauthenticated remote attackers to upload malicious code and execute commands on affected systems. The company released a Critical Patch on February 24, 2026, under Solution ID KA-0022458, covering Apex One 2019 (on-premises) on Windows and…
-
Critical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code Execution
Trend Micro has disclosed eight security vulnerabilities in its Apex One endpoint protection platform, including two critical-severity flaws that allow unauthenticated remote attackers to upload malicious code and execute commands on affected systems. The company released a Critical Patch on February 24, 2026, under Solution ID KA-0022458, covering Apex One 2019 (on-premises) on Windows and…
-
Juniper Networks PTX Vulnerability Allows Full Router Takeover, Exposing Networks
Juniper Networks has issued an out-of-cycle critical security bulletin addressing a severe vulnerability affecting its PTX Series routers running Junos OS Evolved. The flaw allows an unauthenticated, network-based attacker to execute malicious code with root privileges, potentially leading to complete device takeover. This critical security issue underscores the importance of securing core network infrastructure against…
-
Attackers Have Been Exploiting Cisco SD-WAN Zero-Day Flaw Since 2023
Cisco and Five Eyes agencies are alerting organizations to a highly sophisticated attack, where threat actors compromise a Cisco SD-WAN controller via a zero-day flaw, downgrade the device to an earlier software version that is vulnerable to an older bug, before gaining root access and restoring the device to its original version. First seen on…