Tag: flaw
-
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack, Patch Released
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild.The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on…
-
CISA Issues Alert on ZLAN ICS Flaws Enabling Full Device Takeover
Tags: advisory, cisa, cyber, cybersecurity, flaw, infrastructure, network, technology, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding significant security flaws discovered in industrial networking equipment manufactured by ZLAN Information Technology Co. The alert, identified as ICSA-26-041-02, focuses on the ZLAN5143D serial-to-Ethernet device server, a component widely utilized to bridge legacy serial devices with modern network infrastructure. These vulnerabilities pose…
-
Ring’s Search Party ‘Dystopia’ Debate Claude Zero-Click RCE Vulnerability
In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring’s new AI-powered ‘Search Party’ feature and its controversial Super Bowl ad that sparked privacy concerns. We then transition to a breaking story about a zero-click remote code execution flaw in the Claude Desktop, highlighting the potential risks of……
-
Attackers Exploit Critical BeyondTrust Flaw to Seize Full Active Directory Control
Tags: access, control, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityA critical vulnerability, CVE-2026-1731, affecting self-hosted BeyondTrust Remote Support and Privileged Remote Access deployments. This security flaw allows unauthenticated attackers to inject operating system commands, effectively granting them remote code execution capabilities. The severity of this campaign has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities…
-
Security Affairs newsletter Round 563 by Pierluigi Paganini INTERNATIONAL EDITION
Tags: attack, breach, cisa, data, data-breach, email, fintech, flaw, international, phishing, WeeklyReviewA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attack U.S. CISA adds a flaw in…
-
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…
-
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…
-
Indian pharmacy chain giant exposed customer data and internal systems
A backend flaw in web admin dashboards used by one of India’s largest pharmacy chains, exposed thousands of online pharmacy orders. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/13/indias-major-pharmacy-chain-exposed-customer-data-and-internal-systems/
-
Researchers unearth 30-year-old vulnerability in libpng library
Tags: advisory, ai, cvss, exploit, flaw, network, open-source, ransomware, software, threat, tool, update, vulnerability, zero-daypng_set_quantize, which is used for reducing the number of colors in PNG images, and present in all versions of libpng prior to version 1.6.55.”When the function is called with no histogram and the number of colours in the palette is more than twice the maximum supported by the user’s display, certain palettes will cause the…
-
Critical flaw in BeyondTrust Remote Support sees early signs of exploitation
The vulnerability is a variant of a CVE linked to the 2024 hack of the U.S. Treasury Department, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-flaw-beyondtrust-remote-support-early-exploitation/812215/
-
Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support…
-
CISA flags critical Microsoft SCCM flaw as exploited in attacks
CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-microsoft-configmgr-rce-flaw-as-exploited-in-attacks/
-
CVE-2025-64712 in Unstructured.io Puts Amazon, Google, and Tech Giants at Risk of Remote Code Execution
A newly disclosed critical flaw, CVE-2025-64712 (CVSS 9.8), in Unstructured.io’s “unstructured” ETL library could let attackers perform arbitrary file writes and potentially achieve remote code execution (RCE) on systems that process untrusted documents. Unstructured is widely used to convert messy business files into AI-ready text and embeddings, and the vendor’s ecosystem footprint is often cited as spanning…
-
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/13/beyondtrust-cve-2026-1731-poc-exploit-activity/
-
Researchers Observe InWild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr.”Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. “Attackers are abusing First…
-
U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…
-
CISA Alerts Users to Notepad++ Flaw Allowing Code Execution
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the popular Notepad++ text editor to its Known Exploited Vulnerabilities catalog, warning users of a flaw that could allow attackers to execute malicious code on affected systems. Tracked as CVE-2025-15556, the vulnerability affects Notepad++’s WinGUp updater component and stems from downloading code without…
-
CISA Issues Urgent Warning on Microsoft Configuration Manager SQL Injection Vulnerability Under Active Exploitation
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, risk, sql, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection vulnerability in Microsoft Configuration Manager to its Known Exploited Vulnerabilities (KEV) catalogue. The threat actors are actively exploiting the flaw in the wild. The addition signals immediate risk to organisations using the enterprise management platform. SQL Injection Enables Command Execution Tracked as…
-
next-mdx-remote Vulnerability Allows Arbitrary Code Execution in React SSR
A security vulnerability has been discovered in next-mdx-remote, a popular TypeScript library used for rendering MDX content in React applications. The flaw, tracked as CVE-2026-0969 and identified by researchers at Sejong University, enables attackers to execute arbitrary code on servers when untrusted MDX content is processed. The vulnerability affects the serialize function in next-mdx-remote versions…
-
Zimbra Issues Security Update to Address XSS, XXE, and LDAP Injection Flaws
Zimbra has officially released a critical security update, version 10.1.16, addressing multiple high-severity vulnerabilities that could compromise email infrastructure and user data. The company has classified this patch with a >>High<< security severity rating, urging administrators to prioritize the upgrade to mitigate risks associated with web-based attacks. The update primarily focuses on closing gaps related…
-
BeyondTrust RCE Vulnerability Under Active Exploitation Urgent Patch Released
BeyondTrust has urgently released security updates to address a critical remote code execution (RCE) vulnerability affecting its widely used Remote Support (RS) and Privileged Remote Access (PRA) products. Designated as CVE-2026-1731, this severe flaw carries a near-maximum CVSS v4 score of 9.9. The vulnerability creates a dangerous opening for unauthenticated remote attackers to execute arbitrary…
-
Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching
Apple urges users to update after patching CVE-2026-20700, a zero-day flaw exploited in sophisticated targeted attacks across multiple devices. The post Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-zero-day-cve-update-february-2026/
-
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
Tags: access, attack, authentication, exploit, flaw, rce, remote-code-execution, update, vulnerabilityA critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-beyondtrust-rce-flaw-now-exploited-in-attacks-patch-now/
-
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could…
-
SmarterMail facing widespread attacks targeting critical flaws
The business email and collaboration software is being exploited for potential ransomware. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/smartermail-attacks-critical-flaws-ransomware/812091/
-
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-plugin-with-900k-installs-vulnerable-to-critical-rce-flaw/
-
Apple Patches Actively Exploited Zero-Day Flaw
Apple patched an exploited zero-day enabling code execution and urges immediate updates. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apple-patches-actively-exploited-zero-day-flaw/
-
Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report
Tags: access, ai, api, attack, automation, business, cloud, container, cyber, cybersecurity, data, exploit, finance, flaw, gartner, governance, identity, intelligence, iot, leak, network, risk, service, technology, threat, tool, update, vulnerability“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.” Key Takeaways from Tenable: This is the latest among a recent string of recognitions Tenable…
-
Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware
Flaw abused ‘in an extremely sophisticated attack against specific targeted individuals’ First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/apple_ios_263/
-
Apple patches zero-day flaw that could let attackers take control of devices
Apple issued security updates for all devices which include a patch for an actively exploited zero-day”, tracked as CVE-2026-20700. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/apple-patches-zero-day-flaw-that-could-let-attackers-take-control-of-devices/