Tag: flaw
-
Trend Micro fixes two critical flaws in Apex One
Trend Micro fixed two critical Apex One flaws enabling remote code execution on vulnerable Windows systems and urged immediate updates. Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the…
-
ServiceNow AI Platform Vulnerability Enables Unauthenticated RCE
ServiceNow patched a critical AI Platform flaw that could enable unauthenticated remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/servicenow-ai-platform-vulnerability-enables-unauthenticated-rce/
-
Malicious Repo Files Could Hijack Claude Code Sessions
Flaws Let Attackers Run Commands and Steal API Keys Before Trust Prompt. Check Point research found three critical flaws in Anthropic’s Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities. First seen on…
-
Trend Micro warns of critical Apex One code execution flaws
Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trend-micro-warns-of-critical-apex-one-rce-vulnerabilities/
-
Critical Juniper Networks PTX flaw allows full router takeover
A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update.Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder.Here is a quick look at the signals worth paying attention…
-
Report Finds Just 1% of Security Flaws Drive Most Cyberattacks in 2025
New VulnCheck research reveals that while thousands of CVEs are discovered yearly, only 1% drive real-world impact. First seen on hackread.com Jump to article: hackread.com/1-security-flaws-drive-cyberattacks-2025-report/
-
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending…
-
Zyxel Vulnerabilities Allow Remote Attackers to Execute Commands via Command Injection
Zyxel has rolled out critical security patches for multiple vulnerabilities affecting its 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders. The flaws range from null pointer dereferences causing Denial-of-Service (DoS) to severe command injections allowing remote attackers to execute system commands. CVE ID Severity Vulnerability Type Attack Vector Impact CVE-2025-13942…
-
ServiceNow AI Platform Vulnerability Allows Remote Code Execution
ServiceNow has disclosed a critical security vulnerability in its AI Platform that could allow unauthenticated attackers to remotely execute code within the ServiceNow Sandbox environment. Tracked as CVE-2026-0542, the flaw was formally published on February 25, 2026, under security advisory KB2693566. Overview of the Vulnerability The vulnerability exists within the ServiceNow AI Platform and can be exploited…
-
Wireshark 4.6.4 resolves dissector flaws, plugin compatibility issue
Packet inspection remains a routine activity across enterprise networks, incident response workflows, and malware investigations. Continuous use places long-term stability and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/wireshark-4-6-4-released/
-
New PoC for Windows Exploit Lets Low-Privileged Users Crash Systems with BSOD
Security researchers have released a new Proof of Concept (PoC) for a vulnerability in the Windows Common Log File System (CLFS) driver. The flaw, identified as CVE-2026-2636, allows low-privileged users to force a system into a Blue Screen of Death (BSoD), effectively causing a Denial of Service. Vulnerability Mechanism The discovery occurred while a researcher…
-
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain First…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Claude collaboration tools left the door wide open to remote code execution
Anthropic fixed the flaws – but the AI-enabled attack surfaces remain First seen on theregister.com Jump to article: www.theregister.com/2026/02/26/clade_code_cves/
-
Untrusted repositories turn Claude code into an attack vector
Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthropic’s Claude Code AI coding assistant that could lead to remote code execution and API key theft. The vulnerabilities abuse features such as Hooks, MCP servers, and…
-
Marquis Sues SonicWall Over 2025 Firewall Data Breach
Tags: attack, authentication, backup, breach, cloud, credentials, data, data-breach, firewall, flaw, ransomware, softwareLawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis. Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits. First seen…
-
Flaws in Claude Code Put Developers’ Machines at Risk
The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/flaws-claude-code-developer-machines-risk
-
Critical Zyxel router flaw exposed devices to remote attacks
Tags: attack, cve, data-breach, flaw, injection, remote-code-execution, router, vulnerability, zyxelZyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a critical remote code execution vulnerability, tracked as CVE-2025-13942 (CVSS score of 9.8), affecting more than a dozen router models. A command injection flaw in the UPnP feature of several Zyxel CPEs, Fiber ONTs, and…
-
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Tags: access, advisory, attack, authentication, cisa, cisco, cve, cyber, cybersecurity, exploit, flaw, government, infrastructure, intelligence, mitigation, network, risk, software, threat, update, vulnerability, zero-dayExploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks. Key takeaways: CVE-2026-20127 is an Authentication Bypass Vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. Patches have been released and no workarounds are currently available. Exploitation in the…
-
Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning of a “cyber threat actor’s ongoing exploitation of Cisco SD-WAN systems,” describing the activity as presenting a significant risk to federal civilian executive branch networks. First seen on therecord.media Jump to article: therecord.media/five-eyes-warn-hackers-exploit-cisco-sd-wan
-
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Tags: ai, api, cybersecurity, exploit, flaw, intelligence, remote-code-execution, theft, vulnerabilityCybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials.”The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables executing First seen on thehackernews.com Jump to article: thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
-
Software vulnerabilities are being weaponized faster than ever
A report by VulnCheck shows threat groups are exploiting a small percentage of critical flaws well before security teams can mitigate. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/software-vulnerabilities-are-being-weaponized-faster-than-ever/813096/
-
44% Surge in App Exploits as AI Speeds Up Cyber-Attacks, IBM Finds
IBM’s 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/app-exploits-surge-ai-speeds/
-
Zyxel warns of critical RCE flaw affecting over a dozen routers
Taiwan networking provider Zyxel has released security updates to address a critical vulnerability affecting over a dozen router models that can allow unauthenticated attackers to gain remote command execution on unpatched devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-rce-flaw-affecting-over-a-dozen-routers/