Tag: flaw
-
Flickr Notifies Users of Data Breach After External Partner Security Flaw
Flickr says a third-party email vendor flaw may have exposed user names, emails, IP data, and activity logs,… First seen on hackread.com Jump to article: hackread.com/flickr-data-breach-external-partner-security-flaw/
-
U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Attackers are…
-
F5 Releases Urgent Security Fixes for Critical Vulnerabilities in BIG”‘IP and NGINX
F5 released its Quarterly Security Notification, addressing multiple security flaws across its product ecosystem. While F5 classifies the primary vulnerabilities as >>Medium<< severity under their internal policy, the updated CVSS v4.0 scoring system assigns them a score of 8.2, indicating a high risk to enterprise environments. The advisory highlights three specific CVEs impacting BIG-IP Advanced WAF,…
-
CISA Alerts Exploited React Native Community Security Flaw
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, injection, kev, risk, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the React Native Community CLI to its Known Exploited Vulnerabilities (KEV) catalog. Identified as CVE-2025-11953, this vulnerability is an Operating System (OS) command injection flaw that poses severe risks to development environments, particularly those running on Windows infrastructures. The addition to the KEV…
-
CentOS 9 Security Flaw Enables Privilege Escalation PoC Released
A critical security flaw has been identified in CentOS 9 that allows a local user to escalate their privileges to root. The vulnerability, which stems from a Use-After-Free (UAF) condition in the Linux kernel’s networking subsystem, was awarded first place in the Linux category at the TyphoonPWN 2025 hacking competition. A Proof-of-Concept (PoC) exploit has…
-
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF.Claude Opus 4.6, which was launched on Thursday, comes with improved coding skills, including code review and debugging capabilities, along First seen…
-
CISA Advisory Highlights Exploited SmarterTools Vulnerability in Recent Ransomware Attacks
Tags: advisory, attack, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, ransomware, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting SmarterTools SmarterMail to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-24423, this flaw is actively being weaponized in the wild, with security researchers confirming its use in recent ransomware campaigns. This addition mandates that Federal Civilian Executive Branch (FCEB) agencies remediate the…
-
CISA Advisory Highlights Exploited SmarterTools Vulnerability in Recent Ransomware Attacks
Tags: advisory, attack, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, ransomware, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting SmarterTools SmarterMail to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-24423, this flaw is actively being weaponized in the wild, with security researchers confirming its use in recent ransomware campaigns. This addition mandates that Federal Civilian Executive Branch (FCEB) agencies remediate the…
-
Breach Roundup: Italy Thwarts Russian Olympic Hacks
Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, Ukraine. This week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia’s APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace. First seen…
-
Chrome Vulnerabilities Allow Code Execution, Browser Crashes
Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites. The post Chrome Vulnerabilities Allow Code Execution, Browser Crashes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-security-update-february-2026/
-
Critical flaw in SolarWinds Web Help Desk under exploitation
The vulnerability could allow an attacker to achieve remote code execution.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-flaw-solarwinds-web-help-desk-exploitation/811487/
-
CISA confirms exploitation of VMware ESXi flaw by ransomware attackers
CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/cisa-cve-2025-22225-ransomware-exploitation/
-
n8n Flaw Puts Hundreds of Thousands of Enterprise AI Systems at Risk
A n8n sandbox escape flaw could allow any authenticated user to take over enterprise AI workflows at massive scale. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/n8n-flaw-puts-hundreds-of-thousands-of-enterprise-ai-systems-at-risk/
-
Malicious Commands in GitHub Codespaces Enable RCE
Flaws in GitHub Codespaces allow RCE via crafted repositories or pull requests First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-commands-in-github/
-
n8n Vulnerability Allows Remote Attackers to Hijack Systems via Malicious Workflow Execution
n8n has released urgent security updates to address a critical vulnerability that exposes host systems to Remote Code Execution (RCE). Tracked as CVE-2026-25049, this flaw allows authenticated attackers to escape the expression evaluation sandbox and execute arbitrary system commands, potentially leading to a complete compromise of the underlying infrastructure. This disclosure comes shortly after the remediation…
-
Attackers exploit decade”‘old Windows driver flaw to shut down modern EDR defenses
The kill list excluded Huntress: The EDR killer binary used in the Huntress-observed attack packed a 64-bit Windows executable and a custom encoded kernel driver payload, which it decoded into OemHwUpd.sys and installed as a kernel-mode service. Because Windows still honors its cryptographic signature, the attackers were able to load the driver.Once the vulnerable driver…
-
n8n security woes roll on as new critical flaws bypass December fix
Patch meant to close a severe expression bug fails to stop attackers with workflow access First seen on theregister.com Jump to article: www.theregister.com/2026/02/05/n8n_security_woes_roll_on/
-
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands.The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect…
-
WatchGuard VPN Client Flaw on Windows Enables SYSTEM”‘Level Command Execution
WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands with the highest available privileges on a compromised machine. The vulnerability is tracked as NCPVE-2025-0626 (WatchGuard Advisory…
-
Cisco Warns of Meeting Management Flaw Enabling Arbitrary File Upload by Remote Attackers
Cisco has released a security advisory detailing a high-severity vulnerability in Cisco Meeting Management (CMM). The flaw, caused by improper input validation, allows authenticated remote attackers to upload arbitrary files and potentially execute commands with root privileges. The vulnerability is located within the Certificate Management feature of the CMM web-based management interface. It has been assigned a CVSS…
-
CISA Confirms VMware ESXi 0-Day Vulnerability Exploited in Ransomware Operations
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, ransomware, vmware, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting VMware ESXi to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-22225, this zero-day flaw allows attackers to escape security sandboxes. It is currently being leveraged in active ransomware operations. Technical Analysis of CVE-2025-22225 The vulnerability is classified as an arbitrary write memory…
-
10 Days to Exploit: Amaranth-Dragon Weaponizes WinRAR Flaw to Spy on SE Asia
The post 10 Days to Exploit: Amaranth-Dragon Weaponizes WinRAR Flaw to Spy on SE Asia appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/10-days-to-exploit-amaranth-dragon-weaponizes-winrar-flaw-to-spy-on-se-asia/
-
SolarWinds RCE bug makes Cisa list as exploitation spreads
Exploitation of CVE-2025-40551, an RCE flaw affecting SolarWinds Web Help Desk, appears to be spreading, and defenders are on high alert. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638837/SolarWinds-RCE-bug-makes-Cisa-list-as-exploitation-spreads
-
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
Tags: attack, cve, cybersecurity, exploit, flaw, group, infrastructure, ransomware, vmware, vulnerabilityRansomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirms that ransomware gangs are exploiting the VMware ESXi sandbox escape flaw CVE-2025-22225. The vulnerability is an arbitrary write issue in VMware ESXi. An attackers with privileges within the VMX process may trigger an arbitrary…
-
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/
-
Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes
An ingress-nginx flaw could allow code execution and access to Kubernetes Secrets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ingress-nginx-vulnerability-enables-code-execution-in-kubernetes/
-
Chrome Vulnerabilities Allow Code Execution and Browser Crashes
Google has patched two high-severity Chrome flaws that could allow code execution or browser crashes. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-vulnerabilities-allow-code-execution-and-browser-crashes/
-
VMware ESXi flaw now exploited in ransomware attacks
CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/