Tag: flaw
-
Hikvision Wireless AP Flaw Could Let Attackers Run Arbitrary Commands
Hikvision has disclosed a high-severity command execution vulnerability affecting multiple wireless access point models, potentially allowing authenticated attackers to execute arbitrary commands on affected devices. The company released an advisory on January 30, 2026, detailing the security flaw and urging customers to apply patches immediately. Vulnerability Details The vulnerability, tracked as CVE-2026-0709, stems from insufficient input…
-
Critical Flaws in KiloView Devices Enable Complete Admin Takeover
The Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a critical vulnerability affecting multiple versions of KiloView Encoder Series devices, warning that unauthenticated attackers could gain full administrative access. Issued under alert code ICSA-26-029-01 on January 29, 2026, the flaw carries a severe CVSS v3 score of 9.8, indicating extreme risk to affected infrastructure. The…
-
Critical vLLM Flaw Exposes Millions of AI Servers to Remote Code Execution
A newly disclosed security flaw has placed millions of AI servers at risk after researchers identified a critical vulnerability in vLLM, a widely deployed Python package for serving large language models. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-22778-vllm-rce-malicious-video-link/
-
Fancy Bear Returns: APT28 Exploits Office Flaw in >>Operation Neusploit<<
The post Fancy Bear Returns: APT28 Exploits Office Flaw in >>Operation Neusploit<< appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/fancy-bear-returns-apt28-exploits-office-flaw-in-operation-neusploit/
-
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link.The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token…
-
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 CVE-2026-1340) in its EPMM software. First seen on hackread.com Jump to article: hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/
-
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 CVE-2026-1340) in its EPMM software. First seen on hackread.com Jump to article: hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/
-
Notepad++ hijacked by suspected state-sponsored hackers
In a security update posted on the project’s website, the development team said the attack did not exploit a flaw in the editor’s source code itself. Instead, the compromise occurred at the infrastructure level, involving systems used to deliver software updates. First seen on therecord.media Jump to article: therecord.media/popular-text-editor-hijacked-by-suspected-state-sponsored-hackers
-
Iconics SCADA Vulnerability Can Render Systems Unbootable
Palo Alto Networks researchers identified an Iconics SCADA flaw that can render industrial systems unbootable. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iconics-scada-vulnerability-can-render-systems-unbootable/
-
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-bear-exploits-office-flaw/
-
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. >>According to the…
-
Flaw in Broadcom Wi-Fi Chipsets Illuminates Importance of Wireless Dependability and Business Continuity
A “scary” vulnerability in Broadcom Wi-Fi chipsets could lead to long-term instability and affect how an organization operates. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/flaw-in-broadcom-wi-fi-chipsets-illuminates-importance-of-wireless-dependability-and-business-continuity/
-
1-Click Flaw in ClawDBot Allows Remote Code Execution
A high-severity authentication bypass vulnerability has been discovered in ClawDBot, a popular npm package, enabling attackers to achieve remote code execution through a single malicious link. The flaw stems from the insufficient validation of the gateway URL parameter, combined with automatic connection behaviour that exposes authentication tokens to unauthorised actors. Vulnerability Overview The vulnerability, identified…
-
Researchers Uncover Moltbook AI Flaw Exposing API Keys and Login Credentials
A critical vulnerability in Moltbook, the AI agent social network launched in late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for registered entities. The flaw impacts the platform’s claimed 1.5 million users, though security researchers revealed the inflated user count stems from unchecked bot registrations rather than…
-
When responsible disclosure becomes unpaid labor
Tags: ai, bug-bounty, ciso, cloud, compliance, control, credentials, cve, cvss, cybersecurity, data, email, exploit, finance, flaw, governance, healthcare, incident response, infrastructure, jobs, open-source, ransom, risk, security-incident, service, software, threat, tool, update, vulnerability, warfaresupposed to function and how it increasingly does in practice. Enter the gray zone of ethical disclosure: The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.Silent treatment and severity…
-
Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: When open science meets real-world cybersecurity In this Help Net Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/01/week-in-review-microsoft-fixes-exploited-office-zero-day-fortinet-patches-forticloud-sso-flaw/
-
SCADA Flaw Enables DoS Condition, Impacting Availability of Affected Systems
A vulnerability affecting the Mitsubishi Electric Iconics Suite, a widely deployed supervisory control and data acquisition (SCADA) system used across industrial sectors, including automotive, energy, and manufacturing. The flaw, tracked as CVE-2025-0921, carries a CVSS score of 6.5 (Medium severity) and enables attackers to trigger denial-of-service (DoS) conditions on affected systems, compromising operational availability. Vulnerability…
-
Ivanti Fixes Actively Exploited RCE Flaws in Endpoint Manager Mobile
Ivanti patched actively exploited EPMM flaws that enable unauthenticated remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ivanti-fixes-actively-exploited-rce-flaws-in-endpoint-manager-mobile/
-
Nvidia GPU Driver Flaws Enable Privilege Escalation Across Platforms
Nvidia patched GPU driver flaws that enable privilege escalation across platforms. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/nvidia-gpu-driver-flaws-enable-privilege-escalation-across-platforms/
-
New Wireshark 4.6.3 Release Patches Dissector, Parser Stability Issues
The Wireshark Foundation released Wireshark version 4.6.3 on January 14, 2026, addressing four critical security vulnerabilities and multiple stability issues affecting the popular network protocol analysis tool. The maintenance update targets crashes and infinite loop conditions that could impact analysis workflows and system stability. Security Vulnerabilities Resolved The release patches four distinct security flaws identified…
-
Ivanti Endpoint Manager Vulnerability Allows Remote Code Execution,
Ivanti has disclosed two critical vulnerabilities affecting Endpoint Manager Mobile (EPMM) that could allow attackers to achieve unauthenticated remote code execution. The flaws, tracked as CVE-2026-1281 and CVE-2026-1340, both stem from code injection issues and carry a maximum CVSS severity score of 9.8, indicating critical risk to affected deployments. Vulnerability Overview Both vulnerabilities enable attackers…
-
Why API Security Is No Longer an AppSec Problem And What Security Leaders Must Do Instead
APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit logic flaws, authorization gaps, and automated attacks in production. As Tim […]…
-
SmarterTools patches critical SmarterMail flaw allowing code execution
SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3) that could let attackers run malicious code on affected systems. >>SmarterTools SmarterMail versions prior to build 9511 contain…
-
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, injection, ivanti, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a code injection that impacts Ivanti Endpoint Manager…
-
Comcast to Pay $117M in Security Breach Settlement
The breach was linked to a vulnerability known as “CitrixBleed,” a flaw affecting Citrix NetScaler Application Delivery Controller and Gateway appliances. The post Comcast to Pay $117M in Security Breach Settlement appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-comcast-security-breach-settlement/
-
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution.The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0.”SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API First seen…
-
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Tags: attack, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, rce, remote-code-execution, update, vulnerability, zero-dayIvanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.The critical-severity vulnerabilities are listed below -CVE-2026-1281 (CVSS score: First…
-
Ivanti warns of two EPMM flaws exploited in zero-day attacks
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
-
More Critical Flaws on n8n Could Compromise Customer Security
A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-flaws-n8n-compromise-customer-security
-
Breach Roundup: Android RAT Hides Behind Hugging Face
Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads Guilty. This week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach. First seen on govinfosecurity.com Jump to article:…