Tag: flaw
-
Global DNS Crash Triggers Reboot Loops Across Cisco Small Business Switches
A DNS Crash disrupted networks around the world on January 8, 2026, after a flaw in the DNS client service caused multiple Cisco Small Business Switches to reboot repeatedly and, in some cases, completely core dump. The outage affected organizations of all sizes, from small IT teams managing a handful of switches to administrators responsible…
-
Global DNS Crash Triggers Reboot Loops Across Cisco Small Business Switches
A DNS Crash disrupted networks around the world on January 8, 2026, after a flaw in the DNS client service caused multiple Cisco Small Business Switches to reboot repeatedly and, in some cases, completely core dump. The outage affected organizations of all sizes, from small IT teams managing a handful of switches to administrators responsible…
-
Maximum Severity HPE OneView Flaw Exploited in the Wild
Exploitation of CVE-2025-37164 can enable remote code execution on HPE’s IT infrastructure management platform, leading to devastating consequences. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/maximum-severity-hpe-oneview-flaw-exploited
-
Breach Roundup: Firewalls Headed for Obsolesce
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
Cisco ISE Flaw Lets Admins Access Restricted System Files
A Cisco ISE flaw lets authenticated admins access restricted system files, risking sensitive data exposure. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-ise-flaw-lets-admins-access-restricted-system-files/
-
Cisco Snort 3 Security Flaws Threaten Network Inspection
Cisco Snort 3 flaws allow unauthenticated attacks that disrupt inspection or leak sensitive data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-snort-3-security-flaws-threaten-network-inspection/
-
CISA flags actively exploited Office relic alongside fresh HPE flaw
Max-severity OneView hole joins a PowerPoint bug that should’ve been retired years ago First seen on theregister.com Jump to article: www.theregister.com/2026/01/08/cisa_oneview_powerpoint_bugs/
-
Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)
An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/hpe-oneview-cve-2025-37164-exploited/
-
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.Read on to catch up before the next wave hits. Honeypot…
-
Maximum-severity n8n flaw lets randos run your automation server
Unauthenticated RCE means anyone on the network can seize full control First seen on theregister.com Jump to article: www.theregister.com/2026/01/08/n8n_rce_bug/
-
U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, office, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2009-0556 is a memory corruption flaw…
-
PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)
Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/trend-micro-apex-central-cve-2025-69258-rce-poc/
-
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit.The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to First seen…
-
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.The list of vulnerabilities is as follows -CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated First seen on thehackernews.com Jump to…
-
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.The list of vulnerabilities is as follows -CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated First seen on thehackernews.com Jump to…
-
Cisco warns of Identity Service Engine flaw with exploit code
Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-identity-service-engine-flaw-with-exploit-code/
-
Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering
Linux laptop users are being urged to update after a flaw in a popular battery optimisation tool was found to allow authentication bypass and system tampering. The vulnerability affects the TLP power profiles daemon introduced in version 1.9.0, which exposes aD-Bus APIfor managing power profiles with root privileges. How the flaw works TLP’s profiles daemon runs as…
-
CISA tags max severity HPE OneView flaw as actively exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-max-severity-hpe-oneview-flaw-as-actively-exploited/
-
GitLab Patches Multiple Flaws Allowing Arbitrary Code Execution
Linux administrators are being urged to update promptly after disclosures of multiple vulnerabilities in GitLab, including flaws that could enablecross-site scripting, authorization bypass, and denial of service inselfmanagedinstances. The latest patch releases, GitLab 18.7.1, 18.6.3, and 18.5.5, address these security issues alongside several bug fixes and dependency updates, and are already deployed on GitLab.com. GitLab…
-
New n8n Vulnerability (CVE-2026-21858) Allows Unauthenticated File Access and RCE
Cybersecurity researchers have disclosed a new critical flaw in the popular workflow automation platform n8n that could allow unauthenticated attackers to fully compromise vulnerable systems. The issue, tracked as CVE-2026-21858 and assigned a maximum CVSS score of 10.0, is being described as one of the most severe n8n vulnerabilities reported to date. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-21858-n8n-webhook-vulnerability/
-
CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, office, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerabilities are listed below -CVE-2009-0556 (CVSS score: 8.8) – A code injection vulnerability in Microsoft Office First seen on thehackernews.com…
-
A Single Browser Flaw, Millions at Risk: What the Chrome WebView Vulnerability Teaches Us About Exposure Windows
Tags: android, application-security, browser, chrome, cybersecurity, flaw, google, malicious, risk, update, vulnerability, windowsA recent security update reveals that Google patched a high-severity Chrome WebView vulnerability that could allow attackers to bypass application security restrictions and execute malicious content within Android and enterprise applications, according to Cybersecurity News. Because Chrome WebView is embedded inside countless applications, the flaw expanded risk far beyond traditional browser usage. Many organizations were…
-
NDSS 2025 A Multifaceted Study On The Use of TLS And Auto-detect In Email Ecosystems
Session 8A: Email Security Authors, Creators & Presenters: Ka Fun Tang (The Chinese University of Hong Kong), Che Wei Tu (The Chinese University of Hong Kong), Sui Ling Angela Mak (The Chinese University of Hong Kong), Sze Yiu Chau (The Chinese University of Hong Kong) PAPER A Multifaceted Study on the Use of TLS and…
-
Ni8mare flaw gives unauthenticated control of n8n instances
A critical n8n flaw (CVE-2026-21858, CVSS 10.0), dubbed Ni8mare, allows unauthenticated attackers to fully take over vulnerable instances. Researchers uncovered a maximum severity n8n vulnerability, tracked as CVE-2026-21858 (CVSS score of 10.0). The flaw, dubbed Ni8mare by Cyera researchers who discovered the vulnerability, lets unauthenticated attackers fully compromise affected instances. n8n is a workflow automation…
-
Critical jsPDF flaw lets hackers steal secrets via generated PDFs
The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-generated-pdfs/
-
Attackers Exploit Zero-Day in End-of-Life D-Link Routers
Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-exploit-zero-day-end-of-life-d-link-routers
-
TOTOLINK EX200 Extender Flaw Allows Attackers Full System Access
A critical security flaw has been discovered in the TOTOLINK EX200 Wi-Fi extender that allows attackers to gain complete control over the device. The vulnerability involves a logic error in how the device handles failedfirmwareupdates, inadvertently opening a backdoor with the highest possible privileges. Because the TOTOLINK EX200 is officially End-of-Life (EoL), the vendor has…
-
Critical RCE flaw allows full takeover of n8n AI workflow platform
Tags: ai, api, attack, authentication, cloud, credentials, data, email, exploit, flaw, leak, LLM, password, rce, remote-code-execution, threat, vulnerabilityformWebhook function used by n8n Form nodes to receive data doesn’t validate whether the Content-Type field of the POST request submitted by the user is set to multipart/form-data.Imagine a very common use case in which n8n has been used to build a chat interface that allows users to upload files to the system, for example,…