Tag: vulnerability
-
CISA listet zwei aktiv ausgenutzte Schwachstellen – Langflow und Apex One: Aktive Exploits, neu im KEV-Katalog
First seen on security-insider.de Jump to article: www.security-insider.de/cisa-kev-langflow-apex-one-aktive-exploits-schadcode-a-88563eb0a1c2fd78349082393699cb39/
-
Check Point VPN Flaw Exploited Since Early May
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/check-point-vpn-flaw-exploited-early-may
-
AI Exploit Risks Pushing Healthcare Security Shift
MultiCare Health CISO Jason Elrod on Need for Faster Cyber Resilience. Emerging AI tools can identify and exploit software vulnerabilities within minutes, forcing healthcare organizations to rethink cyber strategies. Jason Elrod, CISO of MultiCare Health System, explains why exploitability management, microsegmentation and AI-driven resilience matter more than ever. First seen on govinfosecurity.com Jump to article:…
-
Critical UniFi OS bug lets hackers gain root without authentication
Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-unifi-os-bug-lets-hackers-gain-root-without-authentication/
-
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to…
-
Check Point Firewalls und Spark Firewalls betroffen – Check Point warnt vor aktiv ausgenutzter VPN-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/check-point-aktiv-ausgenutzte-vpn-schwachstelle-cve-2026-50751-ikev1-hotfix-a-6d868821bf399b6b37e35a8c867a6f18/
-
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/check-point-cve-2026-50751-qilin-ransomware/
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs
Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version 149.0.7827.53/54, is being rolled out gradually and includes fixes across multiple components, including ANGLE, GPU,…
-
Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs
Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version 149.0.7827.53/54, is being rolled out gradually and includes fixes across multiple components, including ANGLE, GPU,…
-
Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/cisa-patch-actively-exploited-solarwinds-serv-u-dos-vulnerability-cve-2026-28318/
-
Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers
A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) through a complex use-after-free (UAF) condition in the replication subsystem. Discovered by security researcher Yoni Sherez during the ZeroDay. In the Cloud 2025 competition, the flaw demonstrates how Redis’s internal Lua execution model and replication logic…
-
Instagram Patches Account Recovery Flaw Leaking User Contact Information
A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phone numbers, before Meta rapidly patched it on June 6, 2026. The vulnerability, which affected the platform’s password reset interface, allowed any unauthenticated user to initiate a standard recovery request for a target username and…
-
Infosecurity Europe: How DSIT Protects Thousands of UK Orgs from Cyber Vulnerabilities
The Department of Science, Innovation and Technology details how a combination of hands-on human advice and technology systems keeps government agencies safe First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosecurity-europe-dsit-cyber/
-
Critical UniFi OS RCE Chain Grants Root Access Without Credentials
Tags: access, advisory, authentication, credentials, cyber, flaw, injection, rce, remote-code-execution, update, vulnerabilitySecurity Advisory Bulletin 064 describing a critical chain of vulnerabilities in UniFi OS Server that allows unauthenticated remote code execution and full root takeover. The issue combines an authentication-gateway bypass, a path-traversal mismatch, and a command-injection sink in the package-update service. When chained, these flaws let an attacker send a single crafted HTTP request to…
-
Security Affairs newsletter Round 580 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog Report: Anthropic Deploys Engineers…
-
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Serv-U flaw, tracked as CVE-2026-28318 (CVSS ver 3.1 score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. SolarWinds Serv-U is a managed file transfer (MFT) and secure file…
-
OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks
Even with Lockdown Mode, ChatGPT could be still vulnerable to prompt injections, but the goal is to reduce the likelihood that sensitive data gets shared in the process. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/06/openai-unveils-lockdown-mode-to-protect-sensitive-data-from-prompt-injection-attacks/
-
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/
-
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE
Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with root privileges. Disclosed on May 21, 2026, via Security Advisory Bulletin 064 (SAB-064), the flaws are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. Each vulnerability carries a maximum CVSS 3.1 severity score…
-
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, risk, service, threat, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-28318, this flaw allows unauthenticated threat actors to remotely crash the file transfer service. With active exploitation observed in the wild, this development signals a severe risk to enterprise…
-
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
Tags: cisa, cve, cybersecurity, dos, exploit, flaw, infrastructure, kev, service, software, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash First seen on thehackernews.com…
-
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins. On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He…
-
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins. On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He…
-
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent.The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a…
-
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited No Patch Available
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation.The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types – On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP)”A…
-
Underground forum tutorial simplifies vulnerability exploitation for novice hackers
First seen on scworld.com Jump to article: www.scworld.com/brief/underground-forum-tutorial-simplifies-vulnerability-exploitation-for-novice-hackers