Tag: vulnerability
-
Claude-Mythos und die Konsequenzen für die Softwaresicherheit
Thales warnt schon seit langem vor diesem Wandel: KI senkt die Hürden für das Aufspüren und Ausnutzen von Software-Schwachstellen drastisch und beschleunigt diesen Prozess in einem Ausmaß, mit dem Menschen einfach nicht mithalten können. Die Konsequenz ist klar: Unternehmen müssen nun davon ausgehen, dass ihre Software und Anwendungen kontinuierlich von feindlicher KI analysiert, zerlegt und…
-
Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, Microsoft .NET Framework, Widely used products such as Azure, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by……
-
Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication
Tags: access, authentication, cctv, cyber, cybersecurity, flaw, infrastructure, technology, vulnerabilityA critical security vulnerability has been identified in Hangzhou Xiongmai Technology’s XM530 IP Cameras, putting countless commercial facilities at risk. This severe flaw allows remote attackers to bypass authentication protocols and access sensitive device information easily. The Cybersecurity and Infrastructure Security Agency (CISA) published an official alert regarding the issue on April 23, 2026. Critical…
-
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure.The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data.”A server-side…
-
Python Vulnerability Enables OutBounds Write on Windows
A high-severity security vulnerability has been discovered in Python’s asyncio module on Windows, potentially allowing attackers to write data beyond the boundaries of an allocated memory buffer. The flaw, tracked as CVE-2026-3298, was publicly disclosed on April 21, 2026, by Python security developer Seth Larson via the official Python security announcement mailing list. The vulnerability exists in the sock_recvfrom_into() method…
-
Hackers Exploit Ollama Model Uploads to Leak Server Data
Cybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows an unauthenticated attacker to steal sensitive server data by simply uploading a maliciously crafted AI model file. How…
-
Hackers Exploit Ollama Model Uploads to Leak Server Data
Cybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows an unauthenticated attacker to steal sensitive server data by simply uploading a maliciously crafted AI model file. How…
-
Hackers Track 900+ React2Shell Exploits via Telegram Bots
Hackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied to the Bissa scanner platform, used for multi-victim exploitation, staging, and validation rather than simple data dumping. Logs and project artifacts show…
-
Warum Unternehmen jetzt ein ganzheitliches Exposure Management brauchen Der Allgefahrenansatz der NIS2
Mit der Verabschiedung des NIS2-Umsetzungsgesetzes durch den Bundestag stärkt der Gesetzgeber nicht nur die Resilienz kritischer Sektoren, sondern verankert gleichzeitig den sogenannten Allgefahrenansatz fest im deutschen IT-Sicherheitsrecht. Dieser Ansatz macht unmissverständlich klar: Cybersicherheit darf sich nicht länger auf die Behebung einzelner technischer Schwachstellen beschränken sie muss alle Risiken entlang der Geschäftsprozesse berücksichtigen. First seen on…
-
Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally
A recent investigation by Citizen Lab has uncovered sophisticated, multi-year surveillance campaigns exploiting foundational vulnerabilities in global mobile networks. The report, titled >>Bad Connection,<< reveals how suspected commercial surveillance vendors (CSVs) weaponize the SS7 and Diameter signaling protocols to covertly track high-profile individuals across the globe without interacting directly with their devices. These findings underscore…
-
Runtime Analytics Cuts Millions of Alerts to What Matters
<div cla TL;DR Research from Contrast Security’s Software Under Siege 2025 report reveals that applications face an average of 81 viable attacks per month that reach actual vulnerabilities, while perimeter-based detection tools generate overwhelming alert volumes with minimal correlation to real-world exploits. Runtime analytics powered by the Contrast Graph detects attacks during code execution and…
-
Privacy Vulnerability in Firefox and TOR Browsers
The security company Fingerprint discovered how on Firefox browsers, websites could track users even if they used private browsing tabs or the anonymity focused TOR browser. Mozilla closed the vulnerability in Firefox 150, that was released on April 21st 2026. This vulnerability is another example how a subtle lack of entropy in the software industry…
-
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-file-upload-bug-in-breeze-cache-wordpress-plugin/
-
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-file-upload-bug-in-breeze-cache-wordpress-plugin/
-
3 practical ways AI threat detection improves enterprise cyber resilience
Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
-
3 practical ways AI threat detection improves enterprise cyber resilience
Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
-
Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities
Researchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure. First seen on cyberscoop.com Jump to article: cyberscoop.com/surveillance-campaigns-use-commercial-surveillance-tools-to-exploit-long-known-telecom-vulnerabilities/
-
Five steps to become Mythos ready
Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-dayAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
-
Five steps to become Mythos ready
Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-dayAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
-
Zscaler CEO On Vulnerability Surge From AI: ‘We All Need To Be Paranoid’
In the wake of Anthropic’s initiative to make its Claude Mythos vulnerability discovery tool available to select IT and security vendors, there’s no question that the “very powerful” AI capabilities are a sign of massively heightened cyber risk to come, Zscaler CEO Jay Chaudhry told CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/zscaler-ceo-on-vulnerability-surge-from-ai-we-all-need-to-be-paranoid
-
US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March
CISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities. First seen on therecord.media Jump to article: therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
-
The Guardian view on Anthropic’s Claude Mythos: when AI finds every flaw, who controls the internet? | Editorial
Tech can scale cyber-attacks and defences alike, raising questions about private power, public risk and the future of a shared internetAnthropic announced its latest AI model, <a href=”https://www.theguardian.com/technology/2026/apr/08/anthropic-ai-cybersecurity-software”>Claude Mythos, this month but said it would not be released publicly, because it turns computers into crime scenes. The company claimed that it could find previously unknown…
-
AI Vulnerability Chaining Why Your Security Stack Cannot Detect What Comes Next
Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate vulnerabilities in isolation. That assumption is now broken. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ai-vulnerability-chaining-why-your-security-stack-cannot-detect-what-comes-next/
-
iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix
Apple fixed an iOS flaw that kept deleted notifications on devices, allowing recovery of messages, including from apps like Signal. Apple released updates for iOS and iPadOS to address the vulnerability CVE-2026-28950, a flaw in Notification Services that stored notifications even after deletion. This logging issue could allow recovery of sensitive data, including messages from…
-
Bad Memories Still Haunt AI Agents
Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue threaten AI systems. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/bad-memories-haunt-ai-agents
-
Bad Memories Still Haunt AI Agents
Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue threaten AI systems. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/bad-memories-haunt-ai-agents
-
Schwachstelle in Qualcomm-Snapdragon
Kaspersky ICS CERT hat eine Hardware-Schwachstelle in Qualcomm-Chips entdeckt. Diese sind in einer Vielzahl von Verbraucher- und Industriegeräten weit verbreitet, darunter Smartphones, Tablets, Fahrzeugkomponenten und IoT-Geräte. Die Schwachstelle befindet sich im sogenannten BootROM, einer auf Hardwareebene verankerten Firmware. Angreifer könnten dadurch potenziell Zugriff auf sämtliche auf dem Gerät gespeicherten Daten sowie auf Sensoren wie Kamera…
-
News brief: Microsoft security vulnerabilities revealed
Check out the latest security news from TechTarget SearchSecurity’s sister sites, Cybersecurity Dive and Dark Reading. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366641824/News-brief-Microsoft-security-vulnerabilities-revealed