Tag: vulnerability
-
ITStrategie für komplexe Landschaften entwickeln
»Eine IT-Security-Strategie für komplexe Landschaften zu entwickeln, sollte zu Jahresbeginn ganz oben auf der Agenda stehen.« Die meisten Cyberangriffen in der EU finden in Deutschland statt, und die Schwachstellen in den IT-Infrastrukturen nehmen täglich zu. Viele Unternehmen stehen daher vor der Frage, wie sie ihre IT-Sicherheit strategisch neu ausrichten können. Im Interview stellen Stefan Rothmeier……
-
New Angular Vulnerability Allows Attackers to Execute Malicious Payloads
A high Cross-Site Scripting (XSS) vulnerability has been discovered in Angular’s Template Compiler, potentially exposing millions of web applications to malicious JavaScript execution. The flaw, tracked as CVE-2026-22610, affects multiple versions of Angular’s core packages and carries a High severity rating with a CVSS score of 7.3/10. Attribute Details CVE ID CVE-2026-22610 Severity High (CVSS 4.0: 7.3/10) Vulnerability…
-
CISA Alerts on Actively Exploited Gogs Path Traversal Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Gogs, a self-hosted Git service, to its Known Exploited Vulnerabilities catalog, warning that the flaw is being actively exploited in the wild. Critical Vulnerability Details Tracked as CVE-2025-8110, the vulnerability is a path-traversal flaw in Gogs’ improper symbolic link handling in the PutContents…
-
Critical jsPDF Vulnerability Enables Arbitrary File Read in Node.js (CVE-2025-68428)
In January 2026, a critical security vulnerability was disclosed in jsPDF, a popular JavaScript library used to generate PDF documents. The issue, tracked as CVE-2025-68428, affects server-side Node.js deployments of jsPDF prior to version 4.0.0 and has been assigned a CVSS score of 9.2. The vulnerability is a path traversal issue that can be abused”¦…
-
NDSS 2025 LLMPirate: LLMs For Black-box Hardware IP Piracy
Tags: attack, conference, detection, firmware, Hardware, Internet, LLM, mitigation, network, software, vulnerabilitySession 8C: Hard & Firmware Security Authors, Creators & Presenters: Vasudev Gohil (Texas A&M University), Matthew DeLorenzo (Texas A&M University), Veera Vishwa Achuta Sai Venkat Nallam (Texas A&M University), Joey See (Texas A&M University), Jeyavijayan Rajendran (Texas A&M University) PAPER LLMPirate: LLMs for Black-box Hardware IP Piracy The rapid advancement of large language models (LLMs)…
-
NIST Calls for Public to Help Better Secure AI Agents
NIST Seeks Input to Protect AI Systems Used in Government, Critical Infrastructure. The National Institute of Standards and Technology is seeking public input from security experts and stakeholders to weigh in on security threats from agentic AI warning they may be vulnerable to exploits like hijacking, backdoors and misaligned behavior across federal networks. First seen…
-
U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, open-source, service, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Gogs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)addeda Gogspath traversal vulnerability, tracked as CVE-2025-8110 (CVSS Score of 8.7), to itsKnown Exploited Vulnerabilities (KEV) catalog. Gogs (Go Git Service) is a lightweight, open-source, self-hosted Git service written…
-
CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
Tags: attack, cisa, exploit, flaw, government, rce, remote-code-execution, update, vulnerability, zero-dayCISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
-
Meta fixes Instagram password reset flaw, denies data breach
Meta fixed an Instagram password reset flaw that let third parties send reset emails, while denying a data breach despite leak claims. Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data. >>We fixed an issue that let an…
-
Business leaders see AI risks and fraud outpacing ransomware, says WEF
C-suite executives are more concerned with risks arising from AI vulnerabilities and cyber fraud than ransomware, according to the World Economic Forum First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637198/Business-leaders-see-AI-risks-and-fraud-outpacing-ransomware-says-WEF
-
Critical vulnerability found in n8n workflow automation platform
The open-source platform is widely used across enterprise environments, leaving thousands of instances at risk. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-vulnerability-n8n-automation-platform/809360/
-
NDSS 2025 Mens Sana In Corpore Sano: Sound Firmware Corpora For Vulnerability Research
Session 8C: Hard & Firmware Security Authors, Creators & Presenters: René Helmke (Fraunhofer FKIE), Elmar Padilla (Fraunhofer FKIE, Germany), Nils Aschenbruck (University of Osnabrück) PAPER Mens Sana In Corpore Sano: Sound Firmware Corpora for Vulnerability Research Firmware corpora for vulnerability research should be scientifically sound. Yet, several practical challenges complicate the creation of sound corpora:…
-
Tenable Is a Gartner® Peer Insights Customers’ Choice for Cloud-Native Application Protection Platforms
Tags: ai, api, attack, automation, banking, ciso, cloud, compliance, control, cybersecurity, data, detection, gartner, google, governance, healthcare, identity, infrastructure, microsoft, risk, risk-management, service, software, strategy, technology, tool, vulnerability, vulnerability-managementThis recognition, based entirely on feedback from the people who use our products every day, to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide. Our key takeaways: In our view, this peer recognition confirms Tenable’s strategic value in helping organizations worldwide, across all industry sectors, preemptively close critical…
-
Instagram Confirms No System Breach After External Password Reset Problem
Instagram has dismissed security breach concerns, clarifying that recent unexpected password reset emails were caused by an external party exploiting a now-patched vulnerability rather than a complete system compromise. The social media giant confirmed that a flaw in its systems allowed unknown threat actors to request password reset emails on behalf of users without actually…
-
PoC Released for Atarim Plugin Auth Bypass Vulnerability
A security researcher has published proof-of-concept code for a critical authentication bypass vulnerability in the Atarim WordPress plugin that could allow attackers to steal sensitive user data and system configuration details. The flaw, tracked as CVE-2025-60188, affects versions of the plugin that use insecure HMAC-based authentication. Field Details CVE ID CVE-2025-60188 GHSA ID GHSA-648j-fchv-3hrv Vulnerability…
-
Shai-Hulud & Co.: Die Supply Chain als Achillesferse
Tags: access, ai, application-security, backdoor, ciso, cloud, cyber, cyberattack, data, github, Hardware, infrastructure, kritis, kubernetes, LLM, monitoring, network, nis-2, programming, resilience, risk, rust, sbom, software, spyware, strategy, supply-chain, tool, vulnerabilityEgal, ob React2Shell, Shai-Hulud oder XZ Utils: Die Sicherheit der Software-Supply-Chain wird durch zahlreiche Risiken gefährdet.Heutige Anwendungen basieren auf zahlreichen Komponenten, von denen jede zusammen mit den Entwicklungsumgebungen selbst eine Angriffsfläche darstellt. Unabhängig davon, ob Unternehmen Code intern entwickeln oder sich auf Drittanbieter verlassen, sollten CISOs, Sicherheitsexperten und Entwickler der Software-Supply-Chain besondere Aufmerksamkeit schenken.Zu den…
-
Max severity Ni8mare flaw impacts nearly 60,000 n8n instances
Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed “Ni8mare.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-impacts-nearly-60-000-n8n-instances/
-
WhatsApp-Hack: 3,5 Milliarden Konten auslesbar warum Ihre Mobil-Telefonnummer ein echtes Risiko ist
Milliarden Menschen nutzen WhatsApp täglich oft mit dem Gefühl, in einem geschützten, privaten Raum zu kommunizieren. Doch was, wenn dieser Raum in Wahrheit erstaunlich transparent ist? Und was, wenn ausgerechnet die Mobiltelefonnummer, die WhatsApp als Fundament nutzt, zur größten Schwachstelle wird? Ein beunruhigender Sicherheitsfund der Universität Wien erschütterte letztes Jahr das Vertrauen in… First seen…
-
Turkish Security Researcher Gets Nod From NASA Over Vulnerability Discoveries
NASA acknowledges independent researcher Hasan Ä°smail Gülkaya for discovering vulnerabilities through its Vulnerability Disclosure Program, highlighting the importance of ethical hacking in cybersecurity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/turkish-security-researcher-gets-nod-from-nasa-over-vulnerability-discoveries/
-
Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive Data
A newly disclosed vulnerability in Apache Struts 2’s XWork component could expose sensitive data and open the door to denial”‘of”‘service and server”‘side request forgery (SSRF) attacks if left unpatched. The flaw, tracked as CVE-2025-68493, is rated Important and affects a wide range of Struts 2 versions, putting many Java web applications at risk. Field Details CVE ID CVE-2025-68493…
-
Critical React Router Flaws Could Let Attackers Access or Modify Server Files
A critical vulnerability has been discovered in React Router and Remix that could allow attackers to access or modify sensitive files on web servers. The flaw affects multiple packages and has received a severity rating of Critical with a CVSS score of 8.8/10. Field Details CVE ID CVE-2025-61686 Severity Critical CVSS Score 8.8/10 Vulnerability Overview The security issue stems from…
-
Critical InputPlumber Flaw Enables UI Input Injection and DenialService
Security researchers have discovered critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, that could allow attackers to inject keystrokes, leak sensitive information, and cause denial-of-service conditions. The flaws, tracked as CVE-2025-66005 and CVE-2025-14338, affect InputPlumber versions before v0.69.0 and stem from inadequate D-Bus authorization checks. CVE ID Description Affected Versions Impact…
-
Critical zlib Flaw Let Attackers Can Trigger a Buffer Overflow via untgz
A severe buffer overflow vulnerability has been discovered in the zlib untgz utility, affecting version 1.3.1.2, allowing attackers to trigger memory corruption via maliciously crafted command-line arguments. The vulnerability resides in the TGZfname() function, where an unbounded strcpy() call copies user-supplied archive names directly into a fixed-size global buffer of 1024 bytes without any length…
-
How is the handling of NHIs getting better?
Why is Non-Human Identities Management Critical for Cybersecurity? Have you ever considered how machine identities could be as vulnerable as human identities? The concept of Non-Human Identities (NHIs) extends beyond mere machine management to become a core aspect of cybersecurity, especially in cloud environments. When handled poorly, can lead to significant security gaps. But when……
-
What is Application Security Testing? Detail Explanation
Your organization, the industrial domain you survive on, and almost everything you deal with rely on software applications. Be it banking portals, healthcare systems, or any other, securing those applications is paramount. Application Security Testing is the process of making applications more resistant to cyber threats by identifying weaknesses and vulnerabilities in the code. In……
-
ZombieAgent ChatGPT attack shows persistent data leak risks of AI agents
Worm-like propagation: The email attack even has worming capabilities, as the malicious prompts could instruct ChatGPT to scan the inbox, extract addresses from other email messages, exfiltrate those addresses to the attackers using the URL trick, and send similar poisoned messages to those addresses as well.If the victim is the employee of an organization that…
-
MAESTRO Toolkit Exploiting VMware VM Escape Vulnerabilities
Cybersecurity researchers from Huntress detail a major VM Escape attack where hackers took over host servers. Using a secret toolkit called MAESTRO, the attackers stayed hidden for over a year. Read the exclusive details on how this breach was stopped and how to protect your network. First seen on hackread.com Jump to article: hackread.com/maestro-toolkit-vmware-vm-escape-vulnerabilities/
-
Trend Micro fixed a remote code execution in Apex Central
Trend Micro fixed three Apex Central flaws discovered by Tenable that could allow remote code execution or denial-of-service attacks. Trend Micro patched three flaws (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console after Tenable disclosed details and PoC code. The researchers discovered the vulnerabilities in August 2025, which could enable remote code execution or denial-of-service attacks.…
-
Radware Discloses ZombieAgent Technique to Compromise AI Agents
Radware this week announced it has discovered a zero-click indirect prompt injection (IPI) vulnerability targeting the Deep Research agent developed by OpenAI. Dubbed ZombieAgent, Radware researchers have discovered that it is possible to implant malicious rules directly into the long-term memory or working notes of an AI agent. That technique enables a malicious actor to..…
-
No Rest in 2026 as Patch Alerts Amass for Cisco, HPE and n8n
Cisco Fixes ISE Bug; HPE OneView Under Fire; Exploit Code Drops for n8n Flaw. The new year is off to a fresh start on the vulnerability and exploit alert front: Cisco has patched a critical Identity Services Engine; cybersecurity officials warn that an HPE OneView vulnerability is being actively exploited; and proof-of-concept exploits drop for…