Tag: vulnerability
-
1-Click ZITADEL Vulnerability Could Allow Full System Takeover
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical severity rating, this flaw resides in the platform’s login V2 interface, specifically within the /saml-post endpoint. It allows unauthenticated remote attackers to execute malicious JavaScript directly within a user’s browser. With a…
-
Anthropic Claude Opus AI model discovers 22 Firefox bugs
Anthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, released in January 2026. Anthropic discovered 22 security vulnerabilities in Firefox using its Claude Opus 4.6 AI model in January 2026. Mozilla addressed these issues in Firefox 148. The researchers state…
-
PQC roadmap remains hazy as vendors race for early advantage
Tags: attack, cisco, communications, control, crypto, cryptography, data, encryption, finance, firmware, gartner, google, grc, guide, Hardware, healthcare, identity, infrastructure, monitoring, network, nist, risk, software, technology, threat, tool, vpn, vulnerabilitySome are already ahead as the migration question looms: One of the earliest vendors to operationalize cryptographic discovery specifically for PQC readiness was Sandbox AQ, which emerged from Google’s quantum research efforts. As early as 2022, the company argued that enterprises needed to inventory cryptography assets long before post-quantum algorithms could be deployed at scale.Initially…
-
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944, this vulnerability carries a maximum critical severity score of 9.8 out of 10. The flaw exposes highly sensitive data, including user credentials, session tokens, and SSL private keys, putting entire…
-
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944, this vulnerability carries a maximum critical severity score of 9.8 out of 10. The flaw exposes highly sensitive data, including user credentials, session tokens, and SSL private keys, putting entire…
-
ExifTool Vulnerability Lets Malicious Images Trigger macOS Code Execution
ExifTool is a ubiquitous open-source solution for reading, writing, and editing image metadata. It’s the go-to tool for photographers and digital archivists, and is widely used in data analytics, digital forensics, and investigative journalism. Can a computer really get infected just by processing an image even on macOS, often (incorrectly) thought to be immune to…
-
Hikvision Multiple Product Vulnerability Could Let Attackers Escalate Privileges
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting multiple Hikvision products to its Known Exploited Vulnerabilities (KEV) catalog. This urgent addition, made on March 5, 2026, serves as a stark warning to network defenders after federal authorities confirmed that threat actors are actively exploiting the bug in real-world…
-
Critical ExifTool Vulnerability Allows Malicious Images to Execute Code on macOS
Many users believe macOS is inherently resistant to malware, but a newly discovered vulnerability proves otherwise. Kaspersky’s Global Research and Analysis Team (GReAT) recently uncovered a critical flaw, tracked as CVE-2026-3102, within ExifTool. ExifTool is a widely popular open-source application and library for extracting and editing file metadata. If a macOS user processes a specially…
-
CISA Alerts Users to Actively Exploited Vulnerabilities Impacting macOS and iOS
Tags: apple, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, macOS, network, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three actively exploited vulnerabilities affecting multiple Apple platforms. On March 5, 2026, CISA added these security flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring immediate attention from network defenders and system administrators. These vulnerabilities impact a wide range of Apple devices…
-
Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden
Tags: access, ai, ciso, control, cyber, cyberattack, detection, encryption, endpoint, extortion, framework, intelligence, lockbit, mitre, openai, ransomware, RedTeam, service, software, strategy, threat, tool, vulnerabilityStatt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen.Ransomware-Angreifer ändern zunehmend ihre Taktik und setzen vermehrt auf unauffällige Infiltration. Dies liegt daran, dass die Drohung mit der Veröffentlichung sensibler Unternehmensdaten zum Hauptdruckmittel bei Erpressungen geworden ist.Der jährliche Red-Teaming-Bericht von Picus Security zeigt, dass Angreifer zunehmen…
-
Critical Nginx UI flaw CVE-2026-27944 exposes server backups
Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-27944 (CVSS score of 9.8), allows attackers to download and decrypt full server backups without authentication. The flaw poses a serious risk to organizations exposing the management…
-
Romo: DJI-Staubsauger-Hacker bekommt 30.000 US-Dollar
Ein Sicherheitsforscher, der zufällig Zugriff auf 7.000 DJI-Roboterstaubsauger erlangt hat, wird für die Aufdeckung der Schwachstelle belohnt. First seen on golem.de Jump to article: www.golem.de/news/romo-dji-staubsauger-hacker-bekommt-30-000-us-dollar-2603-206214.html
-
What makes secrets management key to safe Agentic AI
Are Your Non-Human Identities Leaving Your Cloud Environment Vulnerable? Understanding the significant challenges faced by organizations in managing Non-Human Identities (NHIs) and Secrets Security Management is crucial. One might ask why these concerns have gained prominence. With industries increasingly embrace digital transformation, these machine identities have become critical components in cybersecurity, creating unique challenges and……
-
What makes secrets management key to safe Agentic AI
Are Your Non-Human Identities Leaving Your Cloud Environment Vulnerable? Understanding the significant challenges faced by organizations in managing Non-Human Identities (NHIs) and Secrets Security Management is crucial. One might ask why these concerns have gained prominence. With industries increasingly embrace digital transformation, these machine identities have become critical components in cybersecurity, creating unique challenges and……
-
What makes secrets management key to safe Agentic AI
Are Your Non-Human Identities Leaving Your Cloud Environment Vulnerable? Understanding the significant challenges faced by organizations in managing Non-Human Identities (NHIs) and Secrets Security Management is crucial. One might ask why these concerns have gained prominence. With industries increasingly embrace digital transformation, these machine identities have become critical components in cybersecurity, creating unique challenges and……
-
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla.Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month.…
-
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla.Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month.…
-
OpenAI’s Codex Security Built to Automate Vulnerability Discovery and Remediation
OpenAI has officially introduced Codex Security, an advanced application security agent designed to automate vulnerability discovery and remediation. Formerly known as Aardvark, the tool is now available in a research preview. It aims to eliminate the bottleneck of manual security reviews by combining state-of-the-art AI models with automated validation, enabling development teams to ship secure…
-
Claude AI Exposes 22 Firefox Vulnerabilities in Just Two Weeks
Artificial intelligence has officially entered the realm of advanced vulnerability research, moving beyond simple code assistance to autonomous threat hunting. This highly accelerated discovery rate outpaces traditional manual research, with the AI uncovering more vulnerabilities in one month than human researchers reported in any single month of 2025. Fourteen of these discoveries were classified as…
-
WordPress Plugin Flaw Lets Attackers Create Admin Accounts
A WordPress plugin flaw allows attackers to create administrator accounts and take over vulnerable sites. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/wordpress-plugin-flaw-lets-attackers-create-admin-accounts/
-
WordPress Plugin Flaw Lets Attackers Create Admin Accounts
A WordPress plugin flaw allows attackers to create administrator accounts and take over vulnerable sites. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/wordpress-plugin-flaw-lets-attackers-create-admin-accounts/
-
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
The long, strange trip of a large assembly of advanced iOS exploits. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/03/cisa-adds-3-ios-flaws-to-its-catalog-of-known-exploited-vulnerabilities/
-
5 Actions Critical for Cybersecurity Leadership During International Conflicts
Tags: attack, backup, business, cloud, corporate, cyber, cybersecurity, data, exploit, government, incident response, infrastructure, international, iran, middle-east, military, network, resilience, risk, risk-assessment, russia, saas, service, supply-chain, technology, threat, ukraine, update, vulnerability, warfareThe recent military attacks involving Iran in the Middle East are a stark reminder that cybersecurity leadership must continually incorporate geopolitical risk into their enterprise cyber risk posture and preparedness. Every crisis that elevates to military engagements between cyber-active participants, changes the risk landscape of businesses, for people, operations, and data. This includes the…
-
Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks
In a recent security partnership with Mozilla, Anthropic found 22 separate vulnerabilities in Firefox, 14 of them classified as “high-severity.” First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/06/anthropics-claude-found-22-vulnerabilities-in-firefox-over-two-weeks/
-
AWS-LC Flaws Could Bypass Certificate Verification
AWS disclosed vulnerabilities in its AWS-LC cryptographic library that could bypass certificate verification and expose timing weaknesses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/aws-lc-flaws-could-bypass-certificate-verification/
-
Building Bridges, Breaking Pipelines: Introducing Trajan
TL;DR: Trajan is an open-source CI/CD security tool from Praetorian that unifies vulnerability detection and attack validation across GitHub Actions, GitLab CI, Azure DevOps, and Jenkins in a single cross-platform engine. It ships with 32 detection plugins and 24 attack plugins covering poisoned pipeline execution, secrets exposure, self-hosted runner risks, and AI/LLM pipeline vulnerabilities. It……
-
LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability
LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability. The post LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-lexisnexis-breach-3-9m-records-react-vulnerability/
-
LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability
LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability. The post LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-lexisnexis-breach-3-9m-records-react-vulnerability/
-
Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws
Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise.…