Tag: vulnerability
-
GitLab Fixes Flaws That Could Allow Attackers to Hijack User Sessions
GitLab has released emergency security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE), including three high-severity flaws that could allow attackers to execute malicious code, forge requests, and steal user session tokens. On April 22, 2026, GitLab released versions 18.11.1, 18.10.4, and 18.9.6 for both CE and EE deployments. GitLab.com has already been…
-
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems instantly.Well, that world is already here.Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We call this…
-
Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can.Mythos Preview, the model that led…
-
Apple fixes iOS bug that kept deleted notifications, including chat previews
A vulnerability in iPhones and iPads allowed law enforcement to recover deleted notifications, including Signal message previews. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/apple-fixes-ios-bug-that-kept-deleted-notifications-including-chat-previews/
-
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device.The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction.”Notifications marked for deletion could be unexpectedly retained…
-
U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-33825 is a Microsoft Defender flaw that can be exploited…
-
Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory
A critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy’s vision-language module was exploited in active attacks just 12 hours and 31 minutes after its public disclosure, with no proof-of-concept code required. On April 21, 2026, GitHub published security advisory GHSA-6w67-hwm5-92mq, later assigned CVE-2026-33626, a high-severity SSRF flaw (CVSS 7.5) in LMDeploy, an open-source toolkit developed by Shanghai…
-
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device.The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction.”Notifications marked for deletion could be unexpectedly retained…
-
Apple Patches Privacy Issue Exposing Signal Message Data Through Notifications
Apple recently rolled out iOS 26.4.2 and iPadOS 26.4.2 to patch a critical privacy vulnerability affecting millions of users. Released on April 22, 2026, this vital security update addresses a flaw that could accidentally expose sensitive message data from secure applications, most notably Signal. By downloading this update, users can prevent their private communications from…
-
Vulnerability Management und SBOM-Generierung sind Key beim CRA
Cyber Resilience Act: Effektives Vulnerability Management und automatisierte Erstellung einer Software Bill of Materials werden zentrale Erfolgsfaktoren für die Hersteller vernetzter Produkte. Mit dem Cyber Resilience Act (CRA) hat die Europäische Union erstmals einen verbindlichen Rechtsrahmen für die Cybersicherheit digitaler Produkte geschaffen. Für die Hersteller vernetzter Geräte, Maschinen und Anlagen rückt damit ein Thema… First…
-
Riddled with flaws, serialEthernet converters endanger critical infrastructure
Tags: access, authentication, control, credentials, data, data-breach, exploit, firmware, flaw, infrastructure, malicious, network, open-source, password, rce, remote-code-execution, risk, service, threat, update, vulnerabilityNew RCE and other vulnerabilities: Aside from all the known vulnerabilities from open-source components, the Forescout researchers also performed manual security analysis and identified previously unknown flaws in the firmware of three specific devices from two vendors: Lantronix EDS3000PS Series, Lantronix EDS5000 Series, and Silex SD330-AC.The web-based management interface of the Lantronix EDS5000 had five…
-
Riddled with flaws, serialEthernet converters endanger critical infrastructure
Tags: access, authentication, control, credentials, data, data-breach, exploit, firmware, flaw, infrastructure, malicious, network, open-source, password, rce, remote-code-execution, risk, service, threat, update, vulnerabilityNew RCE and other vulnerabilities: Aside from all the known vulnerabilities from open-source components, the Forescout researchers also performed manual security analysis and identified previously unknown flaws in the firmware of three specific devices from two vendors: Lantronix EDS3000PS Series, Lantronix EDS5000 Series, and Silex SD330-AC.The web-based management interface of the Lantronix EDS5000 had five…
-
A tsunami of flaws: When frontier AI and Patch Tuesday collide
Microsoft’s April Patch Tuesday drop was the second-largest in history, falling just shy of an October 2025 record. What is behind the spike in vulnerability disclosures, and is there a connection to Anthropic’s bug-hunting Claude Mythos AI model? First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641789/A-tsunami-of-flaws-When-frontier-AI-and-Patch-Tuesday-collide
-
Supply Chain Attacks Are Getting Worse”, How to Shrink Your Exposure
<div cla In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned 75 of 76 version tags in the process. Any pipeline that pulled trivy:latest…
-
The Invisible Threat: Business Logic Flaws in Modern Applications and Why Scanners Miss Them
<div cla In today’s security landscape, some of the most dangerous vulnerabilities aren’t flagged by automated scanners at all. These are the business logic flaws: subtle mistakes in an application’s design or workflow that malicious actors can exploit by doing the unexpected. As a result, companies can be blindsided by breaches even when their vulnerability…
-
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Tags: access, ai, api, attack, authentication, breach, control, credentials, cve, data, framework, hacker, infrastructure, injection, LLM, remote-code-execution, risk, saas, siem, supply-chain, threat, update, vulnerabilityLast week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access…
-
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-mozilla-firefox-150-patched-271-security-flaws/
-
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-mozilla-firefox-150-patched-271-security-flaws/
-
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-mozilla-firefox-150-patched-271-security-flaws/
-
New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers/
-
prompted 2026 macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents
Author, Creator & Presenter: Olivia Gallucci, Security Engineer, Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-macos-vulnerability-research-augmenting-apples-source-code-and-os-logs-with-ai-agents/
-
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core
UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
-
Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers
Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Link routers, Akamai reports. The flaw allows attackers to inject commands because an attacker-controlled value is copied without…
-
Microsoft SharePoint vulnerability widely exposed across multiple countries
The disclosure comes just weeks after a prior SharePoint flaw was discovered. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-sharepoint-vulnerability-exposed-multiple-countries/818201/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
5 zentrale Schwachstellen gefährden die IT-Sicherheitslage im Mittelstand
Ransomware, Phishing, gestohlene Zugangsdaten: Cyberangriffe verursachen im Mittelstand regelmäßig spürbaren wirtschaftlichen Schaden. Der aktuelle ‘Cyber-Risikocheck für den Mittelstand” von Trufflepig IT-Forensics, dem spezialisierten Cybersecurity-Partner für den gehobenen Mittelstand und den öffentlichen Sektor im DACH-Raum, zeigt auf Basis von 273 realen Angriffssimulationen (Penetrationstests) in mittelständischen DACH-Unternehmen, wo sich Angreifern die vielversprechendsten Einfallstore bieten. Besonders relevant für…
-
Microsoft outband updates fixed critical ASP.NET Core privilege escalation flaw
Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access…