Tag: vulnerability
-
Microsoft Edge Vulnerability Lets Remote Attackers Execute Arbitrary Code
Microsoft has disclosed three critical vulnerabilities in its Edge browser, all discovered during the Pwn2Own competition and reported by security researcher Orange Tsai of DEVCORE Research Team. The flaws, tracked as CVE-2026-45492, CVE-2026-45494, and CVE-2026-45495, were publicly disclosed on June 4, 2026, with patches already issued by Microsoft. Overview of the Vulnerability CVE-2026-45492 Origin […]…
-
Microsoft Edge Vulnerability Lets Remote Attackers Execute Arbitrary Code
Microsoft has disclosed three critical vulnerabilities in its Edge browser, all discovered during the Pwn2Own competition and reported by security researcher Orange Tsai of DEVCORE Research Team. The flaws, tracked as CVE-2026-45492, CVE-2026-45494, and CVE-2026-45495, were publicly disclosed on June 4, 2026, with patches already issued by Microsoft. Overview of the Vulnerability CVE-2026-45492 Origin […]…
-
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS ver 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2026-45247 flaw is a…
-
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/everest-forms-pro-rce-actively/
-
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto…
-
Hackers Are After the Gaps in Your Vulnerability Program: Here’s Their Playbook
Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-after-the-gaps-in-your-vulnerability-program-heres-their-playbook/
-
Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges
Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side…
-
Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mythos-gpt-chrome-exploits/
-
Comodo Internet Security 0-Day Flaw Triggers Windows System Crashes
A remotely exploitable zero-day vulnerability in Comodo Internet Security’s kernel-level firewall driver allows attackers to crash Windows systems with a single IPv6 packet, and the vendor has yet to respond. Security researcher Marcus Hutchins publicly disclosed a critical zero-day vulnerability in Comodo Internet Security on June 3, 2026, after multiple attempts to reach the vendor…
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
-
PoC Exploit Released for Cisco Unified Communications Manager Security Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical server-side request forgery (SSRF) vulnerability impacting Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME), increasing the likelihood of active exploitation in enterprise environments. Cisco Unified Manager Security Vulnerability Tracked as CVE-2026-20230 and detailed in Cisco advisory cisco-sa-cucm-ssrf-cXPnHcW, the…
-
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted First seen…
-
From critical to controlled: Cutting vulnerabilities in a live manufacturing environment
A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/04/ot-vulnerability-management-process/
-
CISA Alerts Users to Actively Exploited Android Framework Security Vulnerability
CISA has issued an urgent alert warning of an actively exploited Android Framework vulnerability, tracked as CVE-2025-48595, and has added it to its Known Exploited Vulnerabilities (KEV) catalog. The agency has set a strict remediation deadline of June 5, 2026, urging organizations to take immediate action to mitigate potential risks associated with this flaw. Android…
-
Acer Confirms Patch in Progress for Wave 7 Router 0-Day Flaw
Acer has confirmed that it is actively developing a firmware patch to address critical zero-day vulnerabilities affecting its Wave 7 routers, following responsible disclosure by an independent security researcher. According to an official advisory published on June 2, 2026, the vulnerabilities impact Acer Wave 7 devices running firmware version T7c_GBL_1.01.000055 or earlier. The flaws expose…
-
Hackers Exploit Google Gemini Flaw Using Malicious Messages from WhatsApp, Slack, and SMS
Hackers are exploiting a newly discovered flaw in Google’s Gemini voice assistant by sending malicious messages via popular platforms such as WhatsApp, Slack, Signal, Instagram, Messenger, and SMS. The vulnerability, uncovered by SafeBreach Labs, shows how attackers can secretly inject instructions into Gemini’s conversation context via instant message notifications. This lets them manipulate the assistant…
-
CISA directive for AI executive order to be released this week, Andersen says
The binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore. First seen on therecord.media Jump to article: therecord.media/cisa-directive-for-ai-exec-order-release
-
Acer addresses critical zero-day vulnerabilities in Wave 7 routers
First seen on scworld.com Jump to article: www.scworld.com/brief/acer-addresses-critical-zero-day-vulnerabilities-in-wave-7-routers
-
CISA adds Android and Linux kernel flaws to exploited vulnerabilities catalog
First seen on scworld.com Jump to article: www.scworld.com/brief/cisa-adds-android-and-linux-kernel-flaws-to-exploited-vulnerabilities-catalog
-
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed servers. The post CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-oracle-weblogic-vulnerability-exploited/
-
Cloud Security Alliance Report Highlights Growing Patch Gap Risks
AI is accelerating exploitation timelines while known vulnerabilities remain a leading cause of security incidents, according to a CSA report. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cloud-security-alliance-report-highlights-growing-patch-gap-risks/
-
CISA warns of active attacks exploiting Android, Linux bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-active-attacks-exploiting-android-linux-bugs/
-
Microsoft responds to security challenges facing code, AI agents, and models
Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/microsoft-ai-agent-security-capabilities/
-
Sammelupdate schließt 17 Schwachstellen in Apache OFBiz – Kritische OFBiz-Lücken erlauben Codeausführung ohne Anmeldung
First seen on security-insider.de Jump to article: www.security-insider.de/apache-ofbiz-24-09-06-17-schwachstellen-rce-codeausfuehrung-a-15f5e02dfc4ce184f65ec0d9c373916a/
-
WordPress Plugin Flaw Opens Door to Privilege Escalation Attacks Across 500,000+ Sites
A critical security flaw in the Kirki Freeform Page Builder, Website Builder & Customizer WordPress plugin is exposing sites to account takeover and privilege escalation attacks, with roughly 150,000 estimated to be running vulnerable versions introduced in the 6.0 release. Tracked as CVE-2026-8206 and rated 9.8 (Critical), the bug affects Kirki versions 6.0.0 through […]…
-
Acer working to patch max severity zero-days in Wave 7 routers
Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/acer-warns-of-max-severity-zero-days-affecting-wave-7-routers/
-
Critical Apache ActiveMQ Vulnerability Exposes Systems to Security Header Injection Attacks
Apache ActiveMQ users are being urged to apply immediate patches following the disclosure of a critical vulnerability, CVE-2026-42253, that enables HTTP response header injection via improperly handled JMS message properties. The flaw affects both Apache ActiveMQ and ActiveMQ Web components. It has been rated with “important” severity by the Apache Software Foundation. CVE-2026-42253: HTTP Response…
-
38% of GitHub Actions Workflows Exposed to Script Injection Risks
Analysis has revealed that 38% of organizations are running GitHub Actions workflows vulnerable to script injection or unsafe trigger configurations, highlighting a growing risk in modern software supply chains. GitHub plays a central role in development pipelines by automating build, test, and deployment tasks through YAML-defined workflows and reusable actions. These workflows often run with…
-
38% of GitHub Actions Workflows Exposed to Script Injection Risks
Analysis has revealed that 38% of organizations are running GitHub Actions workflows vulnerable to script injection or unsafe trigger configurations, highlighting a growing risk in modern software supply chains. GitHub plays a central role in development pipelines by automating build, test, and deployment tasks through YAML-defined workflows and reusable actions. These workflows often run with…