Tag: vulnerability
-
Linux-Kernel-Schwachstelle ermöglicht Zugriff auf sensible Root-Daten
Die Sicherheitsforscher der Threat Research Unit (TRU) von Qualys haben mit CVE-2026-46333 eine Schwachstelle im Linux-Kernel identifiziert, die unter bestimmten Bedingungen die Offenlegung sensibler Informationen privilegierter Prozesse ermöglicht. Die Sicherheitslücke befindet sich im sogenannten ptrace-Zugriffspfad des Kernels und kann von lokal angemeldeten Benutzern ohne administrative Rechte ausgenutzt werden. Nach Erkenntnissen der Forscher handelt es sich um eine Race-Condition…
-
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month.Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of…
-
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/
-
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/
-
LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to execute arbitrary scripts as root and gain full server control. Tracked as CVE-2026-48172 with a maximum CVSS score of 10.0, the flaw has been patched as of May 21, 2026. The root cause is a logic…
-
Ubiquiti Patches Critical UniFi OS Privilege Escalation Flaws
Ubiquiti has released urgent security patches for five critical and high-severity vulnerabilities across its UniFi OS platform, addressing flaws that could allow remote attackers to execute arbitrary commands and escalate privileges on a wide range of UniFi devices. The flaws also span improper access control and path traversal, affecting a broad range of UniFi OS…
-
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild.The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions.”Any cPanel user (including an attacker or a compromised account) may First…
-
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.”Drupal Core First seen on…
-
Claude Mythos Preview Discovers 10,000+ 0-Days in Glasswing
Anthropic has published an update on Project Glasswing, its collaborative AI-powered vulnerability discovery initiative launched last month, revealing that Claude Mythos, the company’s most capable and tightly restricted model, has already surfaced more than 10,000 high- or critical-severity zero-day vulnerabilities across the world’s most systemically important software. The findings represent one of the most significant…
-
Qualys entdeckt Schwachstelle im Linux-Kernel mit Risiko für sensible Daten
Die Entdeckung von CVE-2026-46333 unterstreicht einmal mehr, dass selbst moderne Linux-Infrastrukturen nicht vor kritischen Kernel-Schwachstellen gefeit sind. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-entdeckt-schwachstelle-im-linux-kernel-mit-risiko-fuer-sensible-daten/a45282/
-
Attackers exploit SonicWall VPN vulnerability to bypass MFA
First seen on scworld.com Jump to article: www.scworld.com/brief/attackers-exploit-sonicwall-vpn-vulnerability-to-bypass-mfa
-
Ubiquiti patches three critical vulnerabilities in UniFi OS
Tags: vulnerabilityFirst seen on scworld.com Jump to article: www.scworld.com/brief/ubiquiti-patches-three-critical-vulnerabilities-in-unifi-os
-
Organizations knowingly ship vulnerable code amid shrinking exploit windows
First seen on scworld.com Jump to article: www.scworld.com/brief/organizations-knowingly-ship-vulnerable-code-amid-shrinking-exploit-windows
-
You can now nominate vulnerabilities for CISA’s KEV with this form
First seen on scworld.com Jump to article: www.scworld.com/news/you-can-now-nominate-vulnerabilities-for-cisas-kev-with-this-form
-
CISA adds Trend Micro Apex One and Langflow flaws to exploited vulnerabilities catalog
First seen on scworld.com Jump to article: www.scworld.com/brief/cisa-adds-trend-micro-apex-one-and-langflow-flaws-to-exploited-vulnerabilities-catalog
-
MSSP Market News: Vulnerability Management Moves From CVE Lists to Fixes
First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-news-58-of-cisos-would-pay-the-ransom-thats-an-mssp-problem
-
Nvidia releases driver updates to fix 14 critical vulnerabilities
First seen on scworld.com Jump to article: www.scworld.com/brief/nvidia-releases-driver-updates-to-fix-14-critical-vulnerabilities
-
RondoDox Botnet Exploits 2018 Flaw in Asus Routers
Botnet Operators Execute First Known Exploit of Nearly Decade-Old Flaw. Operators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as a root user. VulnCheck began observing exploitation of the Asus vulnerability on May 17. First seen on govinfosecurity.com Jump to article:…
-
RondoDox Botnet Exploits 2018 Flaw in Asus Routers
Botnet Operators Execute First Known Exploit of Nearly Decade-Old Flaw. Operators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as a root user. VulnCheck began observing exploitation of the Asus vulnerability on May 17. First seen on govinfosecurity.com Jump to article:…
-
Max-severity vulnerability in ChromaDB allows unauthenticated remote code execution
First seen on scworld.com Jump to article: www.scworld.com/brief/max-severity-vulnerability-in-chromadb-allows-unauthenticated-remote-code-execution
-
Verizon DBIR 2026: Vulnerability exploits top initial access as patching coverage falls
First seen on scworld.com Jump to article: www.scworld.com/news/verizon-dbir-2026-vulnerability-exploits-top-initial-access-as-patching-coverage-falls
-
Water, the Soft Underbelly of Critical Infrastructure
Tags: cyber, cybersecurity, governance, government, infrastructure, service, threat, usa, vulnerabilityFragmented Governance and Scarce Resources Make America’s Water Sector Vulnerable. America’s water utilities are the nation’s most cyber-vulnerable critical service sector, but their cybersecurity is overseen and supported by an ill-fitting patchwork of government agencies and most lack the resources to meet the threat they face. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/water-soft-underbelly-critical-infrastructure-a-31758
-
AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026
Weekly summary of Cybersecurity Insider newsletters for May 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-driven-threats-critical-vulnerabilities-and-supply-chain-breaches-define-the-week-in-may-2026/
-
$20 per zero-day is already the WordPress plugin reality
Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/ai-wordpress-plugin-vulnerabilities/
-
Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks/
-
Google’s Exploit Code Release Raises Concern Over Unfixed Chromium Security Bug
Google’s recent release of proof-of-concept (PoC) exploit code for a still-unpatched Chromium vulnerability has sparked significant concern across the cybersecurity community. The flaw, first reported in late 2022 by security researcher Lyra Rebane, remains unresolved after more than three years, exposing millions of users of Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and…
-
Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective
1 IntroductionThis article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated. The…
-
Drupal: Critical SQL injection flaw now targeted in attacks
Drupal is warning that hackers are attempting to exploit a “highly critical” SQL injection vulnerability announced earlier this week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/drupal-critical-sql-injection-flaw-now-targeted-in-attacks/
-
Ubiquiti patches three max severity UniFi OS vulnerabilities
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in Unify OS that can be exploited by remote attackers without privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ubiquiti-patches-three-max-severity-unifi-os-vulnerabilities/
-
CISA Adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
Tags: ai, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, risk, tool, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting active exploitation risks and urging immediate remediation. The vulnerability stems from an origin validation flaw in Langflow, a popular tool used for building and orchestrating AI-driven workflows. According to CISA,…