Tag: vulnerability
-
Microsoft Defender Zero-Day Vulnerabilities Actively Exploited in the Wild
Microsoft has disclosed two new zero-day vulnerabilities in Microsoft Defender that are actively being exploited in the wild, raising concerns among security professionals and enterprise users. The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, were officially released on May 19, 2026, and both have confirmed exploitation activity according to Microsoft’s security advisory. The most critical of…
-
Google Chrome Security Flaws Could Let Attackers Execute Code Remotely
Google has released a critical security update for its Chrome browser, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 148.0.7778.178/179 for Windows and macOS, and 148.0.7778.178 for Linux. According to the official Chrome Releases blog, the latest…
-
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, the latest stable release of the widely used web server software that powers an estimated 3040% of all…
-
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, the latest stable release of the widely used web server software that powers an estimated 3040% of all…
-
Critical Vulnerability in Cisco Secure Workload Threatens Enterprise API Security
Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain high-level administrative access to sensitive enterprise environments. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.0 and is classified under CWE-306 (Missing Authentication for Critical Function). According to Cisco’s advisory (cisco-sa-csw-pnbsa-g8WEnuy), the issue…
-
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-warns-of-new-defender-zero-days-exploited-in-attacks/
-
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
The Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers could compromise affected websites shortly after public disclosure. According to the advisory, the security update…
-
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
The Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers could compromise affected websites shortly after public disclosure. According to the advisory, the security update…
-
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years.The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major…
-
Nine-Year-Old Kernel Flaw Puts Linux SSH Private Keys at Risk
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, poses a serious risk to SSH private keys and other sensitive credentials. The flaw, present in the kernel since 2016, allows a local attacker to escalate from a basic shell account to full root access on many popular Linux distributions. Nine-Year-Old Kernel Flaw The issue lies…
-
Pardus Linux Vulnerability Chain Enables Complete System Takeover
A critical local privilege escalation vulnerability chain tracked as CVE-20265140 has exposed serious security weaknesses in Pardus Linux. Researchers revealed that the flaws allow any unprivileged local user to gain full root access without authentication, potentially leading to complete system compromise within seconds. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-5140-pardus-linux-root-access-flaw/
-
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure.The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database abstraction…
-
Menschliches Verhalten weiterhin kritische Schwachstelle der Cybersicherheit
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/mensch-verhalten-kritisch-schwachstelle-cybersicherheit
-
Menschliches Verhalten weiterhin kritische Schwachstelle der Cybersicherheit
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/mensch-verhalten-kritisch-schwachstelle-cybersicherheit
-
Menschliches Verhalten weiterhin kritische Schwachstelle der Cybersicherheit
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/mensch-verhalten-kritisch-schwachstelle-cybersicherheit
-
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…
-
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/patch-now-critical-flaw-ot-robot-os
-
Microsoft issues YellowKey mitigation, no patch yet
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS…
-
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/verizon-2026-dbir-findings/
-
Critical flaw in software powering a third of the internet is already being exploited free checker now available
A critical security vulnerability in NGINX, the web server software underpinning more than 30% of all websites globally, has been confirmed as actively exploited in the wild, less than a week after its public disclosure. The flaw, tracked as CVE-2026-42945 and dubbed ‘NGINX Rift’, carries a severity score of 9.8 out of 10. It affects…
-
Critical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious Images
A newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows to read and write metadata in images, PDFs, and multimedia files. Its flexibility and integration into automation…
-
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours. First seen on hackread.com Jump to article: hackread.com/verizon-dbir-ai-hackers-exploit-vulnerabilities-breaches/
-
Exploit released for new PinTheft Arch Linux root escalation flaw
PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/linux/exploit-released-for-new-pintheft-arch-linux-root-escalation-flaw/
-
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.”Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as…
-
Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access
A critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users to gain full root access without authentication. The issue, rated CVSS 9.3 (Critical), affects the pardus-update package and stems from a combination of three distinct flaws that, when chained together, enable complete system compromise within seconds. Pardus Linux…
-
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
Verizon DBIR finds 31% of data breaches began with software flaws last year First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/verizon-dbir-exploits-top-access/
-
Microsoft provides mitigation for >>YellowKey<< BitLocker bypass flaw (CVE-2026-45585)
Microsoft is working on a fix for CVE-2026-45585 (aka >>Yellowkey<<), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/yellowkey-bitlocker-mitigation-cve-2026-45585/
-
DirtyDecrypt: PoC Released for yet another Linux flaw
DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, this time with a working proof-of-concept already out in the open. The flaw was discovered and…
-
Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/