Tag: vulnerability
-
Squid proxy vulnerability dubbed Squidbleed discovered
Tags: vulnerabilityFirst seen on scworld.com Jump to article: www.scworld.com/brief/squid-proxy-vulnerability-dubbed-squidbleed-discovered
-
4 vulnerabilities in Dify expose cross-tenant data
First seen on scworld.com Jump to article: www.scworld.com/brief/four-vulnerabilities-in-dify-expose-cross-tenant-data
-
White House drastically shortens deadline for dropping quantum-vulnerable crypto
Order warns of national security risks if post-quantum cryptography isn’t adopted in time. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/06/executive-order-bumps-up-deadline-to-move-off-quantum-vulnerable-crypto/
-
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/
-
FFmpeg PixelSmash Vulnerability Enables Remote Code Execution
Tags: vulnerabilityPixelSmash, a FFmpeg vulnerability, could allow specially crafted media files to trigger remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ffmpeg-pixelsmash-vulnerability-enables-remote-code-execution/
-
DifyTap: Four Bugs Put over 1 million AI Apps at Risk
Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilities in Dify, the open-source AI platform used by major companies like Volvo and Maersk to run over a million applications across over 60 industries. Two vulnerabilities are of critical…
-
‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking
Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today. First seen on hackread.com Jump to article: hackread.com/cordyceps-ci-cd-flaw-microsoft-google-apache-repos-hijack/
-
‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking
Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today. First seen on hackread.com Jump to article: hackread.com/cordyceps-ci-cd-flaw-microsoft-google-apache-repos-hijack/
-
10 Major Cyberattacks And Data Breaches In 2026 (So Far)
Major cyberattacks and data breaches in 2026 so far include attacks against Cisco and Fortinet devices as well as Microsoft environments, while AI-driven vulnerability discovery showed signs of increasing. First seen on crn.com Jump to article: www.crn.com/news/security/2026/10-major-cyberattacks-and-data-breaches-in-2026-so-far
-
The Exploit Doesn’t Exist. You Can Still Prove It Works Against You
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-exploit-doesnt-exist-you-can-still-prove-it-works-against-you/
-
Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations
A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any one tool; it is a systemic class of insecure workflow compositions. Command injection, broken authentication…
-
Five Eyes Agencies Warn AI Is Accelerating Cyber Threats and Zero-Day Exploitation
The Five Eyes cyber security agencies have issued a joint warning that artificial intelligence is rapidly accelerating cyber threats, including the exploitation of zero day vulnerabilities, and urged organizations to act immediately. In a statement released on June 22, 2026, senior leaders from agencies across the United States, United Kingdom, Canada, Australia, and New Zealand…
-
DifyTap Flaws Expose AI Data Across Tenants on Platform Powering 1M+ Apps
A series of critical vulnerabilities in the widely used open-source LLMOps platform Dify, which powers over one million AI applications. These vulnerabilities, collectively referred to as “DifyTap,” include four flaws, two rated as critical and two that require no authentication. They expose cross-tenant data leakage risks, allowing attackers to access private AI conversations, preview sensitive…
-
DifyTap Bugs Let Attackers ‘Wiretap’ AI Chat Histories
Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/difytap-bugs-wiretap-ai-chat-histories
-
Schwachstellen-Benchmark – GPT-5.5-Cyber von OpenAI übertrifft Claude Mythos 5
Codex Security kann nun automatisiert Schwachstellen analysieren und beheben. Erste Benchmarks sehen das KI-Modell vor Claude Mythos 5. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/schwachstellen-benchmark-gpt-5-5-cyber-von-openai-uebertrifft-claude-mythos-5.98051
-
Neue Initiative von OpenAI – ‘Patch the Planet” soll kritische Open-Source-Software stärken
Bei ‘Patch the planet” sollen KI-Sicherheitsanalysen mit menschlicher Expertise kombiniert werden, um Schwachstellen schneller zu erkennen. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/neue-initiative-von-openai-patch-the-planet-soll-kritische-open-source-software-staerken.98050
-
Neue Initiative von OpenAI – ‘Patch the Planet” soll kritische Open-Source-Software stärken
Bei ‘Patch the planet” sollen KI-Sicherheitsanalysen mit menschlicher Expertise kombiniert werden, um Schwachstellen schneller zu erkennen. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/neue-initiative-von-openai-patch-the-planet-soll-kritische-open-source-software-staerken.98050
-
OpenAI wants AI to fix vulnerabilities, not just find them
OpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/openai-expanded-daybreak-cybersecurity-initiative/
-
Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files
A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw, tracked as CVE-2026-8461 and named “PixelSmash,” affects the MagicYUV decoder within FFmpeg’s libavcodec library and has a CVSS score of 8.8. Discovered by JFrog Security Research, the vulnerability arises from a heap out-of-bounds…
-
Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets
A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by sending specially crafted SSH packets. The vulnerability, tracked as CVE-2026-55200, has a CVSS score of 9.2 and affects libssh2 versions up to and including 1.11.1. The issue has been resolved in…
-
Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials
Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users’ HTTP data through a memory overread. Researchers at Calif.io have disclosed CVE-2026-47729, a memory leak vulnerability in Squid Proxy that was introduced in 1997 and has remained undetected through nearly three decades of releases, audits, and rewrites. They named it…
-
OpenAI Launches Daybreak to Automate Vulnerability Patching With GPT-5.5-Cyber
OpenAI has announced Daybreak, a new cybersecurity initiative aimed at automating vulnerability patching on a large scale using its latest GPT-5.5-Cyber model. This marks a shift from merely discovering vulnerabilities to focusing on end-to-end remediation. The initiative addresses a growing challenge in the industry, AI-driven tools have greatly accelerated vulnerability identification, leaving organizations struggling to…
-
29-Year-Old Squid Proxy Vulnerability Exposes Authorization Headers and API Keys
A recently disclosed vulnerability in Squid Proxy, tracked as CVE-2026-47729 and referred to as “Squidbleed,” is exposing sensitive user data, including HTTP authorization headers and API keys. This issue arises from a decades-old memory-handling flaw in Squid’s codebase, dating back to at least 1997. It affects default configurations and illustrates how support for legacy protocols…
-
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI on Monday said it’s releasing an improved version of its GPT”‘5.5″‘Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month.Calling GPT”‘5.5″‘Cyber its “strongest model yet for finding and helping patch software vulnerabilities,” OpenAI said the model can “sustain deeper analysis across large codebases” to identify…
-
AryStinger Botnet Converts Legacy Routers to Global Proxies
Research Links 4,300 End-of-Life D-Link Routers to Attack Staging. The AryStinger botnet is exploiting decade-old vulnerabilities in outdated and unsupported routers, turning aging devices into a proxy network for scanning targets, hiding threat actor activity and laying the groundwork for future cyberattacks First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/arystinger-botnet-converts-legacy-routers-to-global-proxies-a-32045
-
AryStinger Botnet Converts Legacy Routers to Global Proxies
Research Links 4,300 End-of-Life D-Link Routers to Attack Staging. The AryStinger botnet is exploiting decade-old vulnerabilities in outdated and unsupported routers, turning aging devices into a proxy network for scanning targets, hiding threat actor activity and laying the groundwork for future cyberattacks First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/arystinger-botnet-converts-legacy-routers-to-global-proxies-a-32045
-
OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses
Tags: cyber, cybersecurity, defense, detection, incident response, openai, resilience, service, threat, vulnerabilityDaybreak Cyber Partner Program Extends GPT-5.5 Beyond Internal Security Use. OpenAI’s new Daybreak Cyber Partner Program allows 29 cybersecurity vendors, service providers and integrators to embed GPT-5.5 capabilities into customer-facing products and services, aiming to accelerate vulnerability remediation, threat detection, incident response and cyber resilience at scale. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/openai-lets-cyber-vendors-embed-gpt-55-in-defenses-a-32040
-
Microsoft fixes AutoGen Studio flaw that enabled code execution
A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-fixes-autogen-studio-flaw-that-enabled-code-execution/
-
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers’ applications without requiring authentication.The vulnerabilities have been collectively codenamed DifyTap by Zafran Security. First seen on thehackernews.com Jump to article:…
-
QNAP Fixes 14 Vulnerabilities in QTS, QuTS Hero, QuTS Cloud, and QVP
QNAP has issued security advisory QSA-26-10, which addresses 14 vulnerabilities affecting its widely used NAS and surveillance platforms, including QTS, QuTS hero, QuTS cloud, and QVP (QVR Pro appliances). These vulnerabilities were disclosed on April 6, 2026, and are categorized as having “Important” severity. They impact the following versions: QTS 5.2.7, QuTS hero h5.2.8, QuTS…