Tag: vulnerability
-
Critical GitHub RCE bug exposed millions of repositories
Full compromise across tenants: In its analysis, Wiz detailed how the issue could be escalated from initial command execution to full remote code execution on affected systems.”On GitHub.com, this vulnerability allowed remote code execution on shared storage nodes. We confirmed that millions of public and private repositories belonging to other users and organizations were accessible…
-
Critical GitHub RCE bug exposed millions of repositories
Full compromise across tenants: In its analysis, Wiz detailed how the issue could be escalated from initial command execution to full remote code execution on affected systems.”On GitHub.com, this vulnerability allowed remote code execution on shared storage nodes. We confirmed that millions of public and private repositories belonging to other users and organizations were accessible…
-
Cursor AI Extension Flaw Exposes Developer Tokens to Credential Theft
Security researchers at LayerX have uncovered a high-severity vulnerability in the popular AI-powered development environment, Cursor. Dubbed >>CursorJacking,<< this flaw carries a CVSS score of 8.2 and exposes developers to immediate credential theft. Any installed extension can silently access a user's API keys and session tokens without requiring special permissions or user interaction. Standard security…
-
Cursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers’ Machines
A newly disclosed high-severity vulnerability in the Cursor AI-powered coding environment could allow attackers to execute arbitrary code on a developer’s machine, raising fresh concerns about the security of AI-assisted development workflows. The vulnerability was officially published by Cursor in February 2026, following remediation efforts. Researchers emphasized that testing was conducted under strict ethical guidelines…
-
Cursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers’ Machines
A newly disclosed high-severity vulnerability in the Cursor AI-powered coding environment could allow attackers to execute arbitrary code on a developer’s machine, raising fresh concerns about the security of AI-assisted development workflows. The vulnerability was officially published by Cursor in February 2026, following remediation efforts. Researchers emphasized that testing was conducted under strict ethical guidelines…
-
Cursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers’ Machines
A newly disclosed high-severity vulnerability in the Cursor AI-powered coding environment could allow attackers to execute arbitrary code on a developer’s machine, raising fresh concerns about the security of AI-assisted development workflows. The vulnerability was officially published by Cursor in February 2026, following remediation efforts. Researchers emphasized that testing was conducted under strict ethical guidelines…
-
CISA Warns of ConnectWise ScreenConnect Flaw Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in ConnectWise ScreenConnect. CVE-2024-1708 is currently being exploited in real-world attacks. Because of this active threat, CISA officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 28, 2026. This addition serves as a major…
-
CISA Warns of ConnectWise ScreenConnect Flaw Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in ConnectWise ScreenConnect. CVE-2024-1708 is currently being exploited in real-world attacks. Because of this active threat, CISA officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 28, 2026. This addition serves as a major…
-
CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)
Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/
-
CISA orders feds to patch Windows flaw exploited as zero-day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-flaw-exploited-in-zero-day-attacks/
-
Critical cPanel Authentication Vulnerability Identified, Update Your Server Immediately
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software.The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions -11.110.0.9711.118.0.6311.126.0.5411.132.0.29 First seen on…
-
GitHub Fixes Critical RCE Bug CVE-2026-3854 Within Hours of Discovery
Tags: cloud, cve, cvss, cybersecurity, flaw, github, infrastructure, rce, remote-code-execution, vulnerabilityCybersecurity researchers have revealed critical details about a newly identified RCE vulnerability, tracked as CVE-2026-3854, affecting both GitHub’s cloud infrastructure and GitHub Enterprise Server deployments. The flaw, which carries a high CVSS score of 8.7, could allow an authenticated user to execute arbitrary code on affected systems with a single crafted First seen on thecyberexpress.com…
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories. First seen on hackread.com Jump to article: hackread.com/cursor-ai-ide-vulnerability-code-execution-git-hooks/
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2024-02-21 is a path traversal vulnerability…
-
Vimeo Confirms Data Breach After Hackers Access User Database
Tags: access, breach, cyber, data, data-breach, hacker, risk, security-incident, software, supply-chain, vulnerabilityVimeo has officially confirmed a data breach affecting its user database. The security incident did not originate with Vimeo, but rather with Anodot, a third-party analytics vendor used by the video hosting platform. This event highlights the ongoing risks associated with software supply chains, where a vulnerability in one vendor can compromise multiple downstream companies.…
-
CISA Warns of Windows Shell Zero-Day Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windows, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered zero-day vulnerability affecting Microsoft Windows. On April 28, 2026, the agency officially added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) catalog. This critical flaw involves a failure of a protection mechanism within the Microsoft Windows Shell, and active exploitation…
-
Purple Team
Purple Team Simulation Contact Us Solution Brief Overview Today’s cyber threats are no longer theoretical. Attackers operate with patience, precision, and a clear understanding of how to exploit gaps across technology, process, and people. Traditional security assessments often identify vulnerabilities, but they do not always answer the questions executives and security leaders care about most:……
-
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be…
-
GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution
Wiz Research has identified a critical remote code execution (RCE) vulnerability, tracked as CVE-2026-3854, deeply embedded within GitHub’s internal git infrastructure. This high-severity flaw enabled any authenticated user to execute arbitrary commands on backend servers using a single standard git push command. The vulnerability originates from an improper neutralization of special elements during repository push operations. GitHub’s…
-
More fake extensions linked to GlassWorm found in Open VSX code marketplace
Tags: control, marketplace, monitoring, open-source, risk, software, supply-chain, tool, update, vulnerabilityAdvice for developers: Janca said developers who want to reduce their exposure to the GlassWorm campaign should start with the basics: install fewer extensions and treat each one as a dependency with real risk attached. Disable auto-update so you control when updates are applied, and carefully evaluate each one. Use a next-generation SCA tool that covers…
-
OT Cybersecurity Frozen Out by Frontier Labs
Exclusion of OT From AI-Powered Vulnerability Discovery Poses Risks to National Security. Hyperscalers and IT behemoths are on the list, while OT companies are not. The list in question includes the companies that have special access to powerful new models from the two major U.S. frontier AI labs to identify vulnerabilities before hackers get access…
-
CVE-2026-3854 GitHub flaw enables remote code execution
Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise…
-
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw/
-
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Tags: access, cve, cybersecurity, flaw, github, injection, rce, remote-code-execution, vulnerabilityCybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command.The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to…
-
Researchers Find 38 Flaws in OpenEMR. They’ve Been Fixed
AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity Vulnerabilities. Researchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems. First seen on govinfosecurity.com Jump to…