Tag: vulnerability
-
Riddled with flaws, serialEthernet converters endanger critical infrastructure
Tags: access, authentication, control, credentials, data, data-breach, exploit, firmware, flaw, infrastructure, malicious, network, open-source, password, rce, remote-code-execution, risk, service, threat, update, vulnerabilityNew RCE and other vulnerabilities: Aside from all the known vulnerabilities from open-source components, the Forescout researchers also performed manual security analysis and identified previously unknown flaws in the firmware of three specific devices from two vendors: Lantronix EDS3000PS Series, Lantronix EDS5000 Series, and Silex SD330-AC.The web-based management interface of the Lantronix EDS5000 had five…
-
A tsunami of flaws: When frontier AI and Patch Tuesday collide
Microsoft’s April Patch Tuesday drop was the second-largest in history, falling just shy of an October 2025 record. What is behind the spike in vulnerability disclosures, and is there a connection to Anthropic’s bug-hunting Claude Mythos AI model? First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641789/A-tsunami-of-flaws-When-frontier-AI-and-Patch-Tuesday-collide
-
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Tags: access, ai, api, attack, authentication, breach, control, credentials, cve, data, framework, hacker, infrastructure, injection, LLM, remote-code-execution, risk, saas, siem, supply-chain, threat, update, vulnerabilityLast week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access…
-
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-mozilla-firefox-150-patched-271-security-flaws/
-
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-mozilla-firefox-150-patched-271-security-flaws/
-
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-mozilla-firefox-150-patched-271-security-flaws/
-
New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers/
-
prompted 2026 macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents
Author, Creator & Presenter: Olivia Gallucci, Security Engineer, Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-macos-vulnerability-research-augmenting-apples-source-code-and-os-logs-with-ai-agents/
-
Supply Chain Attacks Are Getting Worse”, How to Shrink Your Exposure
<div cla In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned 75 of 76 version tags in the process. Any pipeline that pulled trivy:latest…
-
The Invisible Threat: Business Logic Flaws in Modern Applications and Why Scanners Miss Them
<div cla In today’s security landscape, some of the most dangerous vulnerabilities aren’t flagged by automated scanners at all. These are the business logic flaws: subtle mistakes in an application’s design or workflow that malicious actors can exploit by doing the unexpected. As a result, companies can be blindsided by breaches even when their vulnerability…
-
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core
UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
-
Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers
Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Link routers, Akamai reports. The flaw allows attackers to inject commands because an attacker-controlled value is copied without…
-
Microsoft SharePoint vulnerability widely exposed across multiple countries
The disclosure comes just weeks after a prior SharePoint flaw was discovered. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-sharepoint-vulnerability-exposed-multiple-countries/818201/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
5 zentrale Schwachstellen gefährden die IT-Sicherheitslage im Mittelstand
Ransomware, Phishing, gestohlene Zugangsdaten: Cyberangriffe verursachen im Mittelstand regelmäßig spürbaren wirtschaftlichen Schaden. Der aktuelle ‘Cyber-Risikocheck für den Mittelstand” von Trufflepig IT-Forensics, dem spezialisierten Cybersecurity-Partner für den gehobenen Mittelstand und den öffentlichen Sektor im DACH-Raum, zeigt auf Basis von 273 realen Angriffssimulationen (Penetrationstests) in mittelständischen DACH-Unternehmen, wo sich Angreifern die vielversprechendsten Einfallstore bieten. Besonders relevant für…
-
Microsoft outband updates fixed critical ASP.NET Core privilege escalation flaw
Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access…
-
Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities
Mozilla has released Firefox 150 to patch 41 security vulnerabilities, including multiple high-severity flaws that could lead to remote code execution. Users should immediately update their browsers to protect against these critical memory corruption and use-after-free bugs. Critical Vulnerability Details The most dangerous flaws include use-after-free vulnerabilities in the DOM (CVE-2026-6746) and WebRTC (CVE-2026-6747) components.…
-
Google Fixes Critical RCE Flaw in AI-Based ‘Antigravity’ Tool
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool
-
Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)
Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/progress-waf-bypass-cve-2026-21876/
-
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
Atlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published as part of Atlassian’s April 21, 2026, Security Bulletin, the company’s monthly disclosure of patched vulnerabilities across…
-
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
Atlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published as part of Atlassian’s April 21, 2026, Security Bulletin, the company’s monthly disclosure of patched vulnerabilities across…
-
Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks
A critical vulnerability, tracked as CVE-2026-22752, has been disclosed in Spring Security Authorization Server, affecting organizations running Dynamic Client Registration endpoints. The flaw allows attackers to inject malicious client metadata, potentially leading to Stored Cross-Site Scripting (XSS), Privilege Escalation, and Server-Side Request Forgery (SSRF) attacks. The vulnerability was responsibly reported by security researcher Kelvin Mbogo and officially disclosed…
-
The AI era demands a different kind of CISO
When attackers can discover and exploit vulnerabilities in minutes, last quarter’s audit doesn’t mean much. CISOs need to shift from static measurement to real-time awareness — and fast. First seen on cyberscoop.com Jump to article: cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/
-
The AI era demands a different kind of CISO
When attackers can discover and exploit vulnerabilities in minutes, last quarter’s audit doesn’t mean much. CISOs need to shift from static measurement to real-time awareness — and fast. First seen on cyberscoop.com Jump to article: cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/
-
The AI era demands a different kind of CISO
When attackers can discover and exploit vulnerabilities in minutes, last quarter’s audit doesn’t mean much. CISOs need to shift from static measurement to real-time awareness — and fast. First seen on cyberscoop.com Jump to article: cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/
-
The AI era demands a different kind of CISO
When attackers can discover and exploit vulnerabilities in minutes, last quarter’s audit doesn’t mean much. CISOs need to shift from static measurement to real-time awareness — and fast. First seen on cyberscoop.com Jump to article: cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/
-
CyberSmart Partners with Renaissance to Deliver Complete Cyber Confidence for SMEs
Irish reseller Renaissance has announced a strategic partnership with CyberSmart, a UK-based cybersecurity provider focused on delivering continuous protection, compliance, and cyber risk management for small and medium-sized enterprises (SMEs). This collaboration brings CyberSmart’s cybersecurity solutions to a wider market, spanning real-time threat detection, vulnerability management, compliance assurance, and cybersecurity awareness training. Designed for simplicity…