Tag: vulnerability
-
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw.”Improper verification of cryptographic First…
-
Anthropic bets on EPSS for the coming bug surge
Tags: ai, cisco, ciso, cloud, crowdstrike, cve, cvss, cyber, data, exploit, flaw, government, Hardware, healthcare, infrastructure, network, update, vulnerabilitySecurity leaders weigh promise versus reality: Security vendors are increasingly incorporating EPSS scores into their systems.According to Roytman, EPSS has been incorporated into more than 120 security vendors’ products, including CrowdStrike, Cisco, Palo Alto Networks, Qualys, and Tenable platforms.”I do not think other CISOs realize how broadly EPSS has been adopted, but that adoption is…
-
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution.The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system.”Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal,” according to First…
-
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/
-
Microsoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
Microsoft has issued an emergency out-of-band security update to address a severe vulnerability within the .NET framework. The critical release of .NET 10.0.7 patches an Elevation of Privilege flaw that inadvertently surfaced after a recent routine system update. Out-of-band patches bypass normal release schedules and indicate a pressing threat, meaning organizations relying on ASP.NET Core…
-
EoL-Versionen betroffen – 17 Jahre alte Excel-Schwachstelle wird sehr wahrscheinlich ausgenutzt
Tags: vulnerabilityFirst seen on security-insider.de Jump to article: www.security-insider.de/cisa-warnung-alte-excel-luecke-cve-2009-0238-eol-office-a-edd4c5759d21c8dd74515aea8931936e/
-
Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150
CTO says new AI model is “every bit as capable” as world’s best security researchers. First seen on arstechnica.com Jump to article: arstechnica.com/ai/2026/04/mozilla-anthropics-mythos-found-271-zero-day-vulnerabilities-in-firefox-150/
-
Oracle April 2026 Critical Patch Update Addresses 241 CVEs
Oracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates. Key takeaways: The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates 34 issues (7.1% of all patches) were assigned a critical severity rating Oracle Communications received the highest…
-
Mozilla: Anthropic’s Mythos found 271 zero-day vulnerabilities in Firefox 150
CTO says new AI model is “every bit as capable” as world’s best security researchers. First seen on arstechnica.com Jump to article: arstechnica.com/ai/2026/04/mozilla-anthropics-mythos-found-271-zero-day-vulnerabilities-in-firefox-150/
-
Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered
Tags: ai, apache, cybersecurity, defense, exploit, flaw, infrastructure, LLM, software, tool, update, vulnerabilityCSO. “In a world where an LLM can help an attacker weaponize a bug the second it’s announced, taking 12 days to patch is essentially a suicide note for your network”.Vulnerable are versions of ActiveMQ and ActiveMQ Broker before 5.19.4, and 6.0 to before 6.2.3; this means the flaw could have been exploited for over…
-
500,000 Vulnerabilities, 14 That Matter: How Exploit Chain Analysis Cuts Through the Noise
When 500,000 Findings Hide 14 Real Threats Modern enterprises ingest vulnerability data from dozens of sources: endpoint detection and response platforms, vulnerability scanners, cloud security posture tools, container image scanners. A large organization can easily accumulate hundreds of thousands of individual findings. The standard response is to sort by CVSS score, filter for criticals, and……
-
Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns
Microsoft vulnerabilities fall, but critical flaws double, BeyondTrust report highlights rising risk in Microsoft Office, Azure, and cloud systems. First seen on hackread.com Jump to article: hackread.com/microsoft-vulnerabilities-drop-critical-flaws-double/
-
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex SerialIP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed First seen on thehackernews.com Jump…
-
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex SerialIP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed First seen on thehackernews.com Jump…
-
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex SerialIP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed First seen on thehackernews.com Jump…
-
Forescout Uncovers New Security Risks in Widely Used Industrial Networking Devices
Cybersecurity firm Forescout has identified 22 previously unknown vulnerabilities in serial-to-IP converters, devices commonly used to connect legacy industrial equipment to modern networks. The company warns that thousands of these systems are currently exposed online, potentially increasing the risk of cyberattacks across critical infrastructure sectors. The findings are part of a new research initiative called…
-
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex SerialIP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed First seen on thehackernews.com Jump…
-
CISA confirms exploitation of 3 more Cisco networking device vulnerabilities
Cisco revealed six critical flaws in widely used products in February. The government has now seen evidence that hackers are abusing four of them. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-cisco-vulnerabilities-sd-wan-confirm-exploitation/818064/
-
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool
-
Security Challenges in Generative AI Platforms
Explore key security challenges in generative AI platforms, including risks, vulnerabilities, and strategies to protect data and AI systems. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/security-challenges-in-generative-ai-platforms/
-
CISA flags new SD-WAN flaw as actively exploited in attacks
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-new-sd-wan-flaw-as-actively-exploited-in-attacks/
-
SerialIP Devices Hide Thousands of Old & New Bugs
The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/serial-ip-devices-thousands-of-bugs
-
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Cybersecurity researchers have discovered a vulnerability in Google’s agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.The flaw, since patched, combines Antigravity’s permitted file-creation capabilities with an insufficient input sanitization in Antigravity’s native file-searching tool, find_by_name, to bypass the program’s Strict First seen on thehackernews.com Jump to article: thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html
-
CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)
CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/cisa-flags-another-cisco-catalyst-sd-wan-manager-bug-as-exploited-cve-2026-20133/
-
CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)
CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/cisa-flags-another-cisco-catalyst-sd-wan-manager-bug-as-exploited-cve-2026-20133/
-
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/
-
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/
-
Claude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub Comments
Comment and Control prompt injection vulnerabilities discovered in AI agents, including Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent. The research, spearheaded by Aonan Guan and Johns Hopkins University researchers, highlights critical architectural flaws in how these AI tools process untrusted user input within GitHub workflows. The Architecture of >>Comment and…
-
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Cybersecurity researchers have discovered a vulnerability in Google’s agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.The flaw, since patched, combines Antigravity’s permitted file-creation capabilities with an insufficient input sanitization in Antigravity’s native file-searching tool, find_by_name, to bypass the program’s Strict First seen on thehackernews.com Jump to article: thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html