Tag: vulnerability
-
Cisco fixed four critical flaws in Identity Services and Webex
Cisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code and impersonate any user within the affected services. The issues pose serious security risks, prompting…
-
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, including Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple,…
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Cisco fixed four critical flaws in Identity Services and Webex
Cisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code and impersonate any user within the affected services. The issues pose serious security risks, prompting…
-
Chrome Privacy Vulnerability Exposes Users via Fingerprinting and Header Leaks
A new technical review of Google Chrome’s privacy posture shows that modern tracking no longer depends only on cookies, because websites can combine browser fingerprinting, storage tricks, and HTTP header leaks to identify users with surprising accuracy. Chrome has reduced some obvious signals, but many high-value surfaces such as canvas rendering, WebGL, audio processing, Client…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access
An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint,…
-
Critical Cisco ISE Flaws Let Remote Attackers Execute Malicious Code
Networking giant Cisco has issued an urgent security advisory warning of two newly discovered vulnerabilities impacting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Cisco Identity Services Engine (ISE) is a widely deployed security policy management platform that provides secure access to enterprise network resources. The most severe of these new flaws…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, office, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability…
-
Cisco Webex Vulnerability Allows User Impersonation Attacks
Cisco has released an urgent security advisory warning organizations of a critical vulnerability in its Webex communication platform. Tracked as CVE-2026-20184, this severe flaw could allow unauthenticated, remote attackers to entirely bypass security checks and impersonate any legitimate user within the service. Understanding the Vulnerability According to the official Cisco Security Advisory published on April…
-
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
What are the real threat vectors for our organization?What’s actually exploitable in our environment right now?What should we proactively fix?The platform monitors thousands of threat sources, contextualizes them against a user’s actual attack surface, and puts that intelligence to work across hunt, detection, and exposure management use cases. One platform. Answers, not alerts.Modern teams receive…
-
PHP Composer flaws enable remote command execution via Perforce VCS
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining…
-
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a…
-
Production-first Security: Why Runtime Intelligence Should Drive Application Security
<div cla TL;DR Traditional application security focuses on finding vulnerabilities before code ships. However, pre-production scanning identifies theoretical risks while production reveals what is actually reachable, exploitable, and under active attack. Production-first security leverages runtime intelligence to prioritize remediation, giving teams visibility into real-world attack patterns rather than hypothetical weaknesses. First seen on securityboulevard.com Jump…
-
PHP Composer flaws enable remote command execution via Perforce VCS
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining…
-
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.The details of the vulnerabilities are below -CVE-2026-20184 (CVSS score: 9.8) – An improper certificate validation in the integration of single sign-on…
-
Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching
Tags: ai, business, cvss, cyberattack, data, exploit, LLM, mitigation, network, remote-code-execution, risk, strategy, supply-chain, threat, tool, update, vulnerability, vulnerability-managementSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuous exposure management. Key takeaways Even in previews, powerful AI models like Claude Mythos show us how quickly…
-
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201, already…
-
NIST limits vulnerability analysis as CVE backlog swells
The agency will stop adding detailed information to vulnerabilities that don’t meet certain criteria. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-vulnerability-analysis-criteria-nvd-cve/817683/
-
NIST to limit work on CVE entries as submissions surge
NIST said it will only add details and information to the records of vulnerabilities that meet a certain threshold, changing a longstanding mission to categorize every CVE, which stands for cybersecurity vulnerabilities and exposures. First seen on therecord.media Jump to article: therecord.media/nist-to-limit-work-on-cve-entries-surge
-
Rethinking Cybersecurity for AI Speed in the Mythos Era
Equifax CTO Jamil Farshchi on Cybersecurity’s Response to Flood of Vulnerabilities. Cybersecurity organizations must adapt to machine-speed threats in the age of Anthropic’s Claude Mythos, a new AI model that can uncover vulnerabilities and lead to a flood of repaid exploits. Equifax CTO Jamil Farshchi says security programs must be built for scale, automation and…
-
Vorbereitung auf offensive KI: Neue Anforderungen an die Sicherheitsbewertung von IT”‘Infrastrukturen
Die rasante Entwicklung offensiver künstlicher Intelligenz verändert die Bedrohungslandschaft für Unternehmen grundlegend. Autonome Systeme sind inzwischen in der Lage, digitale Umgebungen selbstständig zu analysieren, Schwachstellen zu identifizieren und Exploits nahezu ohne menschliches Zutun zu entwickeln. Dadurch verkürzen sich Entwicklungs- und Angriffszyklen erheblich von ehemals Monaten auf teilweise nur noch wenige Tage. Klassische Sicherheitsansätze geraten… First…
-
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
The National Vulnerability Database will now only analyze vulnerabilities in critical software, systems used in the federal government and those under active exploitation. First seen on cyberscoop.com Jump to article: cyberscoop.com/nist-narrows-cve-analysis-nvd/
-
UK financial regulators rush to assess risks of Anthropic AI model
Banks called in by regulators as latest artificial intelligence model identifies thousands of software vulnerabilities First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641563/UK-financial-regulators-rush-to-assess-risks-of-Anthropic-AI-model
-
KI entdeckt jahrzehntealte Sicherheitslücken. Der Wendepunkt für Cybersecurity
Kommentar von Heather Ceylan, CISO at Box Mit Claude Mythos hat Anthropic ein KI-Modell vorgestellt, das in der Lage ist, tief in Codebasen einzutauchen und selbst hochkomplexe, bislang unentdeckte Schwachstellen aufzuspüren. Zwischen 16 und 27 Jahre alte Bugs und Schwachstellen, die in zentraler Infrastruktur existierten und weder durch menschliche Experten noch durch bestehende Tools… First…
-
Foxit, LibRaw vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/foxit-libraw-vulnerabilities/
-
NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes >>enrichment<< of only the most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/nist-national-vulnerability-database-nvd-enrichment/