Tag: vulnerability
-
46 Vulnerability Statistics 2026: Key Trends in Discovery, Exploitation, and Risk
Vulnerability attacks rose 56% in 2025. Explore 46 statistics on CVE disclosure, exploitation patterns, and industry impact to guide your 2026 security strategy. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/46-vulnerability-statistics-2026-key-trends-in-discovery-exploitation-and-risk/
-
How we made Trail of Bits AI-native (so far)
Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerabilityThis post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
-
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets
ey Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf software installed in the targets’ environment. The investigation led to the discovery of a zero-day vulnerability in the TrueConf client, tracked asCVE-2026-3502with aCVSS score of 7.8.…
-
ChatGPT Security Issue Enabled Data Theft via Single Prompt
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chatgpt-security-issue-steal-data/
-
The AI Arms Race Why Unified Exposure Management Is Becoming a Boardroom Priority
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments.This is the defining challenge of the new era of digital warfare: the…
-
Passkey-Schwachstelle bei Google Authenticator
Eine aktuelle Recherche zeigt, dass das Passkey-Ökosystem von Google, das darauf ausgelegt ist, Passwörter zu ersetzen, unbeabsichtigt neue Angriffswege eröffnen könnte. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/passkey-schwachstelle-google-authenticator
-
Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild
F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately. First seen on hackread.com Jump to article: hackread.com/critical-f5-big-ip-flaw-upgrad-to-9-8-rce-exploited/
-
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network Graphics (PNG) image files. These critical flaws allow remote attackers to trigger process crashes, leak sensitive heap memory, and potentially achieve arbitrary code execution by tricking applications into processing specially crafted, standards-compliant PNG images. Both vulnerabilities require…
-
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. In March, Citrix issued security updates for two NetScaler vulnerabilities,…
-
CISA orders feds to patch actively exploited Citrix flaw by Thursday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-citrix-flaw-by-thursday/
-
ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information
Artificial intelligence assistants increasingly handle our most sensitive data, operating under the assumption that enclosed environments keep this information secure. However, a newly disclosed vulnerability in ChatGPT shattered this expectation. Discovered by Check Point Research, this flaw exploited the isolated code execution runtime to establish a covert outbound communication channel, effectively turning standard chat sessions…
-
Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-f5-big-ip-flaw-in-attacks-patch-now/
-
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to uncover zero-day Remote Code Execution (RCE) flaws in both Vim and Emacs. The discoveries show that merely opening a malicious file in these popular text editors could allow attackers to execute arbitrary code and fully…
-
Notepad++ v8.9.3 Released With Fixes for cURL Security Flaw and Crash Bugs
Notepad++ rolled out version 8.9.3, an important update addressing a notable cURL security vulnerability and resolving multiple crash bugs. Alongside these vital security patches, this release marks the official completion of the application’s migration to a new XML parser, significantly improving the performance of configuration file operations. The most critical aspect of the v8.9.3 update…
-
F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fortinet-big-ip-vulnerability-reclassified-rce-exploitation
-
OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw. First seen on hackread.com Jump to article: hackread.com/openai-codex-vulnerability-steal-github-tokens/
-
Fortinet BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fortinet-big-ip-vulnerability-reclassified-rce-exploitation
-
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point.”A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in First…
-
Critical Citrix NetScaler memory flaw actively exploited in attacks
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-citrix-netscaler-memory-flaw-actively-exploited-in-attacks/
-
Storm Brews Over Critical, No-Click Telegram Flaw
The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/storm-brews-critical-no-click-telegram-flaw
-
Under Fire: Attackers Target Flaws in F5 and Citrix Gear
F5 Revises Severity of Flaw Disclosed Last Year. Flaws in major application delivery and security platforms and VPN gateways are being actively exploited or targeted. Under fire: a vulnerability in F5 BIG-IP Access Policy Manager can facilitate remote code execution, and a memory overread flaw in NetScaler Application Delivery Controller. First seen on govinfosecurity.com Jump…
-
Schwachstelle bei ChatGPT erlaubte Konversationsdaten auszulesen
Die Sicherheitsforscher von Check Point Research haben eine bislang unbekannte Sicherheitslücke aufgedeckt, die es ermöglichte, sensible ChatGPT-Konversationsdaten unbemerkt ohne Wissen oder Zustimmung der Nutzer abzusaugen. Inzwischen hat OpenAI die Lücke geschlossen. Die entdeckte Schwachstelle zeigt, KI-Plattformen müssen wie Cloud- und Computing-Infrastruktur behandelt werden. Die integrierte Sicherheit beseitigt Risiken nicht. Unternehmen können sich nicht […] First…
-
It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies
A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction.…
-
Citrix NetScaler bug exploited in days, may be multiple flaws in a trench coat
Researchers say attackers are already looting vulnerable boxes First seen on theregister.com Jump to article: www.theregister.com/2026/03/30/citrix_netscaler_flaw/
-
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)
A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/forticlient-ems-cve-2026-21643-reported-exploitation/
-
India Set to Ban Hikvision, TP-Link Devices in April
Starting April 1, 2026, the Indian government will officially enforce a nationwide ban on the sale of internet-connected CCTV cameras from major Chinese manufacturers, including Hikvision, Dahua, and TP-Link. This decisive market restriction is fundamentally driven by escalating national security concerns. Officials aim to eliminate inherent hardware vulnerabilities that could potentially enable foreign espionage operations…
-
Critical Citrix NetScaler Vulnerability Exploited in the Wild
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-citrix-netscaler/