Tag: vulnerability
-
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
Emergency patches out now for those managing the millions of domains assumed to be affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/cpanel_whn_cves/
-
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows an authenticated administrator to execute arbitrary commands with root privileges. ASUSTOR has since addressed the…
-
Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.
Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities, flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy […]…
-
Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.
Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities, flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy […]…
-
Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.
Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities, flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy […]…
-
Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.
Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities, flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy […]…
-
Bug of the year (so far)? Nasty cPanel vulnerability probably exploited as a 0-day
Emergency patches out now for those managing the millions of domains assumed to be affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/cpanel_whn_cves/
-
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session…
-
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session…
-
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions
Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root.The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori.”An unprivileged local user can write four controlled bytes into the page cache of any readable…
-
Wasn’t Visibility Supposed to Fix This?
Tags: vulnerabilityExposure management needs more than visibility. Learn how context, workflows and execution drive real vulnerability remediation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/wasnt-visibility-supposed-to-fix-this/
-
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs
The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could allow threat actors to execute arbitrary code or hijack user sessions. All vulnerabilities were responsibly disclosed through the Jenkins Bug Bounty Program, which the…
-
Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals
Tags: ai, api, application-security, attack, automation, banking, business, container, control, crime, cyber, cybercrime, data, defense, detection, exploit, finance, fraud, identity, infrastructure, intelligence, Internet, LLM, malicious, monitoring, resilience, risk, service, threat, tool, vulnerabilityBad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals josh.pearson@t“¦ Thu, 04/30/2026 – 07:31 The modern internet is becoming less human by the day. Bot traffic is increasing, and human traffic is shrinking. Malicious automated traffic is getting harder to spot. The Thales 2026 Bad Bot Report, now in it’s…
-
9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access
Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algif_aead to stay secure. First seen on hackread.com Jump to article: hackread.com/linux-kernel-vulnerability-copy-fail-full-root-access/
-
Qinglong Task Scheduler RCE Flaws Exploited in the Wild
Tags: authentication, cyber, exploit, flaw, hacker, malware, open-source, rce, remote-code-execution, vulnerabilityHackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is a self-hosted task management platform used by developers to automate background tasks using Python, JavaScript, Shell, and TypeScript scripts. With…
-
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems.”The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,” First seen on…
-
KI-Sicherheitslücken bei NVIDIA und Meta gefährden Unternehmen
Neue Schwachstellen in KI-Frameworks von NVIDIA und Meta zeigen, wie schnell moderne KI-Infrastrukturen zum Einfallstor für Cyberangriffe werden können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ki-sicherheitslucken-nvidia-und-meta
-
SonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash Firewalls
SonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, manipulate restricted files, and intentionally crash critical firewall infrastructure. The most severe of the three bugs carries a high-severity score,…
-
Linux Kernel 0-Day “Copy Fail” Grants Root Access Across Major Distros Since 2017
Security researchers have disclosed a critical zero-day vulnerability in the Linux kernel dubbed >>Copy Fail<< (CVE-2026-31431), which allows unprivileged local users to gain root access. Using a tiny 732-byte Python script, attackers can exploit a logic flaw present in major Linux distributions released since 2017. Copy Fail is a local privilege escalation (LPE) vulnerability found…
-
EUVD-2026-24742 / CVE-2026-41651 – Telekom entdeckt 12 Jahre alte Linux-Root-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/pack2theroot-root-exploit-packagekit-cve-2026-41651-a-fe528109a86253ae2b0a7c51fe970808/
-
Coming Soon: AI-Scan OpenClaw Ecosystem Security Scanning Capabilities
As the OpenClaw ecosystem continues to surge in popularity, more customers are deploying and utilizing these AI agents on a large scale. However, this growth has brought significant security challenges to the forefront, including over 33 documented CVE vulnerabilities, 288+ GHSA security advisories, the rise in malicious Skills, and frequent memory poisoning attacks. The NSFOCUSLLM……
-
SailPoint CEO: The ‘Tailwind Is Picking Up’ On Securing AI Agents
In an interview with CRN, SailPoint CEO Mark McClain discusses the security implications of rising agentic adoption and AI-powered vulnerability discovery tools such as Anthropic’s Claude Mythos Preview. First seen on crn.com Jump to article: www.crn.com/news/security/2026/sailpoint-ceo-the-tailwind-is-picking-up-on-securing-ai-agents
-
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vulnerability, an SQL injection in the proxy API key verification process, lets attackers access and potentially modify database…
-
cPanel Vulnerability Exposes Servers to Takeover
A cPanel flaw allows authentication bypass and risks full server compromise, prompting urgent patching. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cpanel-vulnerability-exposes-servers-to-takeover/
-
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Tags: authentication, exploit, flaw, hacker, open-source, rce, remote-code-execution, tool, vulnerabilityHackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cryptomining/
-
Reverse Engineering With AI Unearths High-Severity GitHub Bug
Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/reverse-engineering-ai-unearths-high-severity-github-bug
-
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog
Russia has used one of the flaws, security experts said, while North Korea has used the other. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-microsoft-connectwise-kev-update/818817/
-
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog
Russia has used one of the flaws, security experts said, while North Korea has used the other. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-microsoft-connectwise-kev-update/818817/
-
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog
Russia has used one of the flaws, security experts said, while North Korea has used the other. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-microsoft-connectwise-kev-update/818817/
-
cPanel, WHM emergency update fixes critical auth bypass bug
A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug/