Tag: vulnerability
-
Mondoo führt Agentic Managed Vulnerability Service ein
Die Geschwindigkeit und Genauigkeit der Mondoo-Plattform, kombiniert mit ihren tiefen Einblicken in die IT-Architektur, ermöglicht es Kunden, Probleme schnell zu beheben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/mondoo-fuehrt-agentic-managed-vulnerability-service-ein/a44173/
-
Apple patches WebKit bug that could let sites access your data
Apple has released a Background Security Improvement that silently fixes a WebKit vulnerability (CVE-2026-20643). First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/apple-patches-webkit-bug-that-could-let-sites-access-your-data/
-
Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks
Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mechanism on March 17, 2026, this targeted patch secures Apple devices against potential Same Origin Policy violations without requiring a full operating system…
-
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges.The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in…
-
BSI moniert Software-Sicherheit im Gesundheitswesen
Schwachstellen bei Praxisverwaltungssystemen hätten zu Cyberangriffen führen können.Das Bundesamt für Sicherheit in der Informationstechnik (BSI) mahnt einen besseren Schutz sensibler Gesundheitsdaten in Computer-Anwendungen von Arztpraxen, Kliniken und in der Pflege an. Die IT-Sicherheit von Softwareprodukten im Gesundheitswesen sei “ausbaufähig”, teilte das Amt nach Tests von Standardkonfigurationen verschiedener Anwendungen mit.In einem Projekt untersucht wurden demnach unter anderem vier exemplarische Praxisverwaltungssysteme.…
-
BSI moniert Software-Sicherheit im Gesundheitswesen
Schwachstellen bei Praxisverwaltungssystemen hätten zu Cyberangriffen führen können.Das Bundesamt für Sicherheit in der Informationstechnik (BSI) mahnt einen besseren Schutz sensibler Gesundheitsdaten in Computer-Anwendungen von Arztpraxen, Kliniken und in der Pflege an. Die IT-Sicherheit von Softwareprodukten im Gesundheitswesen sei “ausbaufähig”, teilte das Amt nach Tests von Standardkonfigurationen verschiedener Anwendungen mit.In einem Projekt untersucht wurden demnach unter anderem vier exemplarische Praxisverwaltungssysteme.…
-
Sicherheitslücke ermöglicht Root-Zugriff über Snap-Mechanismus in Ubuntu
Die Qualys Threat Research Unit (TRU) hat eine hochkritische Schwachstelle (CVE-2026-3888) in Standardinstallationen von Ubuntu-Desktop 24.04 und den neueren Versionen identifiziert. Die Lücke erlaubt es, einem lokal angemeldeten Angreifer mit geringen Rechten, diese auf vollständigen Root-Zugriff auszuweiten und damit die vollständige Kontrolle über das System zu erlangen. Bemerkenswert an dieser Schwachstelle ist, dass sie […]…
-
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit
Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control…
-
Critical Telnetd Vulnerability Enables Remote Code Execution Attacks
A critical buffer overflow vulnerability has been discovered in the GNU InetUtils telnetd daemon. Tracked as CVE-2026-32746, the flaw carries a maximum CVSS 3.1 score of 9.8 and allows unauthenticated attackers to execute arbitrary code with root privileges. There is no confirmed active exploitation, and the severity of the flaw demands immediate attention from network…
-
Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
Security teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations security teams still struggle to understand context: Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable attack paths to crown jewels?Even the most mature security teams can’t answer that…
-
Ubuntu Desktop Vulnerability Lets Attackers Escalate Privileges to Full Root Access
The Qualys Threat Research Unit (TRU) has disclosed a critical Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. Tracked as CVE-2026-3888, this high-severity flaw carries a CVSS v3.1 score of 7.8 and allows unprivileged local attackers to completely compromise the host system by escalating their privileges to full…
-
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit’s Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted…
-
Researchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM Access
Researchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as >>RegPwn<<. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how Windows handles registry configurations for its built-in Accessibility features."‹ Windows Accessibility features, such as the On-Screen Keyboard and Narrator, run…
-
FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion
Tags: authentication, control, cve, cvss, cyber, cybersecurity, flaw, fortinet, injection, sql, vulnerabilityCybersecurity researchers have a detailed a critical security flaw in Fortinet’s FortiClient Enterprise Management Server (EMS). Tracked as CVE-2026-21643, this severe pre-authentication SQL injection vulnerability carries a near-maximum CVSS severity score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and gain total control over the underlying database. The flaw specifically targets multi-tenant…
-
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges.The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in…
-
AWS Bedrock AgentCore Sandbox Bypass Enables Stealthy C2 and Data Exfiltration
A newly disclosed vulnerability in AWS Bedrock AgentCore Code Interpreter allows threat actors to bypass network isolation and establish stealthy command-and-control (C2) channels. AWS originally advertised this mode as providing complete isolation without external access, researchers found that it permits outbound DNS queries for A and AAAA records. This structural allowance enables attackers to exfiltrate…
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
Apple rolls out first ‘background security’ update for iPhones, iPads, and Macs to fix Safari bug
Apple’s first-ever “background security improvement” fixes a vulnerability in its Safari browser running its latest software. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/17/apple-rolls-out-first-background-security-update-for-iphones-ipads-and-macs-to-fix-safari-bug/
-
6 Open-Source Vulnerability Scanners That Actually Work in 2026
Compare top open-source vulnerability scanners and their key features. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/open-source-vulnerability-scanners/
-
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Internet-exposed devices that give BIOS-level access? What could possibly go wrong? First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/03/researchers-disclose-vulnerabilities-in-ip-kvms-from-4-manufacturers/
-
RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts
RondoDox botnet targets 174 flaws, reaching 15,000 daily exploit attempts in a more focused and strategic campaign. RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with up to 15,000 daily exploitation attempts in a more focused and strategic campaign, Bitsight reported. >>We gathered all these exploit attempts (identifiable by indicators like the User-Agent and…
-
Schwachstellen bei Bitwarden, Lastpass und Dashlane – Machen Passwortmanager falsche Sicherheitsversprechen?
Tags: vulnerabilityFirst seen on security-insider.de Jump to article: www.security-insider.de/eth-zuerich-schwachstellen-bitwarden-lastpass-dashlane-a-7546d08260a1b8e61d3d141a41ee69bc/
-
AWS Bedrock’s ‘isolated’ sandbox comes with a DNS escape hatch
Tags: access, bug-bounty, credentials, cvss, data, dns, iam, infrastructure, jobs, network, service, strategy, update, vulnerabilityAWS allegedly rolled back a fix: BeyondTrust said it discovered and reported the vulnerability to AWS on September 1, 2025, via the bug bounty platform HackerOne. AWS reportedly acknowledged receipt of the report and deployed an initial fix to production in November.However, BeyondTrust was informed a few days later that the initial fix was rolled…

