Tag: vulnerability
-
4,000+ Routers Compromised by KadNap Malware Exploiting Vulnerabilities
A newly uncovered malware campaign dubbed KadNap has silently conscripted more than 14,000 internet”‘exposed routers and edge devices into a stealth proxy botnet, with Asus routers the primary victims. More than 60% of known victims are located in the United States, with additional infections observed in Taiwan, Hong Kong, Russia, and other countriesHow KadNap Infects Routers The…
-
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content.…
-
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
Palo Alto Networks has issued a security advisory regarding a newly discovered vulnerability in its Cortex XDR Broker Virtual Machine (VM). Tracked as CVE-2026-0231, this medium-severity flaw could allow a threat actor to access and modify sensitive system information. Because the Broker VM acts as a critical bridge between on-premises network assets and the cloud-based…
-
U.S. CISA adds a flaw in n8n to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in n8n to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an n8n flaw, tracked as CVE-2025-68613 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. n8n is a workflow automation platform designed for technical teams that combines the…
-
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
Palo Alto Networks has issued a security advisory regarding a newly discovered vulnerability in its Cortex XDR Broker Virtual Machine (VM). Tracked as CVE-2026-0231, this medium-severity flaw could allow a threat actor to access and modify sensitive system information. Because the Broker VM acts as a critical bridge between on-premises network assets and the cloud-based…
-
Vulnerability in MediaTek Chips Could Impact 25% Android Smartphones
Security researchers have identified a serious Android phone vulnerability that could affect the global smartphone ecosystem. The flaw, discovered by the security research team at Ledger, may expose sensitive information from millions of Android smartphones powered by certain Android chipsets. According to researchers, the issue could potentially impact devices representing roughly 25% of Android phones…
-
Vulnerability in MediaTek Chips Could Impact 25% Android Smartphones
Security researchers have identified a serious Android phone vulnerability that could affect the global smartphone ecosystem. The flaw, discovered by the security research team at Ledger, may expose sensitive information from millions of Android smartphones powered by certain Android chipsets. According to researchers, the issue could potentially impact devices representing roughly 25% of Android phones…
-
USENIX Security ’25 (Enigma Track) Everything Old Is New Again: Legal Restrictions On Vulnerability Disclosure On Bug Bounty Platforms
Author, Creator & Presenter: Kendra Albert, Albert Sellars LLP Our thanks to USENIX Security ’25 (Enigma Track) (USENIX ’25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security ’25 (Enigma Track) content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/usenix-security-25-enigma-track-everything-old-is-new-again-legal-restrictions-on-vulnerability-disclosure-on-bug-bounty-platforms/
-
Medical Device Concerns for a Post-Quantum World
Long-life medical devices – products typically used for a decade or longer – are among the most post-quantum, cryptographically vulnerable technologies in healthcare, said Joern Lubadel, global head of product security at German-based medical device and healthcare products maker B. Braun. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/medical-device-concerns-for-post-quantum-world-i-5533
-
Researchers Uncover ‘LeakyLooker’ Vulnerabilities in Google Looker Studio
LeakyLooker flaws in Google Looker Studio let attackers run cross-tenant SQL attacks on cloud data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-looker-studios-security-gaps/
-
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution.The vulnerabilities are listed below -CVE-2026-27577 (CVSS score: 9.4) – Expression sandbox escape leading to remote code execution (RCE)CVE-2026-27493 (CVSS score: 9.5) – Unauthenticated First seen on thehackernews.com Jump…
-
Schwachstellen bei Bitwarden, Lastpass und Dashlane – Machen Passwortmanager falsche Sicherheitsversprechen?
Tags: vulnerabilityFirst seen on security-insider.de Jump to article: www.security-insider.de/eth-zuerich-schwachstellen-bitwarden-lastpass-dashlane-a-7546d08260a1b8e61d3d141a41ee69bc/
-
AWS expands Security Hub for multicloud security operations
Tags: access, api, ceo, ciso, cloud, cybersecurity, data, detection, endpoint, framework, google, identity, incident response, india, infrastructure, Internet, microsoft, monitoring, risk, threat, tool, vulnerability, vulnerability-managementCross-cloud security monitoring: While AWS has not provided technical details on how it will identify vulnerabilities outside its native environment, Sanchit Vir Gogia, chief analyst at Greyhound Research, said multicloud visibility typically works by collecting signals from multiple security systems and translating them into a consistent format so they can be analysed together.A key enabler…
-
March 2026 Patch Tuesday fixes two zero-day vulnerabilities
Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities-2/
-
March 2026 Patch Tuesday fixes two zero-day vulnerabilities
Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities-3/
-
Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX
Hewlett Packard Enterprise (HPE) fixed several flaws in Aruba AOS-CX, including a critical bug that lets attackers reset admin passwords. Hewlett Packard Enterprise (HPE) patched multiple vulnerabilities in Aruba AOS-CX, the operating system used in Aruba CX switches. The most severe issue, tracked as CVE-2026-23813 (CVSS score of 9.8), allows unprivileged attackers to bypass authentication…
-
Critical Vulnerability in Microsoft Office Allows Malicious Code to Run Remotely
Tags: cve, cvss, cyber, flaw, malicious, microsoft, office, remote-code-execution, threat, vulnerabilityMicrosoft has disclosed a critical security flaw in its Microsoft Office suite, officially tracked as CVE-2026-26110. Released on March 10, 2026, this Remote Code Execution (RCE) vulnerability poses a significant threat to organizations and individuals relying on the widely used productivity software. With a base CVSS score of 8.4, the flaw demands immediate attention from…
-
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems.The vulnerabilities in question listed below -CVE-2019-17571 (CVSS score: 9.8) – A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)CVE-2026-27685 (CVSS score: 9.1) – An insecure deserialization First seen on thehackernews.com…
-
What Boards Must Demand in the Age of AI-Automated Exploitation
“You knew, and you could have acted. Why didn’t you?” This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident.For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve…
-
March 2026 Patch Tuesday fixes two zero-day vulnerabilities
Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities/
-
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials
Tags: access, advisory, cisa, control, credentials, data, endpoint, exploit, firewall, flaw, infrastructure, kev, remote-code-execution, software, switch, update, vulnerabilityExposure spans campus to data center switching: The vulnerabilities affect AOS-CX software across four active version branches, spanning entry-level campus switches to data center-class hardware. Versions that reached the end of support before the advisory’s publication are also expected to be vulnerable, the advisory said. Organizations running AOS-CX 10.17.0001 and below, 10.16.1020 and below, 10.13.1160…
-
Microsoft patches 80+ vulnerabilities, six flagged as >>more likely<< to be exploited
On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/11/march-2026-patch-tuesday/
-
Microsoft Fixes 79 Flaws in March Patch Tuesday, Including Two 0-Days
Microsoft fixes 79 vulnerabilities in March 2026 Patch Tuesday, including two publicly disclosed 0-days affecting SQL Server, .NET and Windows systems. First seen on hackread.com Jump to article: hackread.com/microsoft-march-patch-tuesday-two-0-days-flaws/
-
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information…
-
Microsoft Patch Tuesday March 2026: Two Zero-Days and Critical RCE Bugs Fixed
The Microsoft Patch Tuesday March 2026 release introduces security updates addressing 79 vulnerabilities, including two publicly disclosed zero-day vulnerabilities and several high-risk issues tied to remote code execution. The monthly security rollout includes fixes across multiple Microsoft products such as SQL Server, .NET, Microsoft Office, SharePoint Server, and Azure services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-march-2026/
-
Microsoft Active Directory Flaw Allows Attackers to Escalate Privileges
Microsoft has released a critical security update addressing a high-severity elevation of privilege vulnerability in Active Directory Domain Services (AD DS). This flaw, patched during the March 10, 2026, Patch Tuesday rollout, poses a significant threat to enterprise identity infrastructure by allowing attackers to gain SYSTEM-level access. Tracked as CVE-2026-25177, this security defect carries a…
-
Microsoft .NET 0-Day Flaw Opens Doors for Denial of Service Attacks
Microsoft’s March 2026 Patch Tuesday has addressed a zero-day vulnerability in the .NET framework, officially tracked as CVE-2026-26127. Disclosed publicly before a patch was available, this flaw allows unauthenticated remote attackers to trigger a denial of service (DoS) condition against applications running on affected .NET environments. The vulnerability has been categorized as an out-of-bounds read…
-
Microsoft Patchday März 2026 – 93 Schwachstellen in Windows, Office, Azure und Serverkomponenten
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-maerz-2026-patches-updates-a-46bdfd333e21799fd5668565101471ba/
-
Microsoft Fixes 79 Vulnerabilities in March 2026 Patch Tuesday, Mitigating Two Exploited 0-Days
Microsoft has released its March 2026 Patch Tuesday updates, successfully addressing 79 security vulnerabilities across various products and mitigating two publicly disclosed zero-day flaws. These critical security updates provide essential fixes for enterprise systems, including Microsoft Windows, Office, SQL Server, and the .NET framework. March 2026 Vulnerability Overview The March 2026 Patch Tuesday addresses a…