Vulnerabilities News

A PoC exploit for a vulnerability in Microsoft's Snipping Tool has been released, allowing attackers to steal Net-NTLM hashes through social engineering tactics.

Hackers have targeted CVE-2023-33538 in TP-Link routers for over a year, but no successful exploitation has been recorded. Despite high-risk scores, attackers face limitations. Users should update their firmware and change default credentials.

A newly discovered flaw in iTerm2 allows attackers to execute code by simply viewing a malicious text file. This vulnerability affects macOS users, posing a significant risk. Caution is advised when handling untrusted files or SSH connections until a fix is available.

Three new Windows vulnerabilities have been weaponized by attackers. Organizations are at risk of admin access breaches. Immediate updates and monitoring are essential to protect systems.

A critical vulnerability in Anthropic's Model Context Protocol exposes 200,000 servers to remote code execution threats. Immediate protective measures are recommended.

CISA has added eight vulnerabilities to its KEV Catalog, highlighting serious risks for federal networks. Organizations need to act quickly to remediate these flaws to avoid exploitation.

New zero-day vulnerabilities in Microsoft Defender are being actively exploited, with two remaining unpatched. Organizations must take immediate action to safeguard their systems.

A critical vulnerability in SGLang allows remote code execution via malicious GGUF model files. Affected systems are at high risk of exploitation. Immediate action is essential to secure these systems.

Progress has issued a security advisory for critical vulnerabilities in Kemp LoadMaster and MOVEit WAF products. Users must apply updates to mitigate risks. This affects multiple versions.

A critical vulnerability in Lovable's API exposes sensitive data from thousands of projects. Users are urged to take immediate action to secure their information.

Forescout discovered 20 vulnerabilities in serial-to-IP converters, exposing OT and healthcare systems to remote hacking. Organizations must act quickly to patch these flaws and safeguard critical infrastructure.

In the last year, enterprises deployed millions of patches, yet many remain exposed due to delays in remediation. Discover how your organization compares to global benchmarks and improve your patch management strategy.

Every day, security experts face a flood of new CVEs. This overwhelming influx complicates their defensive strategies. Learn how to manage this challenge effectively.

GreyNoise researchers have found that network traffic spikes can predict upcoming vulnerabilities in edge devices. This insight helps organizations prepare for potential attacks. By monitoring these signals, defenders can act before vulnerabilities are publicly disclosed.

Researchers uncovered prompt-injection vulnerabilities in Microsoft Copilot and Salesforce Agentforce. These flaws could lead to serious data leaks. Companies using these platforms need to act fast to secure their data.

A critical vulnerability in Fortinet's FortiSandbox allows unauthenticated attackers to execute commands as root. A proof-of-concept exploit is now publicly available, making immediate patching essential.

Anviz devices are vulnerable to critical security flaws that could allow hackers to gain control. Products affected include CX2 Lite and CX7 firmware versions. Users must act quickly to secure their devices.

Microsoft has released an out-of-band update to fix issues causing Windows Server domain controllers to enter reboot loops after the April 2026 security update, affecting authentication and directory services.

A critical vulnerability has been found in Horner Automation's PLC systems, allowing unauthorized access. Affected versions include Cscape v10.0 and XL7 PLC v15.60. Users must update their systems to mitigate risks.

HashiCorp has identified critical vulnerabilities in Vault software. Users must update their systems to prevent potential breaches. These issues could disrupt services and expose sensitive data.

A Censys report reveals that despite a significant decline, nearly 6 million FTP servers are still exposed, with many lacking encryption, posing serious security risks.

Cisco has identified a critical vulnerability in Webex SSO that requires immediate action from administrators. Additionally, three other critical vulnerabilities in Cisco's Identity Services could allow for remote code execution.

HPE has issued a security advisory for vulnerabilities in their Cray Supercomputing EX420 Compute Blade. Users must update to version 1.91 or later to ensure security. This is crucial to protect sensitive operations and data.

What Happened A company working towards ISO 27001 certification discovered a significant vulnerability in their server room security. The solution they implemented was a two-factor authentication lock system. However, during a final drill before an audit, a junior sysop found that the lock could be bypassed by entering more than ten digits on the keypad, causing it to unlock

A serious vulnerability in Microsoft Edge WebView2 allows attackers to hijack DLLs, posing risks to many Windows applications. This flaw remains unpatched, making it a target for exploitation. Organizations must act now to protect their systems.

The EU's new age-verification app has serious security flaws, allowing hackers to breach it in under two minutes. This raises significant concerns about user data safety. Experts warn that this could lead to a major data breach if not addressed quickly.

A critical vulnerability in Thymeleaf allows attackers to execute malicious code. All versions before 3.1.4.RELEASE are affected. Immediate upgrades are essential to protect applications.

Cisco Talos disclosed vulnerabilities in Foxit Reader and LibRaw, which have been patched. These flaws could allow attackers to execute harmful code, posing serious risks to users. Stay updated to protect your systems.

A critical vulnerability in AVEVA Pipeline Simulation has been discovered, allowing unauthorized modifications. Organizations must upgrade their systems to prevent exploitation. Immediate action is necessary to protect critical training data.

Apple is addressing a critical bug in iOS 26 that affects users with custom alphanumeric passcodes, particularly those using the Czech keyboard character that was removed in the update. A fix is reportedly underway, but user trust is wavering.

A critical RCE vulnerability in protobuf.js has been exposed, allowing attackers to execute arbitrary JavaScript code. With proof-of-concept exploit code now available, immediate upgrades to patched versions are essential.

Microsoft has patched two zero-day vulnerabilities, including one actively exploited. These flaws could lead to serious security risks in enterprise environments. It's crucial for sysadmins to update their systems immediately.

Microsoft has released patches for 169 vulnerabilities, including a critical zero-day in SharePoint. This highlights ongoing security challenges for users. Immediate action is recommended to mitigate risks.

A medium-severity flaw in Microsoft SharePoint has been exploited, with new insights highlighting the potential for widespread impact. Organizations are urged to take immediate action to protect their data.

A critical vulnerability in the nginx UI tool allows attackers to fully compromise web servers, with active exploitation confirmed since March 2026. A security advisory has been issued urging immediate patching.

A new tool reveals vulnerabilities in Windows 11's Recall feature, allowing unauthorized access to sensitive user data. Despite Microsoft's claims of improved security measures, significant risks remain.

NIST has announced a significant change in its CVE analysis strategy, narrowing its focus to critical vulnerabilities amid a surge in submissions. The agency will prioritize vulnerabilities that are actively exploited or critical to federal systems, leaving many lower-priority CVEs without enrichment.

AMD has identified critical vulnerabilities in their EPYC and Ryzen processors. Users must update their systems to prevent potential exploits. This advisory highlights the importance of timely security measures.

Microsoft and Salesforce have patched critical flaws in their AI tools that could have leaked sensitive data. Users must update their systems immediately to prevent exposure. Protect your information by staying informed and vigilant.

CISA warns of a critical vulnerability in Windows Task Host that allows privilege escalation. All organizations are urged to apply patches immediately to prevent exploitation.

In 2026, vulnerability numbers soar, challenging security teams. This article highlights how runtime context can help prioritize and manage risks effectively. Discover practical strategies for better vulnerability management.

Microsoft has confirmed that some Windows Server 2025 devices will face BitLocker recovery prompts after the April 2026 update. This issue mainly affects enterprise environments. Microsoft is working on a solution and has shared temporary workarounds for affected administrators.

CISA's Lindsey Cerkovnik urges AI companies to enhance their role in vulnerability disclosures. This shift is crucial as reported vulnerabilities surge, impacting cybersecurity practices.

Microsoft has fixed a bug that caused unauthorized upgrades to Windows Server 2025 for users of Windows Server 2019 and 2022. This fix restores normal upgrade functionality, ensuring better control over server updates.

Raspberry Pi OS 6.2 has disabled passwordless sudo by default for new installations, enhancing security but causing mixed reactions among users. Existing installations remain unchanged.

Major industrial companies have released security advisories addressing critical vulnerabilities. This impacts essential infrastructure systems, highlighting the need for timely patching and vigilance.

April's Patch Tuesday reveals critical vulnerabilities in Microsoft products, including two zero-days in SharePoint and Microsoft Defender, alongside several other critical vulnerabilities that require immediate action.

Experts have released security best practices for Microsoft Exchange servers. This guidance aims to protect organizations from vulnerabilities and threats. It's essential for safeguarding sensitive communications. Implementing these measures can enhance overall security.

CISA has issued an alert regarding critical vulnerabilities in Windows and Adobe Acrobat that could lead to privilege escalation and arbitrary code execution. Immediate updates are essential to mitigate risks.

A new vulnerability in Kiuwan SAST allows users to log in even when their accounts are disabled. This could expose organizations to serious security risks. A patch is available, and immediate updates are recommended.