#cve-2023-48022
#cve-2023-48022

Software development

Claude Opus wrote a Chrome exploit for $2,283

20 hours ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

Information security

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

A new botnet named PowMix targets Czech Republic's workforce, utilizing advanced evasion techniques and multi-stage infection methods since December 2025.

14 hours ago

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

Software development

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos model due to security concerns, while Opus 4.6 was used to create a functional exploit for Chrome's V8 engine.

20 hours ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Hackers exploit vulnerabilities, including a fake app draining $9.5M, while new exploits like RedSun target Microsoft Defender.

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

A new botnet named PowMix targets Czech Republic's workforce, utilizing advanced evasion techniques and multi-stage infection methods since December 2025.

more#cybersecurity

#data-breach

Privacy professionals

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

Privacy professionals

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

SF politics

fromNextgov.com

15 hours ago

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

CNCF Warns Kubernetes Alone Is Not Enough to Secure LLM Workloads

Kubernetes lacks the capability to manage the unique risks posed by large language models in AI deployments.

Python

fromTalkpython

OWASP Top 10 (2025 List) for Python Devs

The OWASP Top 10 has been updated with significant changes including supply chain attacks and exceptional condition handling.

#microsoft

fromThe Verge

Privacy technologies

Microsoft faces fresh Windows Recall security concerns

19 hours ago

Information security

Microsoft closes book on rogue Windows Server 2025 upgrades

Information security

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

fromComputerworld

Information security

Microsoft's Windows Recall still allows silent data extraction

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Privacy technologies

fromThe Verge

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.

19 hours ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

fromComputerworld

Microsoft's Windows Recall still allows silent data extraction

Microsoft needs to enhance code integrity for AIXHost.exe to prevent injection attacks.

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.

fromZero Day Initiative

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.

Ransomware Hits Automotive Data Expert Autovista

Autovista is working to restore services after a ransomware attack affected its systems in Europe and Australia.

EU data protection

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.

Ransomware Hits Automotive Data Expert Autovista

Autovista is working to restore services after a ransomware attack affected its systems in Europe and Australia.

NVD

Axios library versions prior to 1.15.0 are vulnerable to Prototype Pollution, leading to Remote Code Execution and Full Cloud Compromise.

#nist

12 hours ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

12 hours ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

DevOps

fromAzure DevOps Blog

One-click security scanning and org-wide alert triage come to Advanced Security - Azure DevOps Blog

New capabilities in Azure DevOps simplify application security with one-click CodeQL setup and a unified alerts experience for security teams.

1 hour ago

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

Node JS

fromNist

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.

Software development

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

fromDevOps.com

14 hours ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

fromNist

4 weeks ago

NVD

Prior to version 3.20.0, using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime in a Next.js App Router could lead to race conditions, allowing concurrent requests to read incorrect context.

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

22 hours ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

15 hours ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

22 hours ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE

Identity and access management is crucial for cybersecurity, with a focus on IAM hygiene necessary to mitigate risks from vulnerabilities.

#north-korea

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

23 hours ago

Information security

ZionSiphon Malware Targets ICS in Water Facilities

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Information security

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

17 hours ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

23 hours ago

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released fixes for high and medium-severity vulnerabilities in its products, including Splunk Enterprise, Cloud Platform, and MCP Server.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.

2 weeks ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.

2 weeks ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

5 days ago

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

fromTNW | Apps

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.

5 days ago

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.

Information security

SAP Patches Critical ABAP Vulnerability

SAP released 20 new and updated security notes addressing critical vulnerabilities, including a severe SQL injection flaw with a CVSS score of 9.9.

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

fromInfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

3 weeks ago

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix released critical patches for vulnerabilities in NetScaler ADC and Gateway, addressing memory leaks and session mixup issues.

2 months ago

BeyondTrust Patches Critical RCE Vulnerability

Critical unauthenticated RCE (CVE-2026-1731, CVSS 9.9) affects BeyondTrust RS and PRA; patches are available and many internet-accessible on-prem deployments are likely exposed.

2 months ago

BeyondTrust Remote Support has a critical vulnerability

Unauthenticated remote-code-execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access enables full system compromise; affected versions require urgent patching or upgrades.

fromDataBreaches.Net

1 month ago

Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023 - DataBreaches.Net

The bug, which has a maximum-rated vulnerability severity score of 10.0, allows hackers to remotely break into networks running its Catalyst SD-WAN products, which allow large companies and government agencies with multiple offices to connect their private networks over long distances.

Information security