#cve-2026-31842

[ follow ]
#cybersecurity #vulnerabilities #vulnerability #remote-code-execution #ai #malware #ransomware #security #hacking
Information security
fromThe Hacker News
16 hours ago

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.
Node JS
fromNist
2 days ago

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.
Software development
fromDevOps.com
13 hours ago

Appknox Adds AI Tool to Detect and Fix Vulnerabilities in Mobile Applications - DevOps.com

Appknox introduces AI to assess mobile app vulnerabilities and recommend fixes, enhancing the patching process for software engineering teams.
#apple-intelligence
Apple
fromSecurityWeek
16 hours ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.
Apple
fromTheregister
17 hours ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
Apple
fromSecurityWeek
16 hours ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.
Apple
fromTheregister
17 hours ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
more#apple-intelligence
#cybersecurity
Cryptocurrency
fromnews.bitcoin.com
14 hours ago

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

U.S. Treasury expands cybersecurity coordination with digital asset firms to enhance protections and integrate with traditional finance.
Information security
fromTechSpot
10 hours ago

Hackers are turning home routers into tools to spy on Microsoft 365 users

Forest Blizzard hackers exploit insecure routers to compromise devices and intercept traffic, targeting Microsoft 365 domains for sensitive data.
Healthcare
fromBoston.com
2 days ago

Signature Healthcare in Brockton hit by cybersecurity incident

Signature Healthcare is managing a cybersecurity incident, affecting some services while maintaining inpatient and emergency care.
Information security
fromTheregister
14 hours ago

Chevin pulls the handbrake on FleetWave after security scare

A major outage of FleetWave affects customers in the UK and US due to cybersecurity precautions taken by Chevin Fleet Solutions.
Information security
fromThe Hacker News
13 hours ago

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A new threat cluster UAT-10362 targets Taiwanese NGOs and universities with Lua-based malware LucidRook via spear-phishing campaigns.
more#cybersecurity
Artificial intelligence
from24/7 Wall St.
13 hours ago

The Real Reason Cloudflare Is Down 11% Today Has Nothing to Do With Insider Selling

Insider selling at Cloudflare is routine and does not indicate trouble; the real concern is competition from Anthropic's new AI offerings.
Healthcare
fromSecurityWeek
1 day ago

Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption

Signature Healthcare in Brockton diverted ambulances due to a cyberattack, impacting services but not surgeries or procedures.
DevOps
fromDevOps.com
2 days ago

Why Most DevSecOps Pipelines Fail at Runtime Security (not Build Time) - DevOps.com

Runtime risk arises from configuration and infrastructure changes post-deployment, necessitating DevSecOps to enhance security earlier in the delivery process.
Information security
fromSecurityWeek
18 hours ago

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks and SonicWall released patches for multiple vulnerabilities, including high-severity bugs that could allow unauthorized access and code execution.
Node JS
fromZero Day Initiative
1 day ago

Zero Day Initiative - Node.js Trust Falls: Dangerous Module Resolution on Windows

Node.js module resolution can lead to security vulnerabilities if malicious packages are placed in the root node_modules directory.
#ai
Information security
fromTheregister
2 days ago

Anthropic Mythos model can find and exploit 0-days

AI model Mythos can generate zero-day vulnerabilities, surpassing human capabilities, but Anthropic chose not to release it to prevent widespread exploitation.
Information security
fromwww.theguardian.com
1 day ago

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.
Information security
fromTheregister
2 days ago

Anthropic Mythos model can find and exploit 0-days

AI model Mythos can generate zero-day vulnerabilities, surpassing human capabilities, but Anthropic chose not to release it to prevent widespread exploitation.
more#ai
Privacy professionals
fromTechCrunch
1 day ago

Hack-for-hire group caught targeting Android devices and iCloud backups | TechCrunch

A hack-for-hire group is targeting journalists and officials in the Middle East and North Africa using phishing and spyware tactics.
#ransomware
Healthcare
fromTheregister
1 day ago

Ransomware knocks Dutch healthcare software vendor offline

A ransomware attack has taken down Dutch healthcare software vendor ChipSoft, affecting its services to hospitals across the country.
Information security
fromSecuritymagazine
2 days ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.
Information security
fromSecurityWeek
2 days ago

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.
Healthcare
fromTheregister
1 day ago

Ransomware knocks Dutch healthcare software vendor offline

A ransomware attack has taken down Dutch healthcare software vendor ChipSoft, affecting its services to hospitals across the country.
Information security
fromSecuritymagazine
2 days ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.
Information security
fromSecurityWeek
2 days ago

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.
more#ransomware
DevOps
fromInfoWorld
6 days ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Privacy professionals
fromWIRED
1 day ago

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.
Node JS
fromSecurityWeek
3 days ago

Guardarian Users Targeted With Malicious Strapi NPM Packages

A supply chain attack targeting the Strapi ecosystem involved 36 malicious NPM packages delivering various harmful payloads.
Information security
fromTechRepublic
11 hours ago

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.
#flowise
Information security
fromThe Hacker News
2 days ago

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

A critical security flaw in Flowise allows remote code execution, posing severe risks to business continuity and customer data.
Information security
fromThe Hacker News
2 days ago

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

A critical security flaw in Flowise allows remote code execution, posing severe risks to business continuity and customer data.
more#flowise
Information security
fromThe Hacker News
1 day ago

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.
#adobe-reader
Information security
fromThe Hacker News
18 hours ago

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.
Information security
fromThe Hacker News
18 hours ago

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.
more#adobe-reader
Information security
fromTechRepublic
1 day ago

'BlueHammer' Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A security researcher released exploit code for a Windows zero-day vulnerability called BlueHammer, allowing privilege escalation without an official Microsoft patch.
Information security
fromThe Hacker News
2 days ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.
#identity-management
fromThe Hacker News
1 day ago
Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.
Information security
fromThe Hacker News
2 days ago

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.
Information security
fromThe Hacker News
1 day ago

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.
Information security
fromThe Hacker News
2 days ago

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.
more#identity-management
Information security
fromTechRepublic
1 day ago

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.
Information security
fromSecurityWeek
1 day ago

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.
#cups
Information security
fromTheregister
3 days ago

AI agents found vulns in this Linux and Unix print server

Two vulnerabilities in CUPS allow unauthenticated remote code execution and root file overwrite, posing significant security risks in networked environments.
Information security
fromTheregister
3 days ago

AI agents found vulns in this Linux and Unix print server

Two vulnerabilities in CUPS allow unauthenticated remote code execution and root file overwrite, posing significant security risks in networked environments.
more#cups
Information security
fromSecurityWeek
2 days ago

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.
Information security
fromTheregister
2 days ago

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.
#fortinet
Information security
fromTechRepublic
3 days ago

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

A critical FortiClient EMS vulnerability allows unauthenticated attackers to bypass protections and execute unauthorized commands on systems.
Information security
fromTechRepublic
3 days ago

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

A critical FortiClient EMS vulnerability allows unauthenticated attackers to bypass protections and execute unauthorized commands on systems.
Information security
fromSecurityWeek
3 days ago

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

Fortinet released emergency hotfixes for a critical vulnerability in FortiClient EMS that allows remote code execution without authentication.
Information security
fromThe Hacker News
5 days ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.
Information security
fromSecurityWeek
1 week ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.
more#fortinet
Information security
fromThe Hacker News
3 days ago

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.
Information security
fromThe Hacker News
2 days ago

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

A campaign targets ComfyUI instances for cryptocurrency mining and botnet enlistment through remote code execution exploits.
Information security
fromInfoQ
1 week ago

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.
Information security
fromSecurityWeek
6 days ago

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.
#cisco
Information security
fromThe Hacker News
1 week ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
Information security
fromSecurityWeek
1 week ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.
Information security
fromThe Hacker News
1 week ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
Information security
fromSecurityWeek
1 week ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.
more#cisco
Information security
fromSecurityWeek
6 days ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.
#citrix
Information security
fromSecurityWeek
1 week ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.
Information security
fromTheregister
1 week ago

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.
Information security
fromThe Hacker News
1 week ago

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.
Information security
fromSecurityWeek
2 weeks ago

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix released critical patches for vulnerabilities in NetScaler ADC and Gateway, addressing memory leaks and session mixup issues.
Information security
fromSecurityWeek
1 week ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.
Information security
fromTheregister
1 week ago

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.
Information security
fromThe Hacker News
1 week ago

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.
Information security
fromSecurityWeek
2 weeks ago

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix released critical patches for vulnerabilities in NetScaler ADC and Gateway, addressing memory leaks and session mixup issues.
more#citrix
Information security
fromSecurityWeek
2 weeks ago

BIND Updates Patch High-Severity Vulnerabilities

ISC released BIND 9 updates to fix four vulnerabilities, including two high-severity bugs that can lead to memory leaks and high CPU consumption.
Information security
fromTechzine Global
2 weeks ago

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.
Information security
fromArs Technica
3 weeks ago

Researchers disclose vulnerabilities in IP KVMs from four manufacturers

IP KVMs pose severe network security risks because compromising them enables attackers to bypass system security and access remotely managed servers.
Information security
fromThe Hacker News
1 month ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.
Information security
fromSecurityWeek
1 month ago

BeyondTrust Patches Critical RCE Vulnerability

Critical unauthenticated RCE (CVE-2026-1731, CVSS 9.9) affects BeyondTrust RS and PRA; patches are available and many internet-accessible on-prem deployments are likely exposed.
Information security
fromTheregister
2 months ago

Cisco finally fixes max-severity bug under attack for weeks

Cisco released updates fixing a maximum-severity AsyncOS vulnerability (CVE-2025-20393) exploited for root access and persistence on SEG and SEWM appliances.
Information security
fromTechzine Global
1 month ago

BeyondTrust Remote Support has a critical vulnerability

Unauthenticated remote-code-execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access enables full system compromise; affected versions require urgent patching or upgrades.
fromTheregister
1 month ago

CISA gives feds 3 days to patch actively exploited Dell bug

Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024. CISA this week added the flaw, tracked as CVE-2026-22769, to its Known Exploited Vulnerabilities catalog, ordering civilian agencies to secure affected systems by February 21 - giving them just three days to get fixes in place.
Information security
Information security
fromTheregister
2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.
[ Load more ]