Tag: vulnerability
-
Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack
Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline. The post Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-six-zero-days-february-2026/
-
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
Tags: access, attack, authentication, exploit, flaw, rce, remote-code-execution, update, vulnerabilityA critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-beyondtrust-rce-flaw-now-exploited-in-attacks-patch-now/
-
New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities/
-
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could…
-
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-plugin-with-900k-installs-vulnerable-to-critical-rce-flaw/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report
Tags: access, ai, api, attack, automation, business, cloud, container, cyber, cybersecurity, data, exploit, finance, flaw, gartner, governance, identity, intelligence, iot, leak, network, risk, service, technology, threat, tool, update, vulnerability“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.” Key Takeaways from Tenable: This is the latest among a recent string of recognitions Tenable…
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Feiniu NAS Devices Hit in Massive Netdragon Botnet Attack Exploiting Unpatched Vulnerabilities
Tags: attack, backdoor, botnet, cyber, ddos, exploit, infrastructure, malware, network, vulnerabilityFeiniu fnOS network-attached storage (NAS) devices have been pulled into a large Netdragon botnet after attackers exploited still-unpatched vulnerabilities, turning home and small”‘business storage into infrastructure for DDoS attacks.”‹ The malware opens an HTTP backdoor on port 57132, letting attackers run arbitrary system commands remotely via crafted GET requests to the /api path. Using traffic fingerprints from…
-
Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)
Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/apple-zero-day-fixed-cve-2026-20700/
-
Healthcare Networks, Financial Regulators, and Industrial Systems on the Same Target List
More than 25 million individuals are now tied to the Conduent Business Services breach as investigations continue to expand its scope. In Canada, approximately 750,000 investors were affected in the CIRO data breach. During roughly the same period, 2,451 vulnerabilities specific to industrial control systems were disclosed by 152 vendors. The latest ColorTokens Threat Advisory……
-
WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks
Tags: attack, backup, cve, cvss, cyber, malicious, remote-code-execution, risk, vulnerability, wordpressA critical vulnerability in the popular WPvivid Backup & Migration plugin is putting more than 800,000 WordPress websites at risk of complete takeover through remote code execution (RCE) attacks. Tracked as CVE-2026-1357 and rated 9.8 on the CVSS scale, the vulnerability allows unauthenticated attackers to upload arbitrary files to vulnerable sites and execute malicious PHP…
-
Palo Alto Networks Firewall Vulnerability Lets Attackers Trigger Reboot Loops
Palo Alto Networks has disclosed a PAN-OS firewall vulnerability that can let remote attackers force repeated reboots, potentially pushing a device into a “reboot loop” that ends in maintenance mode. Tracked as CVE-2026-0229, the issue sits in the Advanced DNS Security (ADNS) feature. It can be triggered by an unauthenticated attacker using a maliciously crafted…
-
Time to Exploit Plummets as N-Day Flaws Dominate
Flashpoint warns of a dramatic drop in the average time between vulnerability disclosure and exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/time-exploit-plummets-nday-flaws/
-
Chrome Security Update Released to Address Code Execution Vulnerabilities
Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux systems, addressing 11 security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, announced on February 10, 2026, will roll out gradually over the coming days and weeks. Critical Security Fixes The update patches several high-severity…
-
Zero-Click RCE in Claude Desktop: CVSS-Score von 10/10
Diesmal gibt es eine Sicherheitslücke in Agenten, und zwar nicht in irgendeinem experimentellen Open-Source-Projekt, sondern in Claude Desktop. Die Sicherheitsfirma LayerX hat eine kritische Zero-Click RCE (Remote Code Execution) Schwachstelle in Claude Desktop Extensions (DXT) entdeckt, die über 10.000 aktive Nutzende betrifft und mit einem CVSS-Score von 10/10 bewertet wurde [1]. Das mag auf den……
-
What CISOs need to know about the OpenClaw security nightmare
OpenClaw exposes enterprise security gaps: The first big lesson of this whole OpenClaw situation is that enterprises need to do more to get their security fundamentals in place. Because if there are any gaps, anywhere at all, they will now be found and exploited at an unprecedented pace. In the case of OpenClaw, that means…
-
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could…
-
Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass
Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit…
-
Promptware Hackers Exploit Google Calendar Invites to Stealthily Stream Victim’s Camera via Zoom
A new era of AI vulnerability has arrived, and it is far more dangerous than simply tricking a chatbot into saying something rude. New research released this week demonstrates how attackers can weaponize everyday tools such as Google Calendar and Zoom to spy on users without ever prompting them to click a link. In a…
-
OpenClaw – Der nächste KI-Agent mit enormen Schwachstellen
First seen on security-insider.de Jump to article: www.security-insider.de/openclaw-ki-agent-sicherheitsluecken-a-ba4c16f732eab942bf267d6f42836114/