Vulnerabilities

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000

Chrome, patches, Vulnerabilities, vulnerability /

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 2026-04-10 at 14:45 By Eduard Kovacs The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers. The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek. This article is an excerpt from […]

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 Read More »

Critical Marimo Flaw Exploited Hours After Public Disclosure

exploited, Marimo, Vulnerabilities, vulnerability /

Critical Marimo Flaw Exploited Hours After Public Disclosure 2026-04-10 at 14:45 By Ionut Arghire Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild. The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Marimo Flaw Exploited Hours After Public Disclosure Read More »

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

Android, Cryptocurrency, EngageLab, Mobile & Wireless, SDK, Vulnerabilities, vulnerability /

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users 2026-04-10 at 10:37 By Eduard Kovacs The security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago. The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek. This article is an

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users Read More »

Err-Hiding and Seek: How ErrTraffic v3 Leverages EtherHiding in ClickFix Campaign

Emerging Threats, Threat Intelligence, Vulnerabilities /

Err-Hiding and Seek: How ErrTraffic v3 Leverages EtherHiding in ClickFix Campaign 2026-04-09 at 16:17 By King Orande and Cris Tomboc TLP: AMBER+STRICT The LevelBlue SpiderLabs team examined the latest version of ErrTraffic, which emerged in early 2026. In a recently observed campaign, the team found that ErrTraffic primarily targets WordPress websites by deploying a PHP backdoor script

Err-Hiding and Seek: How ErrTraffic v3 Leverages EtherHiding in ClickFix Campaign Read More »

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks, patches, SonicWall, Vulnerabilities, vulnerability /

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities 2026-04-09 at 15:44 By Ionut Arghire The bugs could allow attackers to modify protected resources and escalate their privileges to administrator. The post Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities Read More »

Adobe Reader Zero-Day Exploited for Months: Researcher

Adobe, Adobe Reader, exploited, Featured, Vulnerabilities, vulnerability, Zero-Day /

Adobe Reader Zero-Day Exploited for Months: Researcher 2026-04-09 at 12:00 By Eduard Kovacs Reputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability. The post Adobe Reader Zero-Day Exploited for Months: Researcher appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe Reader Zero-Day Exploited for Months: Researcher Read More »

Data Leakage Vulnerability Patched in OpenSSL

Data Protection, OpenSSL, patches, Vulnerabilities, vulnerability /

Data Leakage Vulnerability Patched in OpenSSL 2026-04-08 at 18:47 By Eduard Kovacs A total of seven vulnerabilities, most of which can be exploited for DoS attacks, have been patched in OpenSSL. The post Data Leakage Vulnerability Patched in OpenSSL appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Data Leakage Vulnerability Patched in OpenSSL Read More »

RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years

Apache, Apache ActiveMQ, RCE, Vulnerabilities, vulnerability /

RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years 2026-04-08 at 17:32 By Ionut Arghire The vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication. The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years Read More »

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

exploited, Ninja Forms, Vulnerabilities, WordPress /

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover 2026-04-08 at 15:06 By Ionut Arghire The vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution. The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek. This article is an

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover Read More »

Severe StrongBox Vulnerability Patched in Android

Android, Mobile & Wireless, StrongBox, Vulnerabilities, vulnerability /

Severe StrongBox Vulnerability Patched in Android 2026-04-07 at 20:31 By Eduard Kovacs A critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update. The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Severe StrongBox Vulnerability Patched in Android Read More »

Critical Flowise Vulnerability in Attacker Crosshairs

AI, Artificial Intelligence, exploited, Flowise, Vulnerabilities, vulnerability /

Critical Flowise Vulnerability in Attacker Crosshairs 2026-04-07 at 18:34 By Ionut Arghire The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Flowise Vulnerability in Attacker Crosshairs Read More »

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack 

Endpoint Security, GPU, GPUBreach, Rowhammer, Vulnerabilities /

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack  2026-04-07 at 14:58 By Eduard Kovacs Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges. The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack  Read More »

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

CVE-2026-35616, Featured, Fortinet, Network Security, Vulnerabilities, vulnerability /

Fortinet Rushes Emergency Fixes for Exploited Zero-Day 2026-04-06 at 12:42 By Ionut Arghire The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely. The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortinet Rushes Emergency Fixes for Exploited Zero-Day Read More »

Major Supply Chain Compromise in the Popular axios npm Package

Emerging Threats, News, Vulnerabilities /

Major Supply Chain Compromise in the Popular axios npm Package 2026-04-03 at 17:52 By Karl Sigler On March 30, 2026, two malicious versions of the widely used axios HTTP client library were published to npm; [email protected] and [email protected]. The malicious versions inject a new dependency, [email protected], which, in turn, downloads a Remote Access Toolkit (RAT).

Major Supply Chain Compromise in the Popular axios npm Package Read More »

TrueConf Zero-Day Exploited in Asian Government Attacks

Asia, China, exploited, Government, TrueConf, Vulnerabilities, vulnerability, Zero-Day /

TrueConf Zero-Day Exploited in Asian Government Attacks 2026-04-03 at 17:52 By Ionut Arghire A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads. The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TrueConf Zero-Day Exploited in Asian Government Attacks Read More »

Critical ShareFile Flaws Lead to Unauthenticated RCE

ShareFile, Vulnerabilities, vulnerability /

Critical ShareFile Flaws Lead to Unauthenticated RCE 2026-04-03 at 17:52 By Ionut Arghire The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical ShareFile Flaws Lead to Unauthenticated RCE Read More »

Critical Vulnerability in Claude Code Emerges Days After Source Leak

AI, Anthropic, Artificial Intelligence, Claude Code, Featured, Vulnerabilities, vulnerability /

Critical Vulnerability in Claude Code Emerges Days After Source Leak 2026-04-02 at 21:45 By Kevin Townsend Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on

Critical Vulnerability in Claude Code Emerges Days After Source Leak Read More »

Apple Rolls Out DarkSword Exploit Protection to More Devices

apple, DarkSword, exploit kit, exploited, iOS, iPhone, Mobile & Wireless, Vulnerabilities /

Apple Rolls Out DarkSword Exploit Protection to More Devices 2026-04-02 at 19:58 By Eduard Kovacs The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors. The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Apple Rolls Out DarkSword Exploit Protection to More Devices Read More »

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco, patches, Vulnerabilities, vulnerability /

Cisco Patches Critical and High-Severity Vulnerabilities 2026-04-02 at 15:36 By Ionut Arghire The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation. The post Cisco Patches Critical and High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Patches Critical and High-Severity Vulnerabilities Read More »

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Chrome, exploited, Featured, Vulnerabilities, Zero-Day /

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome 2026-04-01 at 18:46 By Eduard Kovacs Google has announced fixes for CVE-2026-5281, a zero-day affecting Chrome’s Dawn component.  The post Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome Read More »

Scroll to Top