Using RF Power Levels to Defeat MAC Address Randomization Enabling Passive Device Tracking 2026-03-31 at 18:01 By Tom Neaves I came up with a theory (based on science) that it may be possible to passively track wireless devices even though they are making use of the defense that is MAC Address Randomization. This article is […]
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs 2026-03-31 at 15:43 By Ionut Arghire Remotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years. The post StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs Read More »
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins 2026-03-31 at 15:43 By Ionut Arghire The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins Read More »
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise 2026-03-31 at 11:21 By Kevin Townsend Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens. The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise Read More »
Exploitation of Fresh Citrix NetScaler Vulnerability Begins 2026-03-30 at 12:32 By Ionut Arghire The critical-severity flaw leaks application memory and can be exploited to obtain authenticated administrative session IDs. The post Exploitation of Fresh Citrix NetScaler Vulnerability Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Exploitation of Fresh Citrix NetScaler Vulnerability Begins Read More »
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild 2026-03-30 at 10:37 By Ionut Arghire Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue. The post F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild appeared first on SecurityWeek. This
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild Read More »
OpenAI Launches Bug Bounty Program for Abuse and Safety Risks 2026-03-27 at 15:33 By Ionut Arghire Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm. The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared first on SecurityWeek. This article is an excerpt from
OpenAI Launches Bug Bounty Program for Abuse and Safety Risks Read More »
TP-Link Patches High-Severity Router Vulnerabilities 2026-03-27 at 13:42 By Ionut Arghire The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
TP-Link Patches High-Severity Router Vulnerabilities Read More »
Cybersecurity in Hospitality: Defending a Highly Distributed Enterprise 2026-03-26 at 16:23 By Bindu Sundaresan When we think about a modern hospitality organization, we mustn’t limit ourselves to just considering the hotel. In fact, hospitality companies are interlocking digital ecosystems where a single weakness can ripple across dozens of properties and millions of guest records. This
Cybersecurity in Hospitality: Defending a Highly Distributed Enterprise Read More »
BIND Updates Patch High-Severity Vulnerabilities 2026-03-26 at 15:52 By Ionut Arghire Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
BIND Updates Patch High-Severity Vulnerabilities Read More »
Cisco Patches Multiple Vulnerabilities in IOS Software 2026-03-26 at 15:52 By Ionut Arghire The high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Cisco Patches Multiple Vulnerabilities in IOS Software Read More »
iOS, macOS 26.4 Roll Out With Fresh Security Patches 2026-03-25 at 18:18 By Ionut Arghire Apple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. The post iOS, macOS 26.4 Roll Out With Fresh Security Patches appeared first on SecurityWeek. This article is an
iOS, macOS 26.4 Roll Out With Fresh Security Patches Read More »
Chrome 146 Update Patches High-Severity Vulnerabilities 2026-03-24 at 19:53 By Ionut Arghire The software refresh fixes eight memory safety bugs affecting seven Chrome components. The post Chrome 146 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chrome 146 Update Patches High-Severity Vulnerabilities Read More »
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn 2026-03-24 at 14:02 By Ionut Arghire An out-of-bounds read vulnerability can be exploited remotely without authentication to read sensitive information from memory. The post Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn Read More »
QNAP Patches Four Vulnerabilities Exploited at Pwn2Own 2026-03-23 at 13:50 By Ionut Arghire The flaws could allow attackers to access sensitive information, execute code, or cause unexpected behavior. The post QNAP Patches Four Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
QNAP Patches Four Vulnerabilities Exploited at Pwn2Own Read More »
Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability 2026-03-23 at 09:18 By Eduard Kovacs CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek. This article is an excerpt from
Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability Read More »
Critical Quest KACE Vulnerability Potentially Exploited in Attacks 2026-03-21 at 13:00 By Eduard Kovacs The vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector. The post Critical Quest KACE Vulnerability Potentially Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Critical Quest KACE Vulnerability Potentially Exploited in Attacks Read More »
Critical Langflow Vulnerability Exploited Hours After Public Disclosure 2026-03-20 at 10:42 By Ionut Arghire Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution. The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Langflow Vulnerability Exploited Hours After Public Disclosure Read More »
Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault 2026-03-19 at 22:28 By Shabtay Barel, Serhii Melnyk, Rodel Mendrez This report expands LevelBlue’s ongoing investigation into a multi-stage fileless malware campaign in which a network of compromised legitimate websites redirects victims to fake CAPTCHA verification pages delivering credential-stealing payloads through a ClickFix social engineering mechanism. This
Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault Read More »
Critical ScreenConnect Vulnerability Exposes Machine Keys 2026-03-19 at 22:27 By Ionut Arghire Latest ScreenConnect version adds encrypted storage and management to prevent unauthorized access to machine keys. The post Critical ScreenConnect Vulnerability Exposes Machine Keys appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical ScreenConnect Vulnerability Exposes Machine Keys Read More »