Oracle WebLogic Vulnerability Exploited in the Wild 2026-06-02 at 15:46 By Eduard Kovacs The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Oracle WebLogic Vulnerability Exploited in the Wild Read More »
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches 2026-06-02 at 15:25 By Ionut Arghire A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches Read More »
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities 2026-06-02 at 10:58 By Ionut Arghire Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities Read More »
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites 2026-06-01 at 22:05 By Ionut Arghire The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites Read More »
Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs 2026-06-01 at 20:16 By Ionut Arghire Organizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation. The post Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs Read More »
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access 2026-06-01 at 17:37 By Ionut Arghire Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek. This article
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access Read More »
Recent Palo Alto Networks Vulnerability Exploited for Weeks 2026-06-01 at 17:37 By Ionut Arghire Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure. The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent Palo Alto Networks Vulnerability Exploited for Weeks Read More »
Exploit Code Published for Critical Flowise RCE Vulnerability 2026-05-30 at 18:55 By Ionut Arghire The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek. This article is an excerpt from
Exploit Code Published for Critical Flowise RCE Vulnerability Read More »
Gogs Zero-Day Exposes Servers to Remote Code Execution 2026-05-29 at 18:31 By Ionut Arghire The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on
Gogs Zero-Day Exposes Servers to Remote Code Execution Read More »
Chrome 148 Update Patches 151 Vulnerabilities 2026-05-29 at 14:08 By Ionut Arghire The browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chrome 148 Update Patches 151 Vulnerabilities Read More »
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” 2026-05-28 at 17:54 By SecurityWeek News Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” appeared
Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign 2026-05-28 at 17:00 By Maor Gabay We recently observed a multi-stage macOS intrusion campaign conducted by the North Korean state-sponsored threat group Sapphire Sleet (also tracked as BlueNoroff/UNC1069). This article is an excerpt from LevelBlue SpiderLabs Blog View Original Source
Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign Read More »
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks 2026-05-28 at 15:55 By Ionut Arghire Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. The post Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks appeared first on SecurityWeek. This
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks Read More »
Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate 2026-05-27 at 17:30 By Eduard Kovacs Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek. This article is an
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day 2026-05-27 at 09:56 By Ionut Arghire Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges. The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek. This article is an
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day Read More »
Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment 2026-05-26 at 17:32 By Ionut Arghire Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution. The post Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment Read More »
Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images 2026-05-26 at 13:56 By Mike Lennon DockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes. The post Open Source DockSec Uses AI to Cut Through Vulnerability Noise
Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images Read More »
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites 2026-05-25 at 16:59 By Eduard Kovacs Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack. The post Ghost CMS Vulnerability Exploited to Hack Over 700 Websites appeared first on SecurityWeek. This article is an excerpt
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites Read More »
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects 2026-05-25 at 13:58 By Eduard Kovacs Many findings have been confirmed to be critical or high-severity vulnerabilities and the number will continue to increase. The post Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects appeared first on SecurityWeek. This article is an excerpt
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects Read More »
From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain 2026-05-22 at 22:53 By Since April 2026, LevelBlue SpiderLabs’ Cyber Threat Intelligence team has tracked a series of public zero-day disclosures targeting Microsoft Windows, attributed to an anonymous actor operating under the names Chaotic Eclipse and Nightmare Eclipse. The activity spans multiple areas of
From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain Read More »