Vulnerabilities - Security Ticks

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Drupal, exploited, Featured, Vulnerabilities / SecurityTicks

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure 2026-05-22 at 21:05 By Eduard Kovacs Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek. This article is an […]

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure Read More »

TrendAI Patches Apex One Zero-Day Exploited in the Wild

exploited, Featured, Trend Micro, TrendAI, Vulnerabilities, vulnerability, Zero-Day / SecurityTicks

TrendAI Patches Apex One Zero-Day Exploited in the Wild 2026-05-22 at 11:53 By Eduard Kovacs CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

TrendAI Patches Apex One Zero-Day Exploited in the Wild Read More »

Cisco Patches Critical Vulnerability in Secure Workload

Cisco, patch, Vulnerabilities, vulnerability / SecurityTicks

Cisco Patches Critical Vulnerability in Secure Workload 2026-05-21 at 15:24 By Ionut Arghire Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Patches Critical Vulnerability in Secure Workload Read More »

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal, Vulnerabilities, vulnerability / SecurityTicks

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking 2026-05-21 at 14:22 By Eduard Kovacs CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking Read More »

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

exploited, Microsoft, Microsoft Defender, RedSun, UnDefend, Vulnerabilities, Zero-Day / SecurityTicks

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days 2026-05-21 at 13:14 By Ionut Arghire The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days Read More »

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

AI, Artificial Intelligence, Chrome, Featured, Google, Vulnerabilities, vulnerability / SecurityTicks

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI 2026-05-21 at 13:14 By Eduard Kovacs More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI Read More »

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

Black Kite, report, supply chain, Supply Chain Security, Vulnerabilities, vulnerability / SecurityTicks

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility 2026-05-21 at 11:40 By Kevin Townsend New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek. This article is

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility Read More »

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

BitLocker, Endpoint Security, Vulnerabilities, Windows, YellowKey / SecurityTicks

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass 2026-05-20 at 18:46 By Ionut Arghire The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass Read More »

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Drupal, Vulnerabilities, vulnerability / SecurityTicks

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation 2026-05-19 at 21:14 By Eduard Kovacs Drupal says attackers may develop an exploit for the vulnerability within hours or days. The post Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation Read More »

AI-Driven Cyber Warfare Reshapes Global Defense Readiness

Artificial Intelligence, Emerging Threats, Vulnerabilities / SecurityTicks

AI-Driven Cyber Warfare Reshapes Global Defense Readiness 2026-05-19 at 17:33 By Ziv Mador This article was originally published inTechRadar Pro. This article is an excerpt from LevelBlue Blog View Original Source

AI-Driven Cyber Warfare Reshapes Global Defense Readiness Read More »

YellowKey and GreenPlasma: Two New Windows Zero-Days Unveiled

Emerging Threats, Vulnerabilities / SecurityTicks

YellowKey and GreenPlasma: Two New Windows Zero-Days Unveiled 2026-05-19 at 17:33 By James Ballantyne and Pauline Bolaños Two novel Windows zero-day vulnerabilities dubbed YellowKey, which bypasses BitLocker drive encryption, and GreenPlasma, a local privilege escalation bug that targets a trusted Windows process called CTFMON, were recently publicly released. Nightmare-Eclipse (aka Chaotic Eclipse), a researcher who

YellowKey and GreenPlasma: Two New Windows Zero-Days Unveiled Read More »

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover

ChromaDB, Vulnerabilities, vulnerability / SecurityTicks

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover 2026-05-19 at 16:58 By Ionut Arghire The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB Vulnerability Can Lead to Server Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover Read More »

PoC Released for DirtyDecrypt Linux Kernel Vulnerability

DirtyDecrypt, Endpoint Security, Linux vulnerability, privilege escalation, Vulnerabilities, vulnerability / SecurityTicks

PoC Released for DirtyDecrypt Linux Kernel Vulnerability 2026-05-19 at 12:47 By Ionut Arghire Patched in April, the underlying vulnerability allows local attackers to elevate their privileges to root. The post PoC Released for DirtyDecrypt Linux Kernel Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

PoC Released for DirtyDecrypt Linux Kernel Vulnerability Read More »

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

cobots, Featured, ICS, ICS/OT, industrial robots, OT, Universal Robots, Vulnerabilities, vulnerability / SecurityTicks

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking 2026-05-19 at 09:34 By Eduard Kovacs The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking Read More »

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery

AI, Artificial Intelligence, OpenClaw, Vulnerabilities, vulnerability / SecurityTicks

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery 2026-05-18 at 15:48 By Ionut Arghire Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. The post ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery Read More »

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE

exploit, MiniPlasma, unpatched, Vulnerabilities, vulnerability, Windows / SecurityTicks

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE 2026-05-18 at 13:58 By Ionut Arghire The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE Read More »

Exploitation of Critical NGINX Vulnerability Begins

exploited, Nginx, Vulnerabilities, vulnerability / SecurityTicks

Exploitation of Critical NGINX Vulnerability Begins 2026-05-18 at 10:34 By Ionut Arghire The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of Critical NGINX Vulnerability Begins Read More »

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026

Artificial Intelligence, exploit, Featured, hacking contest, Pwn2Own, Pwn2Own Berlin, Vulnerabilities / SecurityTicks

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 2026-05-18 at 08:02 By Eduard Kovacs Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 Read More »

PoC Code Published for Critical NGINX Vulnerability

exploit, Nginx, PoC, Vulnerabilities, vulnerability / SecurityTicks

PoC Code Published for Critical NGINX Vulnerability 2026-05-16 at 14:43 By Ionut Arghire Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

PoC Code Published for Critical NGINX Vulnerability Read More »

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

email security, Exchange, exploited, Microsoft Exchange, Vulnerabilities, Zero-Day / SecurityTicks

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild 2026-05-15 at 15:32 By Eduard Kovacs Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild Read More »