Vulnerabilities - Security Ticks

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

EPMM, exploited, Ivanti, Vulnerabilities, vulnerability, Zero-Day / SecurityTicks

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks 2026-05-08 at 11:42 By Eduard Kovacs CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks Read More »

Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking

China, China APT, exploited, firewall, Nation-State, Palo Alto Networks, Vulnerabilities, Zero-Day / SecurityTicks

Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking 2026-05-07 at 19:01 By Eduard Kovacs The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.

Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking Read More »

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

AI, Application Security, Claude Code, OAuth, Vulnerabilities / SecurityTicks

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking 2026-05-07 at 17:33 By Kevin Townsend Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking Read More »

Chrome 148 Rolls Out With 127 Security Fixes

Chrome, Vulnerabilities, vulnerability / SecurityTicks

Chrome 148 Rolls Out With 127 Security Fixes 2026-05-07 at 17:33 By Ionut Arghire The fresh browser update resolves critical-severity integer overflow and use-after-free vulnerabilities. The post Chrome 148 Rolls Out With 127 Security Fixes appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 148 Rolls Out With 127 Security Fixes Read More »

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

AI, Artificial Intelligence, Gemini, Gemini CLI, supply chain, Vulnerabilities, vulnerability / SecurityTicks

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack 2026-05-07 at 14:33 By Ionut Arghire Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack Read More »

Cisco Patches High-Severity Vulnerabilities in Enterprise Products

Cisco, Network Security, patch, Vulnerabilities, vulnerability / SecurityTicks

Cisco Patches High-Severity Vulnerabilities in Enterprise Products 2026-05-07 at 14:33 By Ionut Arghire Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Patches High-Severity Vulnerabilities in Enterprise Products Read More »

Oracle Debuts Monthly Critical Security Patch Updates

CSPU, Oracle, patch, Vulnerabilities / SecurityTicks

Oracle Debuts Monthly Critical Security Patch Updates 2026-05-06 at 09:35 By Ionut Arghire Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. The post Oracle Debuts Monthly Critical Security Patch Updates appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Oracle Debuts Monthly Critical Security Patch Updates Read More »

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

exploited, firewall, Palo Alto Networks, Vulnerabilities, vulnerability, Zero-Day / SecurityTicks

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls 2026-05-06 at 09:24 By Eduard Kovacs CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls Read More »

Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft

AI, Artificial Intelligence, Bleeding Llama, Featured, Ollama, Vulnerabilities, vulnerability / SecurityTicks

Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft 2026-05-05 at 17:46 By Ionut Arghire Dubbed Bleeding Llama, the heap out-of-bounds read issue can be exploited remotely, without authentication. The post Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft Read More »

Critical Remote Code Execution Vulnerability Patched in Android

Android, Mobile & Wireless, patch, Vulnerabilities, vulnerability / SecurityTicks

Critical Remote Code Execution Vulnerability Patched in Android 2026-05-05 at 17:46 By Eduard Kovacs CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Remote Code Execution Vulnerability Patched in Android Read More »

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

Apache, HTTP Server, MINA, patch, Vulnerabilities, vulnerability / SecurityTicks

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server 2026-05-05 at 17:46 By Ionut Arghire The most severe of these security defects could allow remote attackers to execute arbitrary code. The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server Read More »

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs

China, exploited, MetInfo, Vulnerabilities, vulnerability, Weaver E-cology / SecurityTicks

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs 2026-05-05 at 13:20 By Ionut Arghire The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs Read More »

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

Featured, patch, spoofing, Vulnerabilities, vulnerability, WhatsApp / SecurityTicks

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities 2026-05-05 at 13:20 By Eduard Kovacs The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities Read More »

Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Copy Fail, Endpoint Security, exploited, Linux, Linux vulnerability, Vulnerabilities / SecurityTicks

Exploitation of ‘Copy Fail’ Linux Vulnerability Begins 2026-05-04 at 14:30 By Ionut Arghire CISA has added the bug to its KEV list, and Microsoft has observed limited exploitation, mainly associated with PoC testing. The post Exploitation of ‘Copy Fail’ Linux Vulnerability Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Exploitation of ‘Copy Fail’ Linux Vulnerability Begins Read More »

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

cPanel, exploited, Vulnerabilities / SecurityTicks

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation 2026-05-04 at 13:11 By Ionut Arghire The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation Read More »

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

AI, Android, Artificial Intelligence, bug bounty, Chrome, Google, Vulnerabilities, vulnerability / SecurityTicks

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge 2026-05-01 at 18:20 By Eduard Kovacs The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million. The post Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge appeared first

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge Read More »

Inside Vect Ransomware-as-a-Service

Emerging Threats, Vulnerabilities / SecurityTicks

Inside Vect Ransomware-as-a-Service 2026-04-30 at 18:18 By Nathaniel Morales Vect ransomware, a new group that emerged in January 2026, has recently begun attracting attention in the cybersecurity space for its strategic partnerships, which are helping it expand. One notable collaboration is with TeamPCP, with evidence already surfacing as the latest victims on Vect’s leak site

Inside Vect Ransomware-as-a-Service Read More »

SonicWall Urges Immediate Patching of Firewall Vulnerabilities

firewall, patches, SonicWall, Vulnerabilities, vulnerability / SecurityTicks

SonicWall Urges Immediate Patching of Firewall Vulnerabilities 2026-04-30 at 18:18 By Ionut Arghire The bugs could be exploited to bypass security controls, access restricted services, and crash firewalls. The post SonicWall Urges Immediate Patching of Firewall Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SonicWall Urges Immediate Patching of Firewall Vulnerabilities Read More »

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

cPanel, exploited, Vulnerabilities, vulnerability, Zero-Day / SecurityTicks

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months 2026-04-30 at 14:51 By Ionut Arghire The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months Read More »

‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover

Copy Fail, Endpoint Security, Featured, Linux, Linux vulnerability, Vulnerabilities / SecurityTicks

‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover 2026-04-30 at 13:56 By Ionut Arghire Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover Read More »