Vulnerabilities

Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE

penetration testing, Vulnerabilities /

Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE 2026-04-29 at 17:00 By John Lopez Internet of Things (IoT) systems in hospitality environments are often overlooked as harmless amenities, but in reality, they can operate within highly interconnected networks, turning them into surprisingly effective gateways for broader system compromise. This […]

Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE Read More »

38 Vulnerabilities Found in OpenEMR Medical Software

healthcare, medical, OpenEMR, Vulnerabilities, vulnerability /

38 Vulnerabilities Found in OpenEMR Medical Software 2026-04-29 at 12:54 By Eduard Kovacs Some of the vulnerabilities discovered by Aisle can be exploited to access and alter sensitive patient information. The post 38 Vulnerabilities Found in OpenEMR Medical Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

38 Vulnerabilities Found in OpenEMR Medical Software Read More »

No Patch for New PhantomRPC Privilege Escalation Technique in Windows

PhantomRPC, privilege escalation, unpatched, Vulnerabilities, vulnerability, Windows /

No Patch for New PhantomRPC Privilege Escalation Technique in Windows 2026-04-28 at 15:09 By Ionut Arghire A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System. The post No Patch for New PhantomRPC Privilege Escalation Technique in Windows appeared first on SecurityWeek. This

No Patch for New PhantomRPC Privilege Escalation Technique in Windows Read More »

Incomplete Windows Patch Opens Door to Zero-Click Attacks

APT28, exploited, Russia, Vulnerabilities, vulnerability, Windows /

Incomplete Windows Patch Opens Door to Zero-Click Attacks 2026-04-27 at 20:43 By Ionut Arghire The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries. The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Incomplete Windows Patch Opens Door to Zero-Click Attacks Read More »

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

OpenSSH, Vulnerabilities, vulnerability /

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years 2026-04-27 at 20:43 By Ionut Arghire A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators. The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on SecurityWeek. This article is an excerpt

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years Read More »

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

Endpoint Security, Linux, Malware & Threats, Pack2TheRoot, privilege escalation, Vulnerabilities /

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access 2026-04-27 at 13:18 By Ionut Arghire A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access Read More »

Firefox Vulnerability Allows Tor User Fingerprinting

Featured, fingerprinting, Firefox, Privacy, Tor, tracking, Vulnerabilities, vulnerability /

Firefox Vulnerability Allows Tor User Fingerprinting 2026-04-27 at 11:49 By Eduard Kovacs The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Firefox Vulnerability Allows Tor User Fingerprinting Read More »

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike, Endpoint Security, Tenable, Vulnerabilities, vulnerability /

Vulnerabilities Patched in CrowdStrike, Tenable Products 2026-04-24 at 13:17 By Eduard Kovacs CrowdStrike has fixed a critical LogScale vulnerability, while Tenable addressed a high-severity Nessus flaw. The post Vulnerabilities Patched in CrowdStrike, Tenable Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerabilities Patched in CrowdStrike, Tenable Products Read More »

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

BlueHammer, exploited, Microsoft Defender, RedSun, UnDefend, Vulnerabilities, vulnerability /

Recent Microsoft Defender Vulnerability Exploited as Zero-Day 2026-04-23 at 12:17 By Ionut Arghire The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent Microsoft Defender Vulnerability Exploited as Zero-Day Read More »

Apple Patches iOS Flaw Allowing Recovery of Deleted Chats

Data Protection, data recovery, iOS, iPhone, patch, Signal, Vulnerabilities, vulnerability /

Apple Patches iOS Flaw Allowing Recovery of Deleted Chats 2026-04-23 at 12:17 By Ionut Arghire Apple rolled out the security patches for dozens of iPhone and iPad models and generations. The post Apple Patches iOS Flaw Allowing Recovery of Deleted Chats appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Apple Patches iOS Flaw Allowing Recovery of Deleted Chats Read More »

Claude Mythos Finds 271 Firefox Vulnerabilities

AI, Artificial Intelligence, Claude, Featured, Firefox, Mythos, Vulnerabilities, vulnerability /

Claude Mythos Finds 271 Firefox Vulnerabilities 2026-04-22 at 14:47 By Eduard Kovacs All the flaws could have also been found by an elite human researcher, according to Mozilla. The post Claude Mythos Finds 271 Firefox Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Claude Mythos Finds 271 Firefox Vulnerabilities Read More »

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

AI, Artificial Intelligence, Malware, Malware & Threats, Vulnerabilities, vulnerability /

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals 2026-04-22 at 13:47 By Eduard Kovacs Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware. The post Google Antigravity in Crosshairs of Security Researchers, Cybercriminals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals Read More »

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Featured, Oracle, Oracle CPU, patches, Vulnerabilities, vulnerability /

Oracle Patches 450 Vulnerabilities With April 2026 CPU 2026-04-22 at 11:49 By Ionut Arghire The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws. The post Oracle Patches 450 Vulnerabilities With April 2026 CPU appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Oracle Patches 450 Vulnerabilities With April 2026 CPU Read More »

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

exposed, Featured, misconfiguration, Perforce, server, Vulnerabilities /

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs 2026-04-21 at 15:49 By Eduard Kovacs Things are improving, but a researcher has still identified over 1,500 Perforce P4 instances allowing attackers to read files on the server. The post Unsecured Perforce Servers Expose Sensitive Data From Major Orgs appeared first on SecurityWeek. This article is

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs Read More »

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA KEV, Cisco, exploited, Kentico, Vulnerabilities, Zimbra /

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities 2026-04-21 at 15:29 By Ionut Arghire CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before. The post Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities Read More »

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

MOVEit, Progress Software, Vulnerabilities /

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster 2026-04-21 at 15:29 By Ionut Arghire The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass. The post Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster Read More »

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

ICS, ICS/OT, Lantronix, Silex, Vulnerabilities, vulnerability /

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking 2026-04-20 at 20:37 By Eduard Kovacs Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios. The post Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking Read More »

Go With the Flow: Abusing OAuth Device Code Flow

Emerging Threats, Threat Intelligence, Vulnerabilities /

Go With the Flow: Abusing OAuth Device Code Flow 2026-04-20 at 17:03 By Jakub Wiewiorski In early 2026, phishing attacks are still among the top contributors to the true positive detections in security operation centers (SOCs). Adversaries constantly come up with new ways of luring users into traps, concealing their actual intents and stacking anti-detection

Go With the Flow: Abusing OAuth Device Code Flow Read More »

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

exploited, router, TP-LINK, Vulnerabilities, vulnerability /

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers 2026-04-20 at 11:16 By Ionut Arghire In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed. The post Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Read More »

RedSun and the Expanding Risk Window: Why Microsoft Defender Patching Can’t Wait

Emerging Threats, Vulnerabilities /

RedSun and the Expanding Risk Window: Why Microsoft Defender Patching Can’t Wait 2026-04-17 at 21:02 By A newly disclosed zero-day vulnerability, dubbed RedSun, is raising fresh concerns for organizations relying on Microsoft Defender as a core layer of endpoint protection. Early indicators suggest similarities to the recently patched BlueHammer vulnerability (CVE-2026-33825), reinforcing a troubling trend:

RedSun and the Expanding Risk Window: Why Microsoft Defender Patching Can’t Wait Read More »

Scroll to Top