vulnerability

RabbitMQ Vulnerability Threatens Enterprise Systems

RabbitMQ Vulnerability Threatens Enterprise Systems 2026-07-13 at 15:00 By Ionut Arghire Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker. The post RabbitMQ Vulnerability Threatens Enterprise Systems appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

RabbitMQ Vulnerability Threatens Enterprise Systems Read More »

Zimbra Patches Critical Code Execution Vulnerability

Zimbra Patches Critical Code Execution Vulnerability 2026-07-13 at 13:03 By Ionut Arghire The flaw results in malicious code embedded in crafted emails being executed when the emails are opened. The post Zimbra Patches Critical Code Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Zimbra Patches Critical Code Execution Vulnerability Read More »

Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns

Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns 2026-07-13 at 11:20 By Ionut Arghire The company notified customers to manually shut down their servers while it is investigating a credible threat. The post Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns appeared first on SecurityWeek. This article is an excerpt from

Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns Read More »

Palo Alto Networks Patches 13 Vulnerabilities

Palo Alto Networks Patches 13 Vulnerabilities 2026-07-09 at 16:49 By Eduard Kovacs Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software. The post Palo Alto Networks Patches 13 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Palo Alto Networks Patches 13 Vulnerabilities Read More »

Microsoft Patches Defender ‘RoguePlanet’ Vulnerability

Microsoft Patches Defender ‘RoguePlanet’ Vulnerability 2026-07-09 at 13:28 By Eduard Kovacs The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update. The post Microsoft Patches Defender ‘RoguePlanet’ Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches Defender ‘RoguePlanet’ Vulnerability Read More »

AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique

AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique 2026-07-09 at 11:52 By Eduard Kovacs Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval. The post AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique appeared first on SecurityWeek. This article is an

AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique Read More »

Chrome 150 Update Patches 27 Vulnerabilities

Chrome 150 Update Patches 27 Vulnerabilities 2026-07-09 at 10:27 By Ionut Arghire The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google. The post Chrome 150 Update Patches 27 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 150 Update Patches 27 Vulnerabilities Read More »

Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices

Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices 2026-07-09 at 08:00 By Ionut Arghire Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device’s web management interface. The post Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices Read More »

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) 2026-07-08 at 17:03 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The flaw was added to the agency’s Known Exploited Vulnerabilities catalog on Tuesday, July 7, nearly two weeks after

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) Read More »

Google Dialogflow CX Bug Allowed Attackers to Hijack AI Conversations

Google Dialogflow CX Bug Allowed Attackers to Hijack AI Conversations 2026-07-08 at 15:15 By Ionut Arghire The “Rogue Agent” vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same Google Cloud project. The post Google Dialogflow CX Bug Allowed Attackers to Hijack AI Conversations

Google Dialogflow CX Bug Allowed Attackers to Hijack AI Conversations Read More »

Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection

Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection 2026-07-08 at 13:30 By Ionut Arghire Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication. The post Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection appeared first on SecurityWeek. This article

Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection Read More »

Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Critical Gitea Flaw Under Active Exploitation, Researchers Warn 2026-07-07 at 20:17 By Ionut Arghire Attackers are exploiting the critical Gitea vulnerability CVE-2026-20896 to bypass authentication with a single HTTP header and access vulnerable repositories and secrets. The post Critical Gitea Flaw Under Active Exploitation, Researchers Warn appeared first on SecurityWeek. This article is an excerpt

Critical Gitea Flaw Under Active Exploitation, Researchers Warn Read More »

Critical Adobe ColdFusion Vulnerability Exploited in Attacks

Critical Adobe ColdFusion Vulnerability Exploited in Attacks 2026-07-07 at 15:38 By Ionut Arghire Hackers are exploiting a recently patched critical vulnerability (CVE-2026-48282) in Adobe ColdFusion that carries a CVSS score of 10/10. The post Critical Adobe ColdFusion Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Adobe ColdFusion Vulnerability Exploited in Attacks Read More »

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282) 2026-07-07 at 15:03 By Zeljka Zorz CVE-2026-48282, one of the maximum severity vulnerabilities patched in Adobe ColdFusion on June 30, 2026, has been targeted by attackers in the wild. Exploitation attempts were detected on July 2, through the honeypot sensors of cybersecurity threat-intelligence service KEVIntel, mere minutes after

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282) Read More »

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817) 2026-06-30 at 16:58 By Zeljka Zorz Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday. The detected exploitation attempts (Source: Defused) “On 27 June 2026

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817) Read More »

Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

Exploitation of Recent Oracle E-Business Suite Vulnerability Begins 2026-06-30 at 14:29 By Ionut Arghire The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product. The post Exploitation of Recent Oracle E-Business Suite Vulnerability Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of Recent Oracle E-Business Suite Vulnerability Begins Read More »

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) 2026-06-30 at 13:25 By Zeljka Zorz Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) Read More »

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

Critical SimpleHelp Vulnerability Exploited for Malware Delivery 2026-06-30 at 11:43 By Ionut Arghire The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical SimpleHelp Vulnerability Exploited for Malware Delivery Read More »

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin 2026-06-30 at 09:15 By Mirko Zorz Phones and laptops ship with a feature that sends files to nearby devices over the air, with no cables, accounts, or prior pairing. Apple calls its version AirDrop. Google and Samsung call theirs Quick Share.

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin Read More »

Scroll to Top