vulnerability

Claude Code Flaws Exposed Developer Devices to Silent Hacking

AI, Claude, Claude Code, Vulnerabilities, vulnerability /

Claude Code Flaws Exposed Developer Devices to Silent Hacking 2026-02-26 at 19:37 By Eduard Kovacs Anthropic has patched vulnerabilities whose impact was demonstrated by Check Point via malicious configuration files. The post Claude Code Flaws Exposed Developer Devices to Silent Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Claude Code Flaws Exposed Developer Devices to Silent Hacking Read More »

Zyxel Patches Critical Vulnerability in Many Device Models

router, Vulnerabilities, vulnerability, Zyxel /

Zyxel Patches Critical Vulnerability in Many Device Models 2026-02-26 at 14:40 By Ionut Arghire The issue impacts the UPnP function of multiple device models and could be exploited for remote code execution. The post Zyxel Patches Critical Vulnerability in Many Device Models appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Zyxel Patches Critical Vulnerability in Many Device Models Read More »

Trend Micro Patches Critical Apex One Vulnerabilities

Apex One, Endpoint Security, Trend Micro, Vulnerabilities, vulnerability /

Trend Micro Patches Critical Apex One Vulnerabilities 2026-02-26 at 12:27 By Eduard Kovacs TrendAI has fixed eight critical and high-severity issues in Windows and macOS endpoint security products. The post Trend Micro Patches Critical Apex One Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Trend Micro Patches Critical Apex One Vulnerabilities Read More »

Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers

Catalyst, Cisco, exploited, Featured, Malware & Threats, SD-WAN, Vulnerabilities, vulnerability, Zero-Day /

Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers 2026-02-26 at 11:52 By Ionut Arghire Already added to CISA’s KEV catalog, the flaw allows attackers to bypass authentication and gain administrative privileges. The post Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers appeared first on SecurityWeek. This article is an excerpt from

Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers Read More »

SolarWinds Patches Four Critical Serv-U Vulnerabilities

SolarWinds, Vulnerabilities, vulnerability /

SolarWinds Patches Four Critical Serv-U Vulnerabilities 2026-02-25 at 17:30 By Ionut Arghire The four security defects could be exploited for remote code execution but require administrative privileges. The post SolarWinds Patches Four Critical Serv-U Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SolarWinds Patches Four Critical Serv-U Vulnerabilities Read More »

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs

cyber news, vulnerability, vulnerability management /

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs 2026-02-25 at 15:20 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,102 vulnerabilities last week. Of these, 166 vulnerabilities already have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of real-world attacks. A total of 49 vulnerabilities were rated critical under CVSS v3.1, while 32 received critical

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs Read More »

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)

0-day, CISA, Don't miss, file-sharing, FileZen, Hot stuff, Japan, JPCERT/CC, News, Ransomware, Soliton, vulnerability /

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) 2026-02-25 at 12:14 By Zeljka Zorz CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) Read More »

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Aria Operations, VMWare, Vulnerabilities, vulnerability /

VMware Aria Operations Vulnerability Could Allow Remote Code Execution 2026-02-24 at 16:42 By Eduard Kovacs Broadcom has patched several vulnerabilities in VMware Aria Operations, including high-severity flaws. The post VMware Aria Operations Vulnerability Could Allow Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

VMware Aria Operations Vulnerability Could Allow Remote Code Execution Read More »

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

AI, Copilot, GitHub, prompt injection, RoguePilot, Vulnerabilities, vulnerability /

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover 2026-02-24 at 14:26 By Ionut Arghire Attackers can inject malicious instructions in a GitHub Issue that are automatically processed by Copilot when launching a Codespace from that issue. The post GitHub Issues Abused in Copilot Attack Leading to Repository Takeover appeared first on SecurityWeek. This

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover Read More »

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure

cyber news, vulnerability, vulnerability management /

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure 2026-02-19 at 14:07 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,158 vulnerabilities last week. Of these, 251 vulnerabilities already have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of real-world attacks.  A total of 94 vulnerabilities were rated critical under CVSS v3.1, while 43 were rated

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure Read More »

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment

Don't miss, Hot stuff, News, Ransomware, SmarterTools, vulnerability /

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment 2026-02-09 at 17:18 By Zeljka Zorz SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed vulnerability in that solution. How did the SmarterTools breach happen? Derek Curtis, the firm’s Chief Operating Officer,

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment Read More »

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)

BeyondTrust, Don't miss, enterprise, Hacktron AI, Hot stuff, News, remote access, vulnerability /

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) 2026-02-09 at 13:36 By Zeljka Zorz BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) Read More »

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog

CISA KEV, KEVology, Risk Management, Vulnerabilities, vulnerability /

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog 2026-02-09 at 11:10 By Kevin Townsend The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it. The post New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog Read More »

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

CISA KEV, exploited, SmarterMail, SmarterTools, Vulnerabilities, vulnerability /

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks 2026-02-06 at 09:54 By Ionut Arghire The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests. The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks Read More »

Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog

CISA, CISA KEV, Government, Ransomware, Vulnerabilities, vulnerability /

Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog 2026-02-06 at 08:00 By Eduard Kovacs CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek. This article is an excerpt

Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog Read More »

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

Broadcom, CISA, Don't miss, ESXi, exploit, GreyNoise, Hot stuff, News, patching, Ransomware, VMWare, vulnerability, vulnerability management /

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers 2026-02-05 at 18:17 By Zeljka Zorz CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers Read More »

VS Code Configs Expose GitHub Codespaces to Attacks

Application Security, GitHub, GitHub Codespaces, Vulnerabilities, vulnerability /

VS Code Configs Expose GitHub Codespaces to Attacks 2026-02-05 at 16:59 By Ionut Arghire VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

VS Code Configs Expose GitHub Codespaces to Attacks Read More »

Critical N8n Sandbox Escape Could Lead to Server Compromise

AI, n8n, sandbox escape, Vulnerabilities, vulnerability /

Critical N8n Sandbox Escape Could Lead to Server Compromise 2026-02-05 at 14:02 By Ionut Arghire The vulnerability could allow attackers to execute arbitrary commands and steal credentials and other secrets. The post Critical N8n Sandbox Escape Could Lead to Server Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical N8n Sandbox Escape Could Lead to Server Compromise Read More »

Cisco, F5 Patch High-Severity Vulnerabilities

Cisco, F5, Vulnerabilities, vulnerability /

Cisco, F5 Patch High-Severity Vulnerabilities 2026-02-05 at 12:06 By Ionut Arghire The security defects can lead to DoS conditions, arbitrary command execution, and privilege escalation. The post Cisco, F5 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco, F5 Patch High-Severity Vulnerabilities Read More »

Vulnerabilities Allowed Full Compromise of Google Looker Instances

cloud security, Google Looker, Lookout, Vulnerabilities, vulnerability /

Vulnerabilities Allowed Full Compromise of Google Looker Instances 2026-02-04 at 15:45 By Eduard Kovacs The flaws dubbed LookOut can be exploited for remote code execution and data exfiltration. The post Vulnerabilities Allowed Full Compromise of Google Looker Instances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerabilities Allowed Full Compromise of Google Looker Instances Read More »

Scroll to Top