DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft 2026-02-04 at 13:48 By Ionut Arghire The critical vulnerability exists in the contextual trust in MCP Gateway architecture, as instructions are passed without validation. The post DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft appeared first on SecurityWeek. This article is […]
DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft Read More »
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk 2026-02-04 at 13:25 By Help Net Security Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as “LookOut,” affecting Google Looker. Because the business intelligence platform is deployed by more than 60,000 organizations in 195 countries, the flaws could give attackers a path
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk Read More »
Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks 2026-02-04 at 12:02 By Ionut Arghire Two IP addresses accounted for the majority of the 1.4 million exploitation attempts observed over the past week. The post Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks Read More »
Fresh SolarWinds Vulnerability Exploited in Attacks 2026-02-04 at 11:56 By Ionut Arghire The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. The post Fresh SolarWinds Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fresh SolarWinds Vulnerability Exploited in Attacks Read More »
Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks 2026-02-04 at 10:47 By Eduard Kovacs Wiz and Permiso have analyzed the AI agent social network and found serious security issues and threats. The post Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks appeared first on SecurityWeek. This article
Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks Read More »
Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) 2026-02-03 at 17:21 By Zeljka Zorz Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft
Critical React Native Vulnerability Exploited in the Wild 2026-02-03 at 16:01 By Ionut Arghire Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical React Native Vulnerability Exploited in the Wild Read More »
Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant 2026-02-03 at 15:49 By Eduard Kovacs OpenClaw (aka Moltbot and Clawdbot) is vulnerable to one-click remote code execution attacks. The post Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant Read More »
The Week in Vulnerabilities: Open-Sources Fixes Urged by Cyble 2026-02-03 at 15:15 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 1,147 vulnerabilities in the last week, and more than 128 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks. A total of 108 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 54 received a critical severity rating
The Week in Vulnerabilities: Open-Sources Fixes Urged by Cyble Read More »
Aisy Launches Out of Stealth to Transform Vulnerability Management 2026-01-30 at 17:19 By Kevin Townsend Aisy has emerged from stealth mode with $2.3 million in seed funding for its AI-assisted platform. The post Aisy Launches Out of Stealth to Transform Vulnerability Management appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Aisy Launches Out of Stealth to Transform Vulnerability Management Read More »
Ivanti Patches Exploited EPMM Zero-Days 2026-01-30 at 10:33 By Eduard Kovacs The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Ivanti Patches Exploited EPMM Zero-Days Read More »
ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell 2026-01-30 at 07:09 By rohansinhacyblecom Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified a Linux intrusion chain leveraging a highly obfuscated, fileless loader that deploys a weaponized variant of hackshell entirely from memory. Cyble tracks this activity under the name ShadowHS, reflecting
ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell Read More »
N8n Vulnerabilities Could Lead to Remote Code Execution 2026-01-29 at 17:29 By Ionut Arghire The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. The post N8n Vulnerabilities Could Lead to Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
N8n Vulnerabilities Could Lead to Remote Code Execution Read More »
SolarWinds Patches Critical Web Help Desk Vulnerabilities 2026-01-29 at 15:49 By Ionut Arghire The four critical flaws could be exploited without authentication for remote code execution or authentication bypass. The post SolarWinds Patches Critical Web Help Desk Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
SolarWinds Patches Critical Web Help Desk Vulnerabilities Read More »
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP! 2026-01-29 at 11:34 By Zeljka Zorz SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers to upgrade to v2026.1 as soon as possible. The vulnerabilities The WHD vulnerabilities fixed
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP! Read More »
The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes 2026-01-28 at 12:33 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 1,031 vulnerabilities in the last week, and nearly 200 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities. A total of 72 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 33 received a critical severity rating based on
The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes Read More »
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL 2026-01-28 at 09:48 By Eduard Kovacs A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm. The post High-Severity Remote Code Execution Vulnerability Patched in OpenSSL appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL Read More »
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) 2026-01-28 at 02:21 By Zeljka Zorz Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) Read More »
Organizations Warned of Exploited Linux Vulnerabilities 2026-01-27 at 12:47 By Ionut Arghire The flaws allow threat actors to obtain root privileges or bypass authentication via Telnet and gain shell access as root. The post Organizations Warned of Exploited Linux Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Organizations Warned of Exploited Linux Vulnerabilities Read More »
Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms 2026-01-26 at 18:51 By Eduard Kovacs More than 20 vulnerabilities were found and patched in Dormakaba physical access control systems. The post Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms appeared first on SecurityWeek. This article is an excerpt
Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms Read More »