vulnerability

New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking

New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking 2026-06-30 at 08:04 By Eduard Kovacs CISA has published an advisory to inform organizations about three vulnerabilities found by a researcher in Daktronics controllers. The post New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking appeared first on SecurityWeek. This article is […]

New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking Read More »

JSP webshells being dropped on unpatched PTC Windchill instances

JSP webshells being dropped on unpatched PTC Windchill instances 2026-06-29 at 19:18 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. Entries in the KEV catalog don’t contain links

JSP webshells being dropped on unpatched PTC Windchill instances Read More »

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories 2026-06-26 at 18:23 By Eduard Kovacs AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.  The post Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories appeared first on SecurityWeek. This article is an excerpt from

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories Read More »

Linux Foundation Unveils New Open Source Security Project Akrites

Linux Foundation Unveils New Open Source Security Project Akrites 2026-06-26 at 14:28 By Ionut Arghire It will provide the tools and channels to report, patch, and disclose open source software vulnerabilities. The post Linux Foundation Unveils New Open Source Security Project Akrites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Linux Foundation Unveils New Open Source Security Project Akrites Read More »

Synology issues critical fix for MailPlus Server vulnerabilities

Synology issues critical fix for MailPlus Server vulnerabilities 2026-06-26 at 13:57 By Zeljka Zorz Synology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices. The security update fixes three flaws: CVE-2026-13136, stemming from faulty authorization checks, may allow remote attackers to read or

Synology issues critical fix for MailPlus Server vulnerabilities Read More »

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild 2026-06-26 at 11:15 By Eduard Kovacs CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. The post First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild Read More »

GitLab Patches Code Execution, Information Disclosure Vulnerabilities

GitLab Patches Code Execution, Information Disclosure Vulnerabilities 2026-06-25 at 14:10 By Ionut Arghire The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects. The post GitLab Patches Code Execution, Information Disclosure Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitLab Patches Code Execution, Information Disclosure Vulnerabilities Read More »

Chrome 149 Update Resolves 18 Severe Vulnerabilities

Chrome 149 Update Resolves 18 Severe Vulnerabilities 2026-06-25 at 10:56 By Ionut Arghire More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution. The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 149 Update Resolves 18 Severe Vulnerabilities Read More »

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs 2026-06-24 at 15:32 By Ionut Arghire The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands. The post Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs Read More »

Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)

Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230) 2026-06-24 at 14:36 By Zeljka Zorz CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “Our honeypots are seeing automated sweeps dropping webshells, all

Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230) Read More »

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking 2026-06-24 at 13:55 By Ionut Arghire The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking Read More »

Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps

Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps 2026-06-23 at 18:36 By Ionut Arghire Attackers could abuse Dify’s multi-tenant cloud service to read private chats, preview other tenants’ documents, and reach internal APIs. The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appeared first on SecurityWeek.

Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps Read More »

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances 2026-06-23 at 14:48 By Ionut Arghire Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library. The post FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances appeared first on SecurityWeek. This article

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances Read More »

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data 2026-06-22 at 16:22 By Eduard Kovacs Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.  The post Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data Read More »

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data 2026-06-22 at 14:45 By Ionut Arghire Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data Read More »

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) 2026-06-19 at 13:50 By Zeljka Zorz CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) Read More »

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure 2026-06-19 at 07:10 By Eduard Kovacs CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek. This article is an excerpt

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure Read More »

Atlassian, Splunk Patch Critical Vulnerabilities

Atlassian, Splunk Patch Critical Vulnerabilities 2026-06-18 at 13:59 By Ionut Arghire Splunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies. The post Atlassian, Splunk Patch Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Atlassian, Splunk Patch Critical Vulnerabilities Read More »

Critical Command Execution Vulnerability Patched in Cisco ISE

Critical Command Execution Vulnerability Patched in Cisco ISE 2026-06-18 at 13:27 By Ionut Arghire Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. The post Critical Command Execution Vulnerability Patched in Cisco ISE appeared first on SecurityWeek. This article is an excerpt from

Critical Command Execution Vulnerability Patched in Cisco ISE Read More »

Scroll to Top