Firefox Vulnerability Allows Tor User Fingerprinting 2026-04-27 at 11:49 By Eduard Kovacs The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Firefox Vulnerability Allows Tor User Fingerprinting Read More »
Vulnerabilities Patched in CrowdStrike, Tenable Products 2026-04-24 at 13:17 By Eduard Kovacs CrowdStrike has fixed a critical LogScale vulnerability, while Tenable addressed a high-severity Nessus flaw. The post Vulnerabilities Patched in CrowdStrike, Tenable Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Vulnerabilities Patched in CrowdStrike, Tenable Products Read More »
The Week in Vulnerabilities: SharePoint, Fortinet, OpenClaw, and GPL Odorizers 2026-04-24 at 05:54 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) weekly vulnerability report tracked 1,675 vulnerabilities, last week, reflecting continued high disclosure volume across enterprise software, cloud services, and emerging AI ecosystems. Of these, more than 205 vulnerabilities have publicly available Proof-of-Concept (PoC)
The Week in Vulnerabilities: SharePoint, Fortinet, OpenClaw, and GPL Odorizers Read More »
Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) 2026-04-23 at 14:17 By Zeljka Zorz Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain notifications marked for deletion. The vulnerability was patched following a recent report about the
Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) Read More »
Recent Microsoft Defender Vulnerability Exploited as Zero-Day 2026-04-23 at 12:17 By Ionut Arghire The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent Microsoft Defender Vulnerability Exploited as Zero-Day Read More »
Apple Patches iOS Flaw Allowing Recovery of Deleted Chats 2026-04-23 at 12:17 By Ionut Arghire Apple rolled out the security patches for dozens of iPhone and iPad models and generations. The post Apple Patches iOS Flaw Allowing Recovery of Deleted Chats appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Apple Patches iOS Flaw Allowing Recovery of Deleted Chats Read More »
Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit
Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »
Claude Mythos Finds 271 Firefox Vulnerabilities 2026-04-22 at 14:47 By Eduard Kovacs All the flaws could have also been found by an elite human researcher, according to Mozilla. The post Claude Mythos Finds 271 Firefox Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Claude Mythos Finds 271 Firefox Vulnerabilities Read More »
Google Antigravity in Crosshairs of Security Researchers, Cybercriminals 2026-04-22 at 13:47 By Eduard Kovacs Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware. The post Google Antigravity in Crosshairs of Security Researchers, Cybercriminals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Google Antigravity in Crosshairs of Security Researchers, Cybercriminals Read More »
Oracle Patches 450 Vulnerabilities With April 2026 CPU 2026-04-22 at 11:49 By Ionut Arghire The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws. The post Oracle Patches 450 Vulnerabilities With April 2026 CPU appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Oracle Patches 450 Vulnerabilities With April 2026 CPU Read More »
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking 2026-04-20 at 20:37 By Eduard Kovacs Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios. The post Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking Read More »
Threat Landscape March 2026: Ransomware Dominance, Access Brokers, Data Leaks, and Critical Exploitation Trends 2026-04-20 at 14:37 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) in its monthly threat landscape analysis observed a highly active threat environment throughout March 2026, shaped by large-scale ransomware campaigns, persistent data breach activity, growing initial access brokerage markets,
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers 2026-04-20 at 11:16 By Ionut Arghire In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed. The post Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Read More »
Recent Apache ActiveMQ Vulnerability Exploited in the Wild 2026-04-17 at 14:32 By Eduard Kovacs The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April. The post Recent Apache ActiveMQ Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent Apache ActiveMQ Vulnerability Exploited in the Wild Read More »
Cursor AI Vulnerability Exposed Developer Devices 2026-04-17 at 10:30 By Ionut Arghire An indirect prompt injection could be chained with a sandbox bypass and Cursor’s remote tunnel feature for shell access to machines. The post Cursor AI Vulnerability Exposed Developer Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Cursor AI Vulnerability Exposed Developer Devices Read More »
Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) 2026-04-16 at 18:37 By Zeljka Zorz Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk. About
Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) Read More »
The Week in Vulnerabilities: Azure AI, Spring AI, Fortinet, and Critical ICS Exposure 2026-04-16 at 15:04 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) in its weekly vulnerability report tracked 1,431 bugs last week. Of these, over 270 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly accelerating exploitation timelines and increasing real-world attack likelihood.
The Week in Vulnerabilities: Azure AI, Spring AI, Fortinet, and Critical ICS Exposure Read More »
Splunk Enterprise Update Patches Code Execution Vulnerability 2026-04-16 at 15:03 By Ionut Arghire The flaw allows low-privileged users to upload files to a temporary directory to achieve remote code execution. The post Splunk Enterprise Update Patches Code Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Splunk Enterprise Update Patches Code Execution Vulnerability Read More »
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest 2026-04-16 at 15:03 By Eduard Kovacs Researchers found more than 80 high-impact cloud and AI vulnerabilities during the event, which had a $5 million prize pool. The post Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest appeared first on
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest Read More »
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software 2026-04-16 at 15:03 By Ionut Arghire To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched. The post NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software appeared first on SecurityWeek. This article is
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Read More »