vulnerability

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk 2026-06-02 at 18:01 By Kevin Townsend A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations. The post Exclusive: How One Line of Code Put Billions of Microsoft Android […]

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk Read More »

Oracle WebLogic Vulnerability Exploited in the Wild

Oracle WebLogic Vulnerability Exploited in the Wild 2026-06-02 at 15:46 By Eduard Kovacs The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Oracle WebLogic Vulnerability Exploited in the Wild Read More »

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches 2026-06-02 at 15:25 By Ionut Arghire A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches Read More »

Google fixes actively exploited Android vulnerability (CVE-2025-48595)

Google fixes actively exploited Android vulnerability (CVE-2025-48595) 2026-06-02 at 15:17 By Zeljka Zorz Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-48595 is an integer overflow vulnerability in the Android

Google fixes actively exploited Android vulnerability (CVE-2025-48595) Read More »

Oracle’s First Monthly Patches Resolve 77 Vulnerabilities

Oracle’s First Monthly Patches Resolve 77 Vulnerabilities 2026-06-02 at 10:58 By Ionut Arghire Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Oracle’s First Monthly Patches Resolve 77 Vulnerabilities Read More »

Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs

Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs 2026-06-01 at 20:16 By Ionut Arghire Organizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation. The post Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs Read More »

Recent Palo Alto Networks Vulnerability Exploited for Weeks

Recent Palo Alto Networks Vulnerability Exploited for Weeks 2026-06-01 at 17:37 By Ionut Arghire Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure. The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent Palo Alto Networks Vulnerability Exploited for Weeks Read More »

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) 2026-06-01 at 17:17 By Zeljka Zorz CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon,

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) Read More »

Exploit Code Published for Critical Flowise RCE Vulnerability

Exploit Code Published for Critical Flowise RCE Vulnerability 2026-05-30 at 18:55 By Ionut Arghire The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek. This article is an excerpt from

Exploit Code Published for Critical Flowise RCE Vulnerability Read More »

New infostealer reaches enterprise devices through FortiClient EMS vulnerability

New infostealer reaches enterprise devices through FortiClient EMS vulnerability 2026-05-29 at 18:31 By Zeljka Zorz Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scripting workflows,” Arctic Wold

New infostealer reaches enterprise devices through FortiClient EMS vulnerability Read More »

Zapier exploit chain shows how known anti-patterns compose into critical risk

Zapier exploit chain shows how known anti-patterns compose into critical risk 2026-05-28 at 16:00 By Mirko Zorz A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in the

Zapier exploit chain shows how known anti-patterns compose into critical risk Read More »

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate 2026-05-27 at 17:30 By Eduard Kovacs Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek. This article is an

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate Read More »

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment 2026-05-26 at 17:32 By Ionut Arghire Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution. The post Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment Read More »

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) 2026-05-26 at 13:56 By Zeljka Zorz Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) Read More »

Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images

Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images 2026-05-26 at 13:56 By Mike Lennon DockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes. The post Open Source DockSec Uses AI to Cut Through Vulnerability Noise

Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images Read More »

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites 2026-05-25 at 16:59 By Eduard Kovacs Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack. The post Ghost CMS Vulnerability Exploited to Hack Over 700 Websites appeared first on SecurityWeek. This article is an excerpt

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites Read More »

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects 2026-05-25 at 13:58 By Eduard Kovacs Many findings have been confirmed to be critical or high-severity vulnerabilities and the number will continue to increase.  The post Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects appeared first on SecurityWeek. This article is an excerpt

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects Read More »

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains 2026-05-23 at 14:04 By Ionut Arghire The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek. This article is

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains Read More »

TrendAI Patches Apex One Zero-Day Exploited in the Wild

TrendAI Patches Apex One Zero-Day Exploited in the Wild 2026-05-22 at 11:53 By Eduard Kovacs CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

TrendAI Patches Apex One Zero-Day Exploited in the Wild Read More »

Scroll to Top