vulnerability

TrendAI Patches Apex One Zero-Day Exploited in the Wild

TrendAI Patches Apex One Zero-Day Exploited in the Wild 2026-05-22 at 11:53 By Eduard Kovacs CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View […]

TrendAI Patches Apex One Zero-Day Exploited in the Wild Read More »

Cisco Patches Critical Vulnerability in Secure Workload

Cisco Patches Critical Vulnerability in Secure Workload 2026-05-21 at 15:24 By Ionut Arghire Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Patches Critical Vulnerability in Secure Workload Read More »

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) 2026-05-21 at 14:22 By Zeljka Zorz Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) Read More »

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking 2026-05-21 at 14:22 By Eduard Kovacs CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking Read More »

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI 2026-05-21 at 13:14 By Eduard Kovacs More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI Read More »

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility 2026-05-21 at 11:40 By Kevin Townsend New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek. This article is

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility Read More »

Anthropic Silently Patches Claude Code Sandbox Bypass

Anthropic Silently Patches Claude Code Sandbox Bypass 2026-05-20 at 16:04 By Eduard Kovacs The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Claude Code Sandbox Bypass appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Anthropic Silently Patches Claude Code Sandbox Bypass Read More »

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation 2026-05-19 at 21:14 By Eduard Kovacs Drupal says attackers may develop an exploit for the vulnerability within hours or days. The post Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation Read More »

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover 2026-05-19 at 16:58 By Ionut Arghire The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB Vulnerability Can Lead to Server Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover Read More »

PoC Released for DirtyDecrypt Linux Kernel Vulnerability

PoC Released for DirtyDecrypt Linux Kernel Vulnerability 2026-05-19 at 12:47 By Ionut Arghire Patched in April, the underlying vulnerability allows local attackers to elevate their privileges to root. The post PoC Released for DirtyDecrypt Linux Kernel Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

PoC Released for DirtyDecrypt Linux Kernel Vulnerability Read More »

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking 2026-05-19 at 09:34 By Eduard Kovacs The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection.  The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking Read More »

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) 2026-05-18 at 16:32 By Zeljka Zorz A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) Read More »

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery 2026-05-18 at 15:48 By Ionut Arghire Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. The post ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery Read More »

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE 2026-05-18 at 13:58 By Ionut Arghire The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE Read More »

Exploitation of Critical NGINX Vulnerability Begins

Exploitation of Critical NGINX Vulnerability Begins 2026-05-18 at 10:34 By Ionut Arghire The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of Critical NGINX Vulnerability Begins Read More »

PoC Code Published for Critical NGINX Vulnerability

PoC Code Published for Critical NGINX Vulnerability 2026-05-16 at 14:43 By Ionut Arghire Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

PoC Code Published for Critical NGINX Vulnerability Read More »

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) 2026-05-15 at 14:32 By Zeljka Zorz A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) Read More »

Chrome 148 Update Patches Critical Vulnerabilities

Chrome 148 Update Patches Critical Vulnerabilities 2026-05-15 at 11:02 By Ionut Arghire The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 148 Update Patches Critical Vulnerabilities Read More »

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) 2026-05-14 at 17:34 By Zeljka Zorz Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) Read More »

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure 2026-05-14 at 12:48 By Ionut Arghire The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure Read More »

Scroll to Top