Adobe Reader Zero-Day Exploited for Months: Researcher 2026-04-09 at 12:00 By Eduard Kovacs Reputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability. The post Adobe Reader Zero-Day Exploited for Months: Researcher appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Adobe Reader Zero-Day Exploited for Months: Researcher Read More »
Data Leakage Vulnerability Patched in OpenSSL 2026-04-08 at 18:47 By Eduard Kovacs A total of seven vulnerabilities, most of which can be exploited for DoS attacks, have been patched in OpenSSL. The post Data Leakage Vulnerability Patched in OpenSSL appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Data Leakage Vulnerability Patched in OpenSSL Read More »
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years 2026-04-08 at 17:32 By Ionut Arghire The vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication. The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years Read More »
Anthropic’s new AI model finds and exploits zero-days across every major OS and browser 2026-04-08 at 08:12 By Anamarija Pogorelec Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now substantially narrower. Anthropic’s Claude Mythos Preview, a
Anthropic’s new AI model finds and exploits zero-days across every major OS and browser Read More »
Severe StrongBox Vulnerability Patched in Android 2026-04-07 at 20:31 By Eduard Kovacs A critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update. The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Severe StrongBox Vulnerability Patched in Android Read More »
Critical Flowise Vulnerability in Attacker Crosshairs 2026-04-07 at 18:34 By Ionut Arghire The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Flowise Vulnerability in Attacker Crosshairs Read More »
Fortinet Rushes Emergency Fixes for Exploited Zero-Day 2026-04-06 at 12:42 By Ionut Arghire The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely. The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fortinet Rushes Emergency Fixes for Exploited Zero-Day Read More »
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) 2026-04-03 at 17:52 By Zeljka Zorz Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco ICM riddled
TrueConf Zero-Day Exploited in Asian Government Attacks 2026-04-03 at 17:52 By Ionut Arghire A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads. The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
TrueConf Zero-Day Exploited in Asian Government Attacks Read More »
Critical ShareFile Flaws Lead to Unauthenticated RCE 2026-04-03 at 17:52 By Ionut Arghire The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical ShareFile Flaws Lead to Unauthenticated RCE Read More »
Critical Vulnerability in Claude Code Emerges Days After Source Leak 2026-04-02 at 21:45 By Kevin Townsend Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on
Critical Vulnerability in Claude Code Emerges Days After Source Leak Read More »
Cisco Patches Critical and High-Severity Vulnerabilities 2026-04-02 at 15:36 By Ionut Arghire The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation. The post Cisco Patches Critical and High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Cisco Patches Critical and High-Severity Vulnerabilities Read More »
The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure 2026-04-02 at 13:24 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,452 vulnerabilities last week, reflecting the continued expansion of the global attack surface. Of these, 222 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly accelerating the likelihood of exploitation in real-world environments. Additionally, multiple vulnerabilities surfaced across underground forums,
The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure Read More »
CrewAI Vulnerabilities Expose Devices to Hacking 2026-03-31 at 16:40 By Ionut Arghire Attackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code. The post CrewAI Vulnerabilities Expose Devices to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
CrewAI Vulnerabilities Expose Devices to Hacking Read More »
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs 2026-03-31 at 15:43 By Ionut Arghire Remotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years. The post StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs Read More »
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins 2026-03-31 at 15:43 By Ionut Arghire The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins Read More »
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise 2026-03-31 at 11:21 By Kevin Townsend Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens. The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise Read More »
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) 2026-03-30 at 15:37 By Zeljka Zorz A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyber, which helps organizations deploy honeypots/fake assets, and
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) Read More »
Exploitation of Fresh Citrix NetScaler Vulnerability Begins 2026-03-30 at 12:32 By Ionut Arghire The critical-severity flaw leaks application memory and can be exploited to obtain authenticated administrative session IDs. The post Exploitation of Fresh Citrix NetScaler Vulnerability Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Exploitation of Fresh Citrix NetScaler Vulnerability Begins Read More »
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild 2026-03-30 at 10:37 By Ionut Arghire Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue. The post F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild appeared first on SecurityWeek. This
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild Read More »